| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer mit Trojanern voll, Partition verschwunden, dunkler BildschirmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.02.2013, 00:25
| #1 |
 |  Computer mit Trojanern voll, Partition verschwunden, dunkler Bildschirm Hallo, ich glaube, ihr seid meine letzte Rettung. Vor einigen Wochen habe ich ein Malware-Problem selber behebne können (auch mit euren Hinweisen aus dem Board. Diees Mal ist das Problem viel größer: Vorab einige Infos: Mein Rechner hat das Betriebssystem VISTA (32 BIT). Seit Jahren läuft es immer störungsfrei (keine Trojaner etc.) Ich habe Antivir (Freeware) drauf, das immer wieder mal einen Virus entdeckte, der dann in Quarantäne verschoben wurde. Am Dienstag gab es dann den Ausfall. Vista lässt sich noch hochfahren, allerdings kommt dann ein schwarzer Bildschirm, alle Icons auf dem Desktop sind weg. Erst dachte ich, die Festplatte ist defekt und wollte eine Reparatur von CD starten. Es kam immer die Fehlermeldung, der entsprechende Ordner auf C: wurde nicht gefunden. Nach dem Start kam meldete ein komisches Programm viele Fehler auf der Festplatte, die nur behoben werden können, wenn man irgendein Programm kauft (Name habe ich leider vergessen). Habe dann Malware laufen lassen und Spybot 2. Dann waren die vielen Fenster, die immer nach dem Start aufgingen, weg. Gestern habe ich dann Emsisoft Anti-Maleware aufgespielt, um mich schon beim Eindringen der Trojaner zu schützen. Dieses Programm fand, ich glaube, 39 Trojaner u.ä., wovon die meisten als gefährlich eingestuft wurden. Die Quarantäneliste könnte ich hier hochladen, auch an das Protokoll von Malware käme ich noch heran. Ich hoffe, ihr habt eine Lösung für mich. Vielen Dank für Eure Hilfe. |
|
17.02.2013, 01:57
| #2 | |
| /// TB-Ausbilder   | Computer mit Trojanern voll, Partition verschwunden, dunkler Bildschirm Hi,
__________________Zitat:
Kannst du mir noch kurz schildern, wie denn die Lage auf deinem Rechner jetzt genau ist? Es sind die Icons vom Desktop verschwunden, aber sonst kannst du normal arbeiten? Oder blockiert immer noch etwas?
__________________ |
|
17.02.2013, 10:05
| #3 |
| | Computer mit Trojanern voll, Partition verschwunden, dunkler Bildschirm Hallo Leo,
__________________erst einmal vielen Dank, dass du mir helfen möchtest. Die Situation ist momentan folgende: Der Computer fährt hoch, Bildschirm ist schwarz, am Rand sind die Windows-Sidebar Icons. Unten in der Taskleiste kann man rechts einige Programme anwählen (kleine Icons), links kann man Start anwählen, zu sehen ist dann "Alle Programme" Die werden auch angezeigt, lassen sich fast alle öffnen (z.B. Windows defender funktioniert nicht, Windows update ist okay). Ich kann auch im Startmenü den Punkt "Computer" aufrufen, dort sehe ich, dass nicht alle Partitionen gelistet sind (D fehlt). Unter D: finde ich jetzt meinen Speicherstick als Wechseldatenträger gelistet. Bei meinem Ordner (der nach meinem Namen benannt ist), fehlen alle Dateien (Bilder, Dokumente etc.). Gestern zum Beispiel habe ich z.B. die Partition D: angezeigt bekommen, allerdings waren alle Dateien umbenannt worden in sinnlose Dateiennamen. Heute sehe ich gar nichts mehr. Der Computer läuft nicht ganz so flott wie vor dem Infizieren. Anbei die Quarantäneliste, ich glaube, das Programm Maleware ist von Emsisoft, ich habe jetzt eine Vollversion. Ich hoffe, dass es mit dem Hochladen klappt. Viele Grüße garfield2704 |
|
17.02.2013, 15:10
| #4 |
| /// TB-Ausbilder | Computer mit Trojanern voll, Partition verschwunden, dunkler Bildschirm Hi, da hast du dir ja ziemlich was eingefangen.. Versuch bitte mal das: Downloade bitte Grinler's unhide.exe auf deinem Desktop Starte das Tool mit Doppelklick. Wenn es fertig ist, wird eine Nachricht mit Done aufpoppen. Es wird auch ein Logfile Unhide.txt erstellen. Poste dieses bitte hier.
