Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
System Repair Virus

System Repair Virus


Log-Analyse und Auswertung: System Repair Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 19.03.2013, 22:38   #1
bullsei
 
System Repair Virus - Standard

System Repair Virus


Hi Leute,

mein Vater kam heute ganz aufgeregt zu mir weil er sich diesen System Repair Virus eingefangen hat.

Hab hier schon ein paar Threads zu diesem Thema gefunden.

Hab schon das OTL und das unhide Tool runtergeladen und beide ausgeführt.

Hier die Logfiles

OTL.TXT
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.03.2013 22:10:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 46,39% Memory free
5,50 Gb Paging File | 4,03 Gb Available in Paging File | 73,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 94,79 Gb Free Space | 63,64% Space Free | Partition Type: NTFS
Drive D: | 73,24 Gb Total Space | 22,42 Gb Free Space | 30,60% Space Free | Partition Type: NTFS
Drive E: | 75,79 Gb Total Space | 37,70 Gb Free Space | 49,74% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stefan\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
PRC - C:\Programme\Java\jre7\bin\jp2launcher.exe (Oracle Corporation)
PRC - C:\Programme\Java\jre7\bin\java.exe (Oracle Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Windows\KMService.exe ()
PRC - C:\Windows\System32\srvany.exe ()
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Buyond_GmbH\GloboFleet_CC_Plus\GloboFleet_CC_Plus.exe (Buyond GmbH)
PRC - C:\Programme\Garmin\Training Center\gStart.exe (GARMIN Corp.)
PRC - C:\Programme\1&1\SMS-Manager\SMSMngr.exe (1&1 Internet AG)
PRC - C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Programme\Java\jre7\bin\jp2native.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Stefan\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll ()
MOD - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\Programme\Buyond_GmbH\GloboFleet_CC_Plus\jpcsc.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (daohdigj) -- C:\Windows\System32\drivers\daohdigj.sys (Microsoft Corporation)
DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys ()
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc.              )
DRV - (cmudax) -- C:\Windows\System32\drivers\cmudax.sys (C-Media Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw/
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 81 4A 2F F7 29 CC 01  [binary data]
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\..\SearchScopes,DefaultScope = {79B9B53C-4B1C-46EA-9FCB-B3EA2D26FB48}
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\..\SearchScopes\{79B9B53C-4B1C-46EA-9FCB-B3EA2D26FB48}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 5B D6 0B 55 0B CC 01  [binary data]
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\..\SearchScopes,DefaultScope = {79B9B53C-4B1C-46EA-9FCB-B3EA2D26FB48}
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\..\SearchScopes\{79B9B53C-4B1C-46EA-9FCB-B3EA2D26FB48}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.bild.de"
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.4
FF - prefs.js..extensions.enabledAddons: verify-u_2@cybits.de:2.6
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.31 09:05:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.29 08:21:15 | 000,000,000 | ---D | M]
 
