Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ihavenet Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.01.2013, 22:40   #1
nooby_joshi
 
Ihavenet Virus - Frage

Ihavenet Virus



Hallo,

Ich denke, dass der PC meiner Schwiegermutter den ihavenet-Virus hat. Fast jedes Mal wenn sie einen neuen Tab im Firefox öffnet wird sie auf ihavenet weitergeleitet. OTL und GMER Logfiles habe ich angehängt, und hoff ihr könnt mir helfen.
Danke, Joshi

OTL:

OTL logfile created on: 07.01.2013 21:59:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,87% Memory free
8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 94,60 Gb Free Space | 63,47% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 901,25 Gb Free Space | 96,75% Space Free | Partition Type: NTFS
Drive F: | 297,96 Gb Total Space | 252,19 Gb Free Space | 84,64% Space Free | Partition Type: NTFS

Computer Name: MONI-PC | User Name: Moni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.07 21:55:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2012.12.06 09:59:14 | 000,916,960 | ---- | M] (Mozilla Corporation) -- E:\Programme\Mozilla\Firefox\firefox.exe
PRC - [2012.12.06 09:59:14 | 000,016,864 | ---- | M] (Mozilla Corporation) -- E:\Programme\Mozilla\Firefox\plugin-container.exe
PRC - [2012.11.08 10:55:40 | 000,898,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.07.27 21:51:28 | 001,498,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.06 09:59:14 | 002,397,152 | ---- | M] () -- E:\Programme\Mozilla\Firefox\mozjs.dll
MOD - [2012.11.08 10:56:00 | 000,178,056 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.11.08 10:56:00 | 000,034,184 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.11.08 10:55:58 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.11.08 10:55:54 | 000,014,728 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.11.08 10:55:52 | 000,024,456 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.11.08 10:55:52 | 000,015,752 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.11.08 10:55:50 | 000,039,816 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2012.11.08 10:55:50 | 000,016,776 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.11.08 10:55:48 | 000,239,496 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.11.08 10:55:48 | 000,026,504 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.11.08 10:55:46 | 000,124,808 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.11.08 10:55:44 | 000,092,040 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2012.11.08 10:55:42 | 000,018,312 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.11.08 10:54:34 | 000,880,640 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.10.23 21:58:36 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2012.10.12 19:33:32 | 000,045,568 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
MOD - [2012.10.08 08:01:07 | 000,014,336 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
MOD - [2012.10.08 08:00:52 | 002,682,880 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
MOD - [2012.10.08 08:00:52 | 000,100,352 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
MOD - [2012.10.08 08:00:51 | 001,180,160 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU
MOD - [2012.10.08 08:00:51 | 000,316,416 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU
MOD - [2012.10.08 08:00:50 | 001,319,424 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU
MOD - [2012.10.08 08:00:22 | 009,388,544 | ---- | M] () -- C:\Users\Moni\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
MOD - [2012.07.27 21:51:40 | 000,056,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
MOD - [2012.07.27 21:51:28 | 000,249,272 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.12 10:03:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.23 22:02:00 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Programme\Microsoft Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.08.30 20:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.28 16:05:00 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- E:\Programme\TuneUp Utilities\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.07.16 16:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- E:\Programme\Samsung PC Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2011.11.24 14:34:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- E:\Programme\TuneUp Utilities\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.02.24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AA 7E 56 4E A5 A4 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: E:\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: E:\Programme\Mozilla\Firefox\components [2012.12.06 09:59:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: E:\Programme\Mozilla\Firefox\components [2012.12.06 09:59:14 | 000,000,000 | ---D | M]