__________________ cheers, Leo |
|
17.02.2013, 18:52
| #5 |
| | Computer mit Trojanern voll, Partition verschwunden, dunkler Bildschirm Hallo Leo, habe alles so gemacht. Leider wurde auf dem Desktop, wie angekündigt, keine Text-Datei abgelegt. Habe das Programm nochmal laufen lassen und das Ergebnis als Word Datei speichern können (Siehe Anhang). Nachtrag. Lässt sich leider nicht hochladen, so nun als pdf-Datei gesendet) Die vorherigen Dateien sind jetzt wieder auf dem Desktop zu sehen, meine privaten Dateien sind auch wieder da (incl. Fotos). Das Einzige, was ich noch nicht sehe, ist Partition D, die wird als Wechseldatenträger (USB Stick) angesehen. Vorher war USB immer F: Der Bildschirm ist auch noch schwarz, links fehlen im Startmenü solche Dinge wie Explorer und mein Mailprogramm. Ich weiß jetzt auch wieder, welches Programm nach dem "Absturz" sich gemeldet hat. Es war System Repair, wollte Geld für eine angebliche Reparatur haben. Ein Icon von dem Programm habe ich jetzt auch in der Taskleiste. Viele Grüße Garfield2704 |
|
17.02.2013, 19:18
| #6 |
| /// TB-Ausbilder | Computer mit Trojanern voll, Partition verschwunden, dunkler Bildschirm Hi, was war denn Partition D: bei dir? Sind die Daten von dort jetzt gar nirgends mehr sichtbar? Mach mal noch das Folgende: (Logfiles bitte generell nicht anhängen, sondern deren Inhalt direkt innerhalb von Codetags posten: [code]Inhalt Logfile[/code].) Schritt 1 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 2 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ --> Computer mit Trojanern voll, Partition verschwunden, dunkler Bildschirm |
|
18.02.2013, 01:44
| #7 |
| | Computer mit Trojanern voll, Partition verschwunden, dunkler Bildschirm Hallo Leo, jetzt streikt mein Netbook, es ist wie verhext. Ist extrem langsam und hängt ständig. So probiere ich es jetzt vom PC aus. Den Explorer kann ich nicht starten, komme über Umwegen ins Internet (HP von Emsisoft). Ich weiß jetzt auch wieder, was D: war. Ich hatte eine externe Festplatte angeschlossen, die partitioniert war. Die Festplatte war ü´´ber einen Datenhafen angeschlossen, ich hatte sie gestern vom PC getrennt. Die Festplatte wird jetzt wieder erkannt, allerdings haben die Dateien nur Fragmente ("Kauderwelsch") als Namen. Die Partitionen sind auch nicht mehr da. Wie soll ich mich da verhalten? Muss ich die Programme noch mal laufen lassen?? Ansonsten erst einmal die Logfiles. GMER Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-17 22:44:13
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000055 WDC_WD50 rev.01.0 465,76GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\Bille\AppData\Local\Temp\uwloqpod.sys
---- System - GMER 2.1 ----
SSDT 90E10226 ZwCreateSection
SSDT 90E10230 ZwRequestWaitReplyPort
SSDT 90E1022B ZwSetContextThread
SSDT 90E10235 ZwSetSecurityObject
SSDT 90E1023A ZwSystemDebugControl
SSDT 90E101C7 ZwTerminateProcess
INT 0x51 ? 8545EC88
INT 0x52 ? 88B95C88
INT 0x92 ? 8545DC88
INT 0xA2 ? 8545EC88
INT 0xA3 ? 88B95C88
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 832C88D8 4 Bytes [26, 02, E1, 90] {ADD AH, CL; NOP }
.text ntkrnlpa.exe!KeSetEvent + 539 832C8BFC 4 Bytes [30, 02, E1, 90] {XOR [EDX], AL; LOOPZ 0xffffff94}
.text ntkrnlpa.exe!KeSetEvent + 56D 832C8C30 4 Bytes [2B, 02, E1, 90] {SUB EAX, [EDX]; LOOPZ 0xffffff94}
.text ntkrnlpa.exe!KeSetEvent + 5D1 832C8C94 4 Bytes [35, 02, E1, 90]
.text ntkrnlpa.exe!KeSetEvent + 619 832C8CDC 4 Bytes [3A, 02, E1, 90] {CMP AL, [EDX]; LOOPZ 0xffffff94}
.text ...