[2002.12.31 23:40:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2012.12.05 13:23:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\8fcowitw.default\extensions
[2012.11.30 12:53:05 | 000,000,000 | -H-D | M] (Garmin Communicator) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\8fcowitw.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.12.05 13:23:04 | 000,000,000 | -H-D | M] ([verify-U]-Add-on) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\8fcowitw.default\extensions\verify-u_2@cybits.de
[2012.06.16 21:22:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.20 09:49:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012.06.16 21:22:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.10.03 17:15:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 17:15:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.03 17:15:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.03 17:15:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.20 09:47:47 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.03 17:15:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.03 17:15:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.03 17:15:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000..\Run: [1&1 SMS-Manager] C:\Programme\1&1\SMS-Manager\SMSMngr.exe (1&1 Internet AG)
O4 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000..\Run: [gStart] C:\Programme\Garmin\Training Center\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001..\Run: [gStart] C:\Program Files\Garmin\gStart.exe File not found
O4 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk = C:\Programme\simplitec\simplicheck\simplicheck.exe (simplitec)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-4278606142-2215973275-1477266717-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70547488-6DA9-4A8E-95EF-E2CC30AC9BA6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.10.05 15:04:18 | 000,000,000 | -H-D | M] - E:\autoroute2010 -- [ NTFS ]
O33 - MountPoints2\{6d8aa521-8b90-11e0-9ed2-00161732a79c}\Shell - "" = AutoRun
O33 - MountPoints2\{6d8aa521-8b90-11e0-9ed2-00161732a79c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{7149bed5-1d0e-11d7-b88f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7149bed5-1d0e-11d7-b88f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe /auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.19 22:13:25 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Stefan\Desktop\unhide.exe
[2013.03.19 22:08:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL(1).exe
[2013.03.19 21:51:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.03.19 21:00:56 | 000,043,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\daohdigj.sys
[2013.03.19 20:45:00 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.03.19 20:44:59 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.03.19 20:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.03.19 20:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.03.19 20:26:27 | 000,000,000 | -H-D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
[2013.03.17 19:39:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.17 19:39:48 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.17 19:39:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.17 19:39:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.17 19:39:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.17 19:39:46 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.17 19:39:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.17 19:39:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.24 20:01:22 | 000,000,000 | -H-D | C] -- C:\Users\Stefan\Desktop\checkoutthankyou.php-Dateien
[2013.02.24 18:53:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C6D01A49-B2CA-434F-B8BC-593DA7A42050}
[2013.02.24 18:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TachoPlusFreeDriver
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 22:13:13 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Stefan\Desktop\unhide.exe
[2013.03.19 22:11:12 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.19 22:08:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL(1).exe
[2013.03.19 21:01:08 | 000,043,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\daohdigj.sys
[2013.03.19 20:45:01 | 000,002,248 | ---- | M] () -- C:\Users\Stefan\Desktop\SpyHunter.lnk
[2013.03.19 20:39:54 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 20:39:54 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 20:33:03 | 000,000,168 | -H-- | M] () -- C:\ProgramData\SyxlJvVkCVeuBSP
[2013.03.19 20:28:30 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-SyxlJvVkCVeuBSPr
[2013.03.19 20:28:30 | 000,000,176 | -H-- | M] () -- C:\ProgramData\-SyxlJvVkCVeuBSP
[2013.03.19 20:27:52 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.19 20:27:44 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\Start Service.job
[2013.03.19 20:27:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 20:27:25 | 2214,240,256 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.17 19:44:12 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2013.03.10 18:41:06 | 000,000,806 | ---- | M] () -- C:\Windows\wiso.ini
[2013.02.24 20:01:25 | 000,013,658 | -H-- | M] () -- C:\Users\Stefan\Desktop\checkoutthankyou.php.htm
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.19 20:45:01 | 000,002,248 | ---- | C] () -- C:\Users\Stefan\Desktop\SpyHunter.lnk
[2013.03.17 19:44:12 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2013.03.17 19:17:35 | 000,000,176 | -H-- | C] () -- C:\ProgramData\-SyxlJvVkCVeuBSPr
[2013.03.17 19:17:35 | 000,000,176 | -H-- | C] () -- C:\ProgramData\-SyxlJvVkCVeuBSP
[2013.03.17 19:17:34 | 000,000,168 | -H-- | C] () -- C:\ProgramData\SyxlJvVkCVeuBSP
[2013.02.24 20:01:22 | 000,013,658 | -H-- | C] () -- C:\Users\Stefan\Desktop\checkoutthankyou.php.htm
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.06.07 10:13:56 | 000,000,880 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2012.02.18 14:25:31 | 000,004,608 | -H-- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.06.05 18:35:08 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2011.06.05 18:35:08 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.06.01 17:40:07 | 000,000,204 | ---- | C] () -- C:\Windows\ulead32.ini
[2011.05.30 16:04:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.05.30 16:04:12 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.05.24 09:32:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.11 11:46:28 | 000,000,806 | ---- | C] () -- C:\Windows\wiso.ini
[2011.05.05 20:17:35 | 011,010,048 | -H-- | C] () -- C:\Users\Stefan\AppData\Roaming\Sandra.mdb
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1086 bytes -> C:\Windows\System32\drivers\daohdigj.sys:changelist