[2012.10.07 17:03:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moni\AppData\Roaming\mozilla\Extensions
[2012.11.24 18:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moni\AppData\Roaming\mozilla\Firefox\Profiles\4wnao9by.default\extensions
[2012.11.24 18:46:16 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Moni\AppData\Roaming\mozilla\firefox\profiles\4wnao9by.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programme\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BCSSync] E:\Programme\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKCU..\Run: [YKUNONL] C:\Users\Moni\AppData\Roaming\dispexr.dll ()
O4 - Startup: C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = E:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Programme\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - E:\Programme\Microsoft Office 2010\Office14\EXCEL.EXE (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED45E8FD-7C0F-42DE-AB19-F45B41255487}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programme\Microsoft Office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.05 20:58:55 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Roaming\NVIDIA
[2013.01.05 20:58:53 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Local\Daedalic Entertainment
[2013.01.05 20:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
[2013.01.05 20:45:35 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2013.01.05 20:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2013.01.05 20:44:51 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2013.01.05 20:44:51 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2013.01.05 17:59:35 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\puls
[2013.01.05 17:57:51 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\1
[2013.01.05 12:25:15 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\michi classigcs
[2012.12.18 15:39:15 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Local\Kobo
[2012.12.18 15:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kobo
[2012.12.18 15:39:05 | 000,000,000 | ---D | C] -- C:\Windows\tmp
[2012.12.18 15:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kobo
[2012.12.17 11:31:48 | 000,000,000 | ---D | C] -- C:\probe
[2012.12.16 13:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
[2012.12.16 13:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2012.12.16 13:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.12.15 16:23:30 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\Volbeat Musik Stick
[2012.12.15 16:22:20 | 000,000,000 | ---D | C] -- C:\Users\Moni\Desktop\F1stick
[2012.12.11 18:53:40 | 000,000,000 | ---D | C] -- C:\Users\Moni\AppData\Roaming\Skype
[2012.12.11 18:53:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.11 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.11 18:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.11 18:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2013.01.07 21:55:42 | 000,000,000 | ---- | M] () -- C:\Users\Moni\defogger_reenable
[2013.01.07 21:40:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.07 21:37:18 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 21:37:18 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 21:35:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.07 21:35:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.07 21:35:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.07 21:35:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.07 21:35:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.07 21:33:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.07 21:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.07 11:37:25 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.07 11:37:09 | 3220,774,912 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.05 21:07:09 | 000,000,716 | ---- | M] () -- C:\Users\Public\Desktop\Deponia.lnk
[2013.01.05 20:53:40 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\Chaos auf Deponia.lnk
[2013.01.05 20:45:35 | 000,000,624 | ---- | M] () -- C:\Users\Moni\Desktop\MagicDisc.lnk
[2013.01.05 20:45:35 | 000,000,624 | ---- | M] () -- C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2013.01.04 14:18:19 | 000,338,832 | ---- | M] () -- C:\Users\Moni\Documents\Scan firma.pdf
[2013.01.04 14:17:06 | 000,298,630 | ---- | M] () -- C:\Users\Moni\Documents\Scan firma rück..pdf
[2012.12.28 17:03:39 | 000,462,747 | ---- | M] () -- C:\Users\Moni\Documents\zeugnis 2011.jpg
[2012.12.22 10:23:25 | 000,340,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.20 17:30:07 | 000,269,830 | ---- | M] () -- C:\Users\Moni\Documents\impfung.jpg
[2012.12.19 10:55:34 | 000,382,720 | ---- | M] () -- C:\Users\Moni\Documents\krankenschein.jpg
[2012.12.18 16:39:24 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012.12.16 13:52:53 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk
[2012.12.11 18:53:34 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2013.01.07 21:55:42 | 000,000,000 | ---- | C] () -- C:\Users\Moni\defogger_reenable
[2013.01.05 21:07:09 | 000,000,716 | ---- | C] () -- C:\Users\Public\Desktop\Deponia.lnk
[2013.01.05 20:53:40 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\Chaos auf Deponia.lnk
[2013.01.05 20:45:35 | 000,000,624 | ---- | C] () -- C:\Users\Moni\Desktop\MagicDisc.lnk
[2013.01.05 20:45:35 | 000,000,624 | ---- | C] () -- C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2013.01.04 14:18:19 | 000,338,832 | ---- | C] () -- C:\Users\Moni\Documents\Scan firma.pdf
[2013.01.04 14:17:06 | 000,298,630 | ---- | C] () -- C:\Users\Moni\Documents\Scan firma rück..pdf
[2012.12.28 17:03:39 | 000,462,747 | ---- | C] () -- C:\Users\Moni\Documents\zeugnis 2011.jpg
[2012.12.20 17:30:07 | 000,269,830 | ---- | C] () -- C:\Users\Moni\Documents\impfung.jpg
[2012.12.19 10:55:34 | 000,382,720 | ---- | C] () -- C:\Users\Moni\Documents\krankenschein.jpg
[2012.12.18 15:39:08 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Kobo.lnk
[2012.12.11 18:53:34 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.07 15:10:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.11.20 11:05:32 | 000,126,976 | RHS- | C] () -- C:\Users\Moni\AppData\Roaming\dispexr.dll
[2012.10.09 10:33:32 | 000,212,502 | ---- | C] () -- C:\Users\Moni\salge152.zip