.text kdcom.dll!KdSendPacket 80402041 80 Bytes [0E, 83, C0, 02, 83, C2, 02, ...]
.text kdcom.dll!KdDebuggerInitialize0 + 6 80402092 4 Bytes [57, 33, C0, 33]
.text kdcom.dll!KdDebuggerInitialize0 + B 80402097 41 Bytes [6A, 62, 66, 89, 45, 98, 8D, ...]
.text kdcom.dll!KdDebuggerInitialize0 + 35 804020C1 34 Bytes [57, FF, 15, AC, 12, 40, 80, ...]
.text kdcom.dll!KdDebuggerInitialize0 + 58 804020E4 81 Bytes [2B, D6, 3B, 51, 14, 0F, 87, ...]
.text kdcom.dll!KdDebuggerInitialize0 + AA 80402136 41 Bytes [8B, C7, 2B, C6, 50, 8D, 85, ...]
.text kdcom.dll!KdRestore + 4 80402160 53 Bytes [5D, 08, BE, 1C, 13, 40, 80, ...]
.text kdcom.dll!KdRestore + 3A 80402196 98 Bytes [15, B0, 12, 40, 80, 59, 59, ...]
.text kdcom.dll!KdRestore + 9E 804021FA 60 Bytes [10, 46, 81, C7, AC, 00, 00, ...]
.text kdcom.dll!KdRestore + DB 80402237 11 Bytes [00, 6A, 64, 8D, 45, 98, 6A, ...]
.text kdcom.dll!KdRestore + E8 80402244 64 Bytes [00, 83, C4, 18, 33, C0, 85, ...]
.text ...
.text kdcom.dll!KdReceivePacket + 2D 8040231B 16 Bytes [00, 00, 83, 7D, F0, 14, 72, ...]
.text kdcom.dll!KdReceivePacket + 3E 8040232C 6 Bytes [00, 74, A9, 83, 7B, 04] {ADD [ECX+EBP*4-0x7d], DH; JNP 0xa}
.text kdcom.dll!KdReceivePacket + 45 80402333 8 Bytes [74, 73, 8B, 73, 10, 8B, 4D, ...] {JZ 0x75; MOV ESI, [EBX+0x10]; MOV ECX, [EBP+0x8]}
.text kdcom.dll!KdReceivePacket + 4E 8040233C 66 Bytes [3B, 03, F1, C7, 43, 04, 37, ...]
.text kdcom.dll!KdReceivePacket + 91 8040237F 79 Bytes CALL 80402084 \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation)
.text ...
.text kdcom.dll!KdSendPacket + 78 804025DE 25 Bytes [74, 69, 6E, 65, 00, 00, 8B, ...]
.text kdcom.dll!KdSendPacket + 92 804025F8 145 Bytes [5F, 02, 49, 6F, 52, 65, 67, ...]
.text kdcom.dll!KdSendPacket + 124 8040268A 51 Bytes [E7, 05, 52, 74, 6C, 49, 6D, ...]
.text kdcom.dll!KdSendPacket + 158 804026BE 14 Bytes [1F, 08, 5F, 73, 74, 72, 69, ...]
.text kdcom.dll!KdSendPacket + 167 804026CD 89 Bytes [78, 41, 6C, 6C, 6F, 63, 61, ...]
.text ...
? System32\Drivers\spqf.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8919641B 5 Bytes JMP 88B951D8
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E204000, 0x37D761, 0xE8000020]
---- User code sections - GMER 2.1 ----
[SIZE="4"] Code:
ATTFilter OTL logfile created on: 17.02.2013 22:59:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bille\Documents\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,33% Memory free 4,24 Gb Paging File | 2,12 Gb Available in Paging File | 50,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 236,31 Gb Total Space | 20,81 Gb Free Space | 8,81% Space Free | Partition Type: NTFS Drive D: | 3,73 Gb Total Space | 3,68 Gb Free Space | 98,65% Space Free | Partition Type: FAT32 Drive E: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Z: | 19,99 Gb Total Space | 9,42 Gb Free Space | 47,14% Space Free | Partition Type: FAT32 Computer Name: BILLE-PC | User Name: Bille | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.17 22:57:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bille\Documents\Desktop\OTL.exe PRC - [2013.02.16 15:14:21 | 003,089,320 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe PRC - [2013.02.16 15:14:20 | 003,365,288 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2guard.exe PRC - [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.20 15:09:00 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.08.08 20:48:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:11:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:11:22 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 18:11:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.02.16 12:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe PRC - [2011.01.26 23:55:54 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.01.26 23:55:24 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.10.18 14:37:35 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database_146bec2\bin\FABS.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007.04.13 18:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.01.26 23:11:58 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2008.10.22 11:50:44 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.02.16 15:14:21 | 003,089,320 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.20 15:09:00 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 18:11:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:11:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.16 12:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2011.01.26 23:55:24 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database_146bec2\bin\FABS.exe -- (Fabs) SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database_146bec2\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.04.13 18:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Stopped] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETFWDSL.SYS -- (NETFWDSL) DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.08 18:11:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:11:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.30 18:45:28 | 000,054,072 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2012.04.30 18:45:00 | 000,037,856 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2011.12.19 01:12:06 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2011.01.27 00:36:14 | 007,566,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.01.26 23:13:10 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.11.17 13:04:12 | 000,097,296 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2010.04.03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.11.19 13:32:02 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2008.01.08 08:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.12.10 14:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017unic.sys -- (s3017unic) DRV - [2007.12.10 14:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007.12.10 14:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mgmt.sys -- (s3017mgmt) DRV - [2007.12.10 14:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017nd5.sys -- (s3017nd5) DRV - [2007.12.10 14:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 14:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.12.10 14:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s3017bus.sys -- (s3017bus) DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.10.31 11:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.09.21 10:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.07.07 14:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.focus.de/ IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\SearchScopes,DefaultScope = {CDE97567-36EB-4070-AAE2-54FEF0C2AC45} IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\SearchScopes\{C311C248-D7DE-4619-BBA2-271264ECF7E9}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949 IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\SearchScopes\{CDE97567-36EB-4070-AAE2-54FEF0C2AC45}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Bille\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Windows\DOWNLO~1\NpFv522.dll () FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.01.14 12:40:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012.12.10 13:59:20 | 000,000,000 | ---D | M] [2011.04.21 21:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bille\AppData\Roaming\mozilla\Extensions [2009.12.20 23:30:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bille\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.21 21:40:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bille\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll () O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.) O2 - BHO: (YouTubeAnywhere) - {8015C430-448C-4003-A969-274F7F0F2D9C} - C:\Users\Bille\AppData\LocalLow\YouTubeAnywhere\IE\YouTubeAnywhere.dll (Diego Casorran) O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Programme\FileConverter_1.3\prxtbFilerror.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3778007921-2159278055-2083024639-1003..\Run: [Ukdukacai] C:\Users\Bille\AppData\Roaming\Nyvu\quysa.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office2010.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3DF6983D-D415-4AE5-8106-43987731DAA5} hxxp://shop.aldi-fotoservice-druck.de/shop/activex/aldi_nord_express_upload.cab (AldiActiveFormX Element) O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game12.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab (Reg Error: Key error.) O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} hxxp://download.flatcast.net/objects/NpFv522.dll (Flatcast Viewer 5.2) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A3DA5D-A255-433F-B7F2-AAFE2114A660}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07A61B71-A20C-4746-B4CF-C06B9B0AABE0}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk D:\ O32 - AutoRun File - [1998.10.03 14:11:18 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{404eed46-d57b-11dc-bf8c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{404eed46-d57b-11dc-bf8c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe -- [2007.11.15 21:13:32 | 000,143,480 | R--- | M] (MatchWare A/S) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.17 22:57:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bille\Documents\Desktop\OTL.exe [2013.02.16 20:50:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.16 20:50:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.16 20:50:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.16 20:50:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.16 20:50:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.16 20:50:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.16 20:50:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.16 20:50:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.16 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Penou [2013.02.16 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Nyvu [2013.02.16 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Ciuze [2013.02.16 15:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2013.02.16 14:15:43 | 002,048,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.16 14:15:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2013.02.16 14:15:13 | 003,602,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.16 14:15:13 | 003,550,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.16 09:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2013.02.16 09:13:34 | 000,000,000 | ---D | C] -- C:\Users\Bille\Documents\Anti-Malware [2013.02.14 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Xatah [2013.02.14 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Unfiho [2013.02.14 23:39:22 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Oqky [2013.02.11 20:45:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2013.02.11 14:28:29 | 000,000,000 | ---D | C] -- C:\Users\Bille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair [2013.02.09 20:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.02.09 20:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.02.09 20:54:32 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.02.09 20:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.02.03 18:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.03 18:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.02.22 01:38:14 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.17 22:57:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bille\Documents\Desktop\OTL.exe [2013.02.17 22:47:15 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.17 22:47:05 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013.02.17 22:47:04 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.17 22:47:03 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.17 22:47:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\UpdateDetector.job [2013.02.17 22:46:59 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.02.17 22:46:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.17 22:44:12 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.17 20:42:24 | 276,546,172 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.17 20:22:27 | 000,374,784 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\GMER_2.1.18952.exe [2013.02.17 09:50:14 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.17 09:50:14 | 000,604,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.17 09:50:14 | 000,130,700 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.17 09:50:14 | 000,107,800 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.16 20:58:51 | 000,585,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.16 15:07:50 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.02.11 21:07:57 | 000,001,447 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\System Repair.lnk [2013.02.11 14:32:00 | 000,000,160 | ---- | M] () -- C:\ProgramData\-WnoFQbjneGr [2013.02.11 14:32:00 | 000,000,152 | ---- | M] () -- C:\ProgramData\-WnoFQbjneG [2013.02.11 14:31:49 | 000,000,088 | ---- | M] () -- C:\ProgramData\WnoFQbjneG [2013.02.10 11:01:45 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.02.10 11:01:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.02.02 11:55:25 | 000,055,808 | ---- | M] () -- C:\Users\Bille\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.23 22:12:43 | 000,001,916 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\dhl-nachforschungsauftrag-national-01-2011.fdf [2013.01.20 21:13:20 | 000,835,876 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf [2013.01.20 20:49:41 | 000,056,438 | ---- | M] () -- C:\Users\Bille\Documents\Desktop\Päckchen.JPG [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.17 20:22:27 | 000,374,784 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\GMER_2.1.18952.exe [2013.02.17 16:08:36 | 276,546,172 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.16 15:07:50 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2013.02.11 14:28:29 | 000,001,447 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\System Repair.lnk [2013.02.11 11:34:56 | 000,000,160 | ---- | C] () -- C:\ProgramData\-WnoFQbjneGr [2013.02.11 11:34:56 | 000,000,152 | ---- | C] () -- C:\ProgramData\-WnoFQbjneG [2013.02.11 11:34:54 | 000,000,088 | ---- | C] () -- C:\ProgramData\WnoFQbjneG [2013.02.09 20:54:48 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.02.09 20:54:47 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.02.09 20:54:46 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.02.09 20:54:37 | 000,001,992 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.23 22:12:43 | 000,001,916 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\dhl-nachforschungsauftrag-national-01-2011.fdf [2013.01.20 21:13:19 | 000,835,876 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\dhl-nachforschungsauftrag-national-01-2011.pdf [2013.01.20 20:49:38 | 000,056,438 | ---- | C] () -- C:\Users\Bille\Documents\Desktop\Päckchen.JPG [2012.10.31 20:26:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.16 22:36:37 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2012.05.30 22:16:07 | 000,002,277 | ---- | C] () -- C:\Users\Bille\.recently-used.xbel [2012.02.09 20:04:53 | 000,000,569 | ---- | C] () -- C:\Windows\wiso.ini [2011.10.17 15:59:41 | 000,003,113 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.05.26 22:12:09 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.10 14:38:57 | 000,008,296 | ---- | C] () -- C:\Users\Bille\AppData\Local\d3d9caps.dat [2010.12.03 20:55:29 | 000,019,456 | ---- | C] () -- C:\Users\Bille\AppData\Local\WebpageIcons.db [2010.10.24 19:58:27 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.10.24 19:58:26 | 000,034,901 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.10.02 07:20:47 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.11.22 23:33:15 | 000,047,148 | ---- | C] () -- C:\Users\Bille\AppData\Roaming\mdbu.bin [2008.07.10 11:36:34 | 000,000,052 | ---- | C] () -- C:\Users\Bille\AppData\Roaming\Default.PLS [2008.04.01 12:58:16 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.05 21:53:19 | 000,055,808 | ---- | C] () -- C:\Users\Bille\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.04 23:16:10 | 000,007,962 | ---- | C] () -- C:\Users\Bille\AppData\Roaming\wklnhst.dat [2008.02.07 14:06:59 | 000,000,093 | ---- | C] () -- C:\Users\Bille\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.02.2013 22:59:01 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bille\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 33,33% Memory free
4,24 Gb Paging File | 2,12 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 236,31 Gb Total Space | 20,81 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
Drive D: | 3,73 Gb Total Space | 3,68 Gb Free Space | 98,65% Space Free | Partition Type: FAT32
Drive E: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Z: | 19,99 Gb Total Space | 9,42 Gb Free Space | 47,14% Space Free | Partition Type: FAT32
Computer Name: BILLE-PC | User Name: Bille | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0053CC02-9A68-C88E-6890-0A749DF9BD7B}" = CCC Help Thai
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{074A4BFC-19C2-4E5D-8397-2D1C64EED1BA}" = MAGIX Screenshare
"{0805B720-5CD0-143C-E569-149D546A92FA}" = CCC Help Chinese Traditional
"{08A159A1-84A8-4FA7-9319-A7F8D3DBB2BF}" = MAGIX Speed burnR (MSI)
"{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0FBAFFD8-BCBA-4631-97E8-433DE7D1D753}" = Garmin MapInstall
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{11B79EBE-12F0-7F67-028C-28763D04522C}" = CCC Help Polish
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19901F0F-3857-5E46-FF17-9B5653860B75}" = CCC Help Turkish
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1E6A4185-C2E8-1AB7-6C05-806C015FFE7E}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{219BB7DF-83BA-44C6-A362-D17981FBD285}" = GPS Information
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2747BEA4-A2E1-6513-7524-4DBBC7823E4A}" = CCC Help Chinese Standard
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28E30152-32C5-4152-8C87-6C638E695CEC}" = Steuer Update 15.09
"{2E443D29-FB41-07FB-21E9-852D477570BE}" = CCC Help English
"{307A2BE0-FC2A-5CFB-C948-058D62F4B39D}" = ccc-utility
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.550
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3776754C-4283-DF7D-F28A-0221CD5F07AE}" = CCC Help Russian
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AAFCB5F-5166-46EC-A521-E363C6950A94}" = Steuer Update 15.01
"{3B7458C7-3F03-4415-AC39-D51EDEACDCCC}" = Steuer 2007
"{3B91165A-8616-4C84-A5F3-897B395791F3}" = Show what you know 4
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{451D691A-D425-01D3-B1C7-0A3161878ECE}" = CCC Help Hungarian
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{47FDE7DF-E065-EBF3-5CA1-44BB75F05F6A}" = CCC Help Japanese
"{49E54A90-948C-D78B-CECE-9A7B380491F0}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A93AD88-E424-F6A3-5620-697FA89AAD14}" = CCC Help Korean
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{4C6B0067-4399-7F36-4C34-18D861D7662E}" = CCC Help French
"{4CF29999-1BB0-42B2-99BB-3A34507F9E3B}" = Steuer Update 15.01
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows
"{516EF56A-048B-4AED-9906-1366639ACEEE}" = Garmin BaseCamp
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{55DE01D1-9E39-292C-8DF8-9F753992D548}" = CCC Help Swedish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A4B0298-6C1A-E615-BE09-D65A63AAB2ED}" = Catalyst Control Center Graphics Previews Common
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{679DDC2F-290E-48E0-B6D3-6972A0A09554}" = Iminent
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{6800642C-2440-4B02-8F88-9F9E3F409E7B}" = Schulberichtsmanager 11
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A497FCE-53D2-8D70-C497-CD5585953F62}" = CCC Help Spanish
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7E05DB3E-6CDD-4116-962F-16BC3DE41A68}" = Steuer Update 14.01
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00
"{8C8E10C4-ACE6-424A-87E6-4B2C4A9607DC}" = MAGIX Fotos auf CD & DVD 10 Deluxe
"{8DAEAEA6-BCA4-450C-9219-A84C81D8E54D}" = PdfGrabber 4.0
"{8F25DADA-F618-4D78-8009-256F8110014A}" = Steuer Update 14.01
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_XWeb_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_XWeb_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0407-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (German)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_XWeb_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00D1-0407-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (German)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E13CA8F-3AB9-4acb-81E8-0660D07496D4}" = Canon MP750
"{A440AC73-43D1-D096-B7B8-051E4282F330}" = CCC Help Finnish
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982D950-FAB9-744E-41BE-285082FF86C2}" = CCC Help Italian
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B39A18D0-296E-2B41-4CCC-58AF0B772F8E}" = CCC Help Greek
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B754B683-E23C-4583-9312-50AD86836B42}" = Steuer Hilfesammlung
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{C6526EF6-214D-20CC-E8B8-2E79BFC0D11E}" = CCC Help Dutch
"{C82185E8-C27B-4EF4-2010-3333BC2C2B6D}" = Microsoft AutoRoute 2010
"{C9A19950-2341-4BA8-8CBD-E9DBF097D638}" = MAGIX Slideshow Maker 2
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CA212D9E-EDFB-B0D8-B1D5-05ED5838F6B7}" = ccc-core-static
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE207-0F90-402C-8CFA-2CB3D44CE689}" = Adobe Photoshop Lightroom 3.6
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D95A0957-F389-C180-9660-B48E41FD83D4}" = ATI Catalyst Install Manager
"{DE9069FA-EF9E-25CD-67E7-0242935CCD49}" = HydraVision
"{DEDE10BE-6C0D-6941-95EA-0822D8DE1C90}" = CCC Help Portuguese
"{E1D8FD24-8CC4-9038-0B15-ADBB922DA352}" = CCC Help Danish
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53A6BF7-F720-4354-9EFA-F8E5269B70A4}" = EasyHtml
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7725A3F-32F6-85C9-1EFA-92C482B35363}" = ATI AVIVO Codecs
"{FA5E8C25-6204-76B9-AB27-866D6A2131C5}" = Catalyst Control Center Localization All
"{FB45F14F-E6F9-796D-86A3-C096B5BEF842}" = CCC Help German
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE33F0E4-33DD-E7E9-78CB-507306FD0463}" = Catalyst Control Center InstallProxy
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Foto Service D" = ALDI Foto Service
"ALDI NORD Bestellsoftware" = ALDI NORD Bestellsoftware 4.12.2
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service D" = ALDI Nord Online Druck Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Ashampoo GetBack Photo_is1" = Ashampoo GetBack Photo v.1.0.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Beurteilungs-Manager_is1" = Beurteilungs-Manager - Deinstallation
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"dradio-Recorder_is1" = dradio-Recorder Version 3.01.6
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Encarta98D" = Microsoft Encarta 98 Enzyklopädie
"etope Lister_is1" = 1.36
"File Recover_is1" = File Recover 7.0
"FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar
"FileZilla Client" = FileZilla Client 3.1.5
"FKC22150706_is1" = fotokasten comfort
"Fotosizer" = Fotosizer 1.29
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"hotpot_is1" = HotPotatoes v 6.3.0.3
"IMBoosterARP" = Iminent
"IncrediMail" = IncrediMail 2.0
"InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"IrfanView" = IrfanView (remove only)
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Linotype FontExplorer X_is1" = Linotype FontExplorer X Public Beta
"MAGIX_MSI_Fotos_auf_CD_DVD_10_Dlx" = MAGIX Fotos auf CD & DVD 10 Deluxe
"MAGIX_MSI_Slideshow_Maker_2" = MAGIX Slideshow Maker 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MP Navigator 1.0" = Canon MP Navigator 1.0
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDFCreator Toolbar" = PDFCreator Toolbar
"PDF-to-Word 3.1 Demo" = PDF-to-Word 3.1 Demo
"PDFzuWord Professional_is1" = PDFzuWord Professional
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Picasa 3" = Picasa 3
"PL Notebook Kompakt" = PL NB Kompakt
"POP3Notify" = POP3Notify
"QueTek File Scavenger 3.2 (de)" = File Scavenger 3.2 (de)
"Radfahrprüfung2" = Radfahrprüfung2
"RAMRush_is1" = RAMRush 1.0.6.917
"RealPlayer 6.0" = RealPlayer
"Recover My Photos_is1" = Recover My Photos
"Recuva" = Recuva
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Schriftenbibliothek_is1" = Schriftenbibliothek
"Schulschriften Demoversion_is1" = Schulschriften
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Wise Data Recovery_is1" = Wise Data Recovery 3.14
"XWeb" = Microsoft Expression Web 2 Trial
"Zattoo4" = Zattoo4 4.0.5
"Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
"Zeugnismaster XP" = Zeugnismaster XP
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3778007921-2159278055-2083024639-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.02.2013 15:07:20 | Computer Name = Bille-PC | Source = System Restore | ID = 8209
Description =
Error - 14.02.2013 18:39:38 | Computer Name = Bille-PC | Source = ESENT | ID = 488
Description = WinMail (5388) WindowsMail0: Versuch, Datei "C:\Users\Bille\AppData\Local\Microsoft\Windows
Mail\WindowsMail.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff
verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 14.02.2013 18:39:38 | Computer Name = Bille-PC | Source = ESENT | ID = 217
Description = WinMail (5388) WindowsMail0: Fehler (-1032) während der Sicherung
einer Datenbank (Datei C:\Users\Bille\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore).
Die Datenbank kann nicht wiederhergestellt werden.
Error - 14.02.2013 18:39:38 | Computer Name = Bille-PC | Source = ESENT | ID = 215
Description = WinMail (5388) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 16.02.2013 09:01:56 | Computer Name = Bille-PC | Source = Avira Antivirus | ID = 4109
Description = Die Engine wurde verändert oder zerstört! Fehlercode: 0x9
Error - 16.02.2013 19:28:03 | Computer Name = Bille-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul SHELL32.dll, Version 6.0.6002.18646, Zeitstempel
0x4fd23a92, Ausnahmecode 0xc0000005, Fehleroffset 0x0003f2b0, Prozess-ID 0x250,
Anwendungsstartzeit 01ce0c8eb4bee9b6.
Error - 17.02.2013 08:02:12 | Computer Name = Bille-PC | Source = System Restore | ID = 8193
Description =
Error - 17.02.2013 08:02:12 | Computer Name = Bille-PC | Source = System Restore | ID = 8210
Description =
Error - 17.02.2013 15:52:56 | Computer Name = Bille-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GMER_2.1.18952.exe, Version 2.1.18952.0, Zeitstempel
0x511bf088, fehlerhaftes Modul GMER_2.1.18952.exe, Version 2.1.18952.0, Zeitstempel
0x511bf088, Ausnahmecode 0xc0000005, Fehleroffset 0x00012278, Prozess-ID 0x5e0,
Anwendungsstartzeit 01ce0d4810c84ed0.
Error - 17.02.2013 15:58:04 | Computer Name = Bille-PC | Source = Perflib | ID = 1010
Description =
[ Media Center Events ]
Error - 17.04.2008 15:23:16 | Computer Name = Bille-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 04.01.2012 16:52:40 | Computer Name = Bille-PC | Source = ehRecvr | ID = 4
Description =
[ OSession Events ]
Error - 09.11.2008 05:07:37 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.4518.1088. This session lasted 190
seconds with 0 seconds of active time. This session ended with a crash.
Error - 05.01.2009 18:50:23 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4528
seconds with 480 seconds of active time. This session ended with a crash.
Error - 29.04.2009 09:43:11 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 115
seconds with 0 seconds of active time. This session ended with a crash.
Error - 23.05.2009 12:05:51 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 1046
seconds with 0 seconds of active time. This session ended with a crash.
Error - 01.06.2009 10:00:09 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2535
seconds with 480 seconds of active time. This session ended with a crash.
Error - 16.09.2009 03:11:11 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 897
seconds with 0 seconds of active time. This session ended with a crash.
Error - 17.10.2009 06:38:02 | Computer Name = Bille-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10997
seconds with 1320 seconds of active time. This session ended with a crash.
[ Spybot - Search and Destroy Events ]
Error - 09.02.2013 18:28:37 | Computer Name = Bille-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 11.02.2013 15:35:21 | Computer Name = Bille-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 11.02.2013 17:50:03 | Computer Name = Bille-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 17.02.2013 17:47:14 | Computer Name = Bille-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker An OneNote 2010 senden nicht unter
dem Namen An OneNote 2010 senden freigeben. Fehler: 1753. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 17.02.2013 17:48:20 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17.02.2013 17:50:27 | Computer Name = Bille-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 17.02.2013 17:51:11 | Computer Name = Bille-PC | Source = WMPNetworkSvc | ID = 866293
Description =
< End of report >
Viele Grüße Garfield2704 |
|
18.02.2013, 14:57
| #8 | |
| /// TB-Ausbilder | Computer mit Trojanern voll, Partition verschwunden, dunkler Bildschirm Hallo, Zitat:
Schritt 1
Code:
ATTFilter %SYSTEMDRIVE%\*.lnk /s
Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
Textbox.
Linear-Darstellung