< End of report >
--- --- ---

[/CODE]


Extras.Txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.03.2013 22:10:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stefan\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 46,39% Memory free
5,50 Gb Paging File | 4,03 Gb Available in Paging File | 73,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 94,79 Gb Free Space | 63,64% Space Free | Partition Type: NTFS
Drive D: | 73,24 Gb Total Space | 22,42 Gb Free Space | 30,60% Space Free | Partition Type: NTFS
Drive E: | 75,79 Gb Total Space | 37,70 Gb Free Space | 49,74% Space Free | Partition Type: NTFS
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4278606142-2215973275-1477266717-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{37D7C759-9557-4CB5-9D64-BF66A34C4F9C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\rpcagentsrv.exe | 
"{CEF3E9C3-68DE-4F5A-A25C-5F75AD421D7D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0824A068-099E-4C58-B161-0495F7EB8129}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{1E972A18-9CE0-479E-A8B4-A81227BE08E9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{431C4A32-A230-4E37-ACC2-A1DBDEF43BF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{43E764A5-99A5-4A9C-8487-26DDF5662E04}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{53C50764-CC7B-4069-A6D1-B89BD118A175}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{5406371B-67F9-496D-ADD8-66DF1E11A31E}" = protocol=17 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 
"{8B492979-1087-4DBA-A3D6-7D06057088E4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B6049A46-EFCD-41F0-A497-6FE1F5485EB8}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{BAD39CD6-650F-4FC5-99B7-62E90A593205}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E29A424F-0503-4499-A99B-2B4E3AE097D4}" = protocol=6 | dir=in | app=c:\program files\fritz!\igd_finder.exe | 
"{F1FE3B88-3E72-461F-B97F-310F301E90E6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{35F662B5-2D65-459D-AA5F-DA69EAE5532F}C:\program files\fritz!\frifax32.exe" = protocol=6 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"TCP Query User{9861C49F-B5D3-43BD-B657-DFBA7E32F13A}C:\users\stefan\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
"TCP Query User{9D162DEA-AC91-46D7-9A6C-F85237351D92}C:\users\stefan\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\stefan\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"TCP Query User{CE99E0FF-987C-4C8B-8E59-0FBC278089FD}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{D8C75983-B8D7-4248-A761-33CED07690F8}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{EDF5FD0A-EAFA-429F-8CD1-386F34C42E93}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{1CF66576-BACC-45FB-8DF1-1341F8E76D17}C:\program files\fritz!\frifax32.exe" = protocol=17 | dir=in | app=c:\program files\fritz!\frifax32.exe | 
"UDP Query User{1E2B0ECF-B489-46DF-84EB-2A3322C8E248}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{78C37A50-8496-4C03-9027-3AD3E5D70479}C:\users\stefan\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\temp\_istmp1.dir\_ins5576._mp | 
"UDP Query User{B991DC75-AFC4-4A70-8BFB-E5F4EB1DC589}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"UDP Query User{C07CE990-A70F-49F9-ABD4-3F3B51F4328A}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{EC933113-659D-4D78-B33C-8B2CAB15A7DB}C:\users\stefan\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe" = protocol=17 | dir=in | app=c:\users\stefan\appdata\local\temp\_istmp1.dir\_istmp0.dir\igd_finder.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02359FE8-6BBF-407A-B7E1-39AA26C09525}" = MAGIX Foto Manager MX
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AEC15C1-6D21-468F-A29D-B3339C31CCCA}" = Garmin BaseCamp
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{81BF59B4-BCF3-40E5-9ED4-912442F72D23}" = GloboFleet CC Plus
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BA75B93A-AA3C-4B4F-B942-C078432E9A10}" = Tacho+Personal
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP2
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8550C86-A712-4219-AD4C-038C9FD1D149}" = Ulead PhotoImpact 11
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D8167CA8-236B-4334-B77D-F388F494EE18}" = SpyHunter
"{DB33E7CB-D489-4CE5-8FD4-9CCCB4188C2F}" = MAGIX Screenshare
"{EC3825A1-02C6-4A83-8CA4-3F97A25CD37B}" = simplitec simplicheck
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{FF118D79-F61B-4379-A059-5A3250324326}" = SCR3xxx Smart Card Reader
"1&1 SMS-Manager" = 1&1 SMS-Manager
"5513-1208-7298-9440" = JDownloader 0.9
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.70
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"EMDB_is1" = EMDB 1.63
"facemoods" = Facemoods Toolbar
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"Google Calendar Sync" = Google Calendar Sync
"GPL Ghostscript" = GPL Ghostscript
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"MAGIX_{02359FE8-6BBF-407A-B7E1-39AA26C09525}" = MAGIX Foto Manager MX
"MAGIX_{DB33E7CB-D489-4CE5-8FD4-9CCCB4188C2F}" = MAGIX Screenshare
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MyCamera" = Canon Utilities MyCamera
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Pixum Fotobuch" = Pixum Fotobuch
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TachoPlusFreeDriver" = TachoPlusFreeDriver
"VLC media player" = VLC media player 2.0.4
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.02.2013 10:14:43 | Computer Name = Stefan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 24.02.2013 12:14:35 | Computer Name = Stefan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.02.2013 12:14:35 | Computer Name = Stefan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2453
 