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.10.07 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Moni\AppData\Roaming\TuneUp Software
[2012.10.17 14:41:05 | 000,000,000 | ---D | M] -- C:\Users\Moni\AppData\Roaming\Ubisoft

========== Purity Check ==========



< End of report >

Extras:

OTL Extras logfile created on: 07.01.2013 21:59:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 61,87% Memory free
8,00 Gb Paging File | 6,38 Gb Available in Paging File | 79,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 94,60 Gb Free Space | 63,47% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 901,25 Gb Free Space | 96,75% Space Free | Partition Type: NTFS
Drive F: | 297,96 Gb Total Space | 252,19 Gb Free Space | 84,64% Space Free | Partition Type: NTFS

Computer Name: MONI-PC | User Name: Moni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Programme\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Programme\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "E:\Programme\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Programme\Microsoft Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0388881F-3931-4E31-BEB8-A45ACF1C0712}" = protocol=17 | dir=in | app=e:\programme\samsung pc manager\wiselinkpro.exe |
"{0F52E777-5D5D-4939-8A7C-7E6E5E5B3D21}" = protocol=6 | dir=in | app=d:\installer\hpbcsiinstaller.exe |
"{1319E1B2-1710-47B8-9E2B-A2186E64C141}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{1AA0C492-9ADB-4782-BC5E-241FB706D75F}" = protocol=17 | dir=in | app=e:\programme\samsung pc manager\http_ss_win_pro.exe |
"{20BF3430-FA09-42AE-98E1-C7114051B429}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{21C33F26-8954-4301-A777-D81AD0C54638}" = protocol=17 | dir=in | app=d:\installer\hpbcsiinstaller.exe |
"{29EDDE1E-E3CE-401C-98E4-237CD96C8D99}" = protocol=6 | dir=in | app=e:\programme\microsoft office 2010\office14\groove.exe |
"{321CFBDE-B084-4FBE-BFB7-2CA66E7C88EA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{356AD5FB-F365-4734-819A-F1A54F28C09F}" = protocol=17 | dir=in | app=e:\programme\microsoft office 2010\office14\groove.exe |
"{6ACCA12A-45CF-4083-9C8F-C8D5036C2EC6}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\autopatcher.exe |
"{6B9DE85B-1682-4911-BC16-B87E5DE25CDA}" = protocol=6 | dir=in | app=c:\program files (x86)\hp\csiinstaller\5c069542-ca13-4f1b-b90c-28c6430f4992\installer\hpbcsiinstaller.exe |
"{6CC71CD0-7F8F-41F8-8273-A8AA87781ACF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{70FC4FB4-292C-4E02-8E3B-DA28A99BD7FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\initengine.exe |
"{765D5085-1832-4CE4-A05A-6720414D8F15}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 2070\anno5.exe |
"{78BAFCC6-BA49-4A7C-978E-3A37ECBBAB67}" = protocol=17 | dir=in | app=e:\programme\samsung pc manager\http_ss_win_pro.exe |
"{7ED62FCC-2462-4C38-845B-5788BD1816B0}" = protocol=6 | dir=in | app=e:\programme\samsung pc manager\http_ss_win_pro.exe |
"{808A525A-AA42-4CFA-AF30-40D7B49CA9F7}" = protocol=6 | dir=in | app=e:\programme\samsung pc manager\wiselinkpro.exe |
"{84F1DE5D-2850-4941-81F1-76A29E64E960}" = protocol=17 | dir=in | app=e:\programme\samsung pc manager\wiselinkpro.exe |
"{8DE6B988-F66D-4522-BBC0-AFF3BBE8814D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{921C8992-37A0-4585-8E29-E0A09897C2CA}" = protocol=17 | dir=in | app=c:\program files (x86)\hp\csiinstaller\5c069542-ca13-4f1b-b90c-28c6430f4992\installer\hpbcsiinstaller.exe |
"{9289D3E1-8FC2-430B-BEEE-21117506B99B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B5D5B60A-E739-4AC7-B549-58FED1184577}" = protocol=6 | dir=in | app=e:\programme\samsung pc manager\http_ss_win_pro.exe |
"{B945DE95-C0A0-451D-A97A-D6C91B0CE540}" = protocol=6 | dir=in | app=e:\programme\samsung pc manager\wiselinkpro.exe |
"{D0220ED0-85BE-44FF-A457-03D798B8AB43}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"TCP Query User{1292DC99-BF4B-4777-92B2-5173E88F8802}E:\programme\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=e:\programme\jdownloader\jre\bin\javaw.exe |
"UDP Query User{A6F6B395-5A3F-46AC-A752-18E590B37098}E:\programme\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=e:\programme\jdownloader\jre\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C069542-CA13-4f1b-B90C-28C6430F4992}" = HP LaserJet Professional CP1520 Series
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{BAE1CCA6-AB32-4D27-AE69-203436D54EC8}" = Reader for PC
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Deponia" = Deponia
"Deponia 2" = Chaos auf Deponia
"Digital Editions" = Adobe Digital Editions
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"Kobo" = Kobo
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29.12.2012 12:43:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 29.12.2012 12:43:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 30.12.2012 09:29:06 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 30.12.2012 09:29:06 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 30.12.2012 09:29:07 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.01.2013 08:20:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.01.2013 08:20:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.01.2013 08:20:18 | Computer Name = Moni-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL".
Die
abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 06.01.2013 08:18:13 | Computer Name = Moni-PC | Source = Software Protection Platform Service | ID = 8200
Description = Lizenzerwerb-Fehlerdetails. hr=0xC004C532

Error - 06.01.2013 08:18:13 | Computer Name = Moni-PC | Source = Software Protection Platform Service | ID = 8208
Description = Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C532)
für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.

[ System Events ]
Error - 25.11.2012 13:55:27 | Computer Name = Moni-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SAMSUNG AllShare Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error - 27.11.2012 04:52:40 | Computer Name = Moni-PC | Source = DCOM | ID = 10005
Description =

Error - 27.11.2012 04:52:40 | Computer Name = Moni-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 27.11.2012 04:52:40 | Computer Name = Moni-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069

Error - 05.12.2012 14:19:04 | Computer Name = Moni-PC | Source = DCOM | ID = 10010
Description =

Error - 05.12.2012 14:41:45 | Computer Name = Moni-PC | Source = DCOM | ID = 10010
Description =

Error - 22.12.2012 11:38:31 | Computer Name = Moni-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR5 gefunden.

Error - 07.01.2013 16:37:39 | Computer Name = Moni-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error - 07.01.2013 16:37:40 | Computer Name = Moni-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error - 07.01.2013 16:38:31 | Computer Name = Moni-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.


< End of report >

Gmer:

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-07 22:34:36
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1600AAJS-00PSA0 rev.05.06H05 149,05GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Moni\AppData\Local\Temp\kxldypod.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000746c1401 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000746c1419 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000746c1431 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000746c144a 2 bytes [6C, 74]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000746c14dd 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000746c14f5 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000746c150d 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000746c1525 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000746c153d 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000746c1555 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000746c156d 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000746c1585 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000746c159d 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000746c15b5 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000746c15cd 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000746c16b2 2 bytes [6C, 74]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[4024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000746c16bd 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExW + 17 00000000746c1401 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!EnumProcessModules + 17 00000000746c1419 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 17 00000000746c1431 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 42 00000000746c144a 2 bytes [6C, 74]
.text ... * 9
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!EnumDeviceDrivers + 17 00000000746c14dd 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameA + 17 00000000746c14f5 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSetEx + 17 00000000746c150d 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetDeviceDriverBaseNameW + 17 00000000746c1525 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameW + 17 00000000746c153d 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!EnumProcesses + 17 00000000746c1555 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetProcessMemoryInfo + 17 00000000746c156d 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetPerformanceInfo + 17 00000000746c1585 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!QueryWorkingSet + 17 00000000746c159d 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleBaseNameA + 17 00000000746c15b5 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetModuleFileNameExA + 17 00000000746c15cd 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 20 00000000746c16b2 2 bytes [6C, 74]
.text E:\Downloads\OTL.exe[2908] C:\Windows\syswow64\PSAPI.dll!GetProcessImageFileNameW + 31 00000000746c16bd 2 bytes [6C, 74]

---- Threads - GMER 2.0 ----

Thread C:\Windows\SysWOW64\rundll32.exe [2828:1936] 00000000001f0130
Thread C:\Windows\SysWOW64\rundll32.exe [2828:1924] 0000000000193a80
Thread C:\Windows\SysWOW64\rundll32.exe [2828:2556] 0000000000193a10
Thread C:\Windows\SysWOW64\rundll32.exe [2828:3520] 0000000000295cfe
Thread C:\Windows\SysWOW64\rundll32.exe [2828:3524] 0000000000292ea6
Thread C:\Windows\SysWOW64\rundll32.exe [2828:3528] 00000000002933de
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3904] 0000000070f4fee5
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2956] 0000000070f48f6c
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3652] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3656] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3624] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1020] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1916] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2748] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3680] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3308] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1624] 00000000049c91d7
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3504] 0000000076fd2e3e
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3116] 00000000049a9429
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1976] 00000000049a9516
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1864] 0000000073cd32fb
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3304] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3616] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3544] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:644] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2000] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3620] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3260] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3276] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2508] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1148] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3396] 00000000739e2733
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3736] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2460] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1956] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3868] 0000000076fd3e59
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1900] 0000000070a82f69
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2272] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3344] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1876] 000000007165a32a
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:1856] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:3244] 0000000073496f14
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2984] 0000000076fd3e59
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:4008] 000000007369c724
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:4012] 0000000076fd3e59
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:240] 0000000076fd3e59
Thread E:\Programme\Mozilla\Firefox\firefox.exe [892:2756] 0000000076fd7129
Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:3480] 0000000070f48f6c
Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:196] 0000000070a82f69
Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:1780] 0000000076fd3e59
Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:1944] 0000000076fd7129
Thread E:\Programme\Mozilla\Firefox\plugin-container.exe [2824:2620] 0000000076fd3e59
Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2960:3756] 0000000076fd2e3e
Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2976:3888] 0000000076fd2e3e
Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2976:3440] 000000006e78eca7
Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2976:3236] 000000007279345e
Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe [2976:3552] 0000000068a9e600
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4064] 000007fef10b0000

---- EOF - GMER 2.0 ----


Bitte um rasche Hilfe!

Alt 07.01.2013, 22:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihavenet Virus - Standard

Ihavenet Virus



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 08.01.2013, 09:00   #3
nooby_joshi
 
Ihavenet Virus - Standard

Ihavenet Virus



Nein habe sonst leider keine anderen Logfiles zur Verfügung.
__________________

Alt 08.01.2013, 20:03   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ihavenet Virus - Standard

Ihavenet Virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Ihavenet Virus
7-zip, adobe, autorun, bho, browser, error, explorer, fehler, firefox, flash player, format, install.exe, jdownloader, mozilla, musik, nvidia, nvidia update, realtek, registry, rundll, scan, software, svchost.exe, temp, udp, virus, windows, öffnet



Ähnliche Themen: Ihavenet Virus


  1. Ihavenet - Virus
    Log-Analyse und Auswertung - 17.11.2013 (6)
  2. ihavenet virus
    Log-Analyse und Auswertung - 09.10.2013 (28)
  3. ihavenet-Virus
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (11)
  4. 2x | Ihavenet - Virus
    Mülltonne - 30.09.2013 (1)
  5. IHAVENET-virus??
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (12)
  6. ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (11)
  7. Ihavenet.com Virus
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (30)
  8. Ihavenet Virus
    Plagegeister aller Art und deren Bekämpfung - 12.12.2012 (13)
  9. ihavenet virus
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (3)
  10. ihavenet Virus
    Log-Analyse und Auswertung - 01.12.2012 (13)
  11. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
  12. ihavenet - Virus
    Log-Analyse und Auswertung - 03.11.2012 (20)
  13. ihavenet.com virus auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (5)
  14. ihavenet virus
    Log-Analyse und Auswertung - 07.10.2012 (1)
  15. ihavenet- virus
    Plagegeister aller Art und deren Bekämpfung - 17.09.2012 (13)
  16. Ihavenet.com Virus
    Log-Analyse und Auswertung - 13.09.2012 (12)
  17. ihavenet-virus.. help
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (3)

Zum Thema Ihavenet Virus - Hallo, Ich denke, dass der PC meiner Schwiegermutter den ihavenet-Virus hat. Fast jedes Mal wenn sie einen neuen Tab im Firefox öffnet wird sie auf ihavenet weitergeleitet. OTL und GMER - Ihavenet Virus...
Archiv
Du betrachtest: Ihavenet Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.