Error - 24.02.2013 12:14:35 | Computer Name = Stefan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2453
 
Error - 24.02.2013 12:14:37 | Computer Name = Stefan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.02.2013 12:14:37 | Computer Name = Stefan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4438
 
Error - 24.02.2013 12:14:37 | Computer Name = Stefan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4438
 
Error - 24.02.2013 12:14:39 | Computer Name = Stefan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 24.02.2013 12:14:39 | Computer Name = Stefan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6407
 
Error - 24.02.2013 12:14:39 | Computer Name = Stefan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6407
 
[ System Events ]
Error - 24.02.2013 13:53:27 | Computer Name = Stefan-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 02.03.2013 06:31:33 | Computer Name = Stefan-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 02.03.2013 06:31:33 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 02.03.2013 06:31:33 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 17.03.2013 08:16:49 | Computer Name = Stefan-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 17.03.2013 08:16:49 | Computer Name = Stefan-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 17.03.2013 08:16:50 | Computer Name = Stefan-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 17.03.2013 08:16:50 | Computer Name = Stefan-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 17.03.2013 08:16:51 | Computer Name = Stefan-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 17.03.2013 11:30:04 | Computer Name = Stefan-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
 
< End of report >
--- --- ---


Ich hätte ja schon fast die Lösungen der anderen ausgeführt, aber habs mich dann doch nicht getraut, da es ja hies dass das alles Spezifisch ist und man es nicht auf einen anderen PC übertragen kann die Fix Codes usw.
Haben auch schon auf diversen internetseiten diesen Spyhunter entdeckt und heruntergeladen aber nachdem er dann nach über einen Stunde mit dem Scannen fertig war wollte er kohle fürs entfernen haben :wall

Vielen Dank schon mal für die Hilfe

Alt 20.03.2013, 15:47   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
System Repair Virus - Standard

System Repair Virus


Hallo und

Zitat:
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
C:\Program Files\Microsoft Office\Office14
Es sieht leider stark danach aus, als hättest du ein illegales (gecracktes) Office 2010 installiert...

Sry aber bei illegaler Software gibt es hier nur noch Hilfe zur Datensicherung + Neuinstallation von Windows

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________

__________________
Alt 20.03.2013, 22:10   #3
bullsei
 
System Repair Virus - Standard

System Repair Virus


Hmm, okay dass wusste ich nicht, dass er so was drauf hat.

Habs aber mittlerweile denke ich hinbekommen.
Von daher kann der Thread denke ich mal geschlossen werden.
Trotzdem danke
__________________
Antwort

Themen zu System Repair Virus
adobe, autorun, bho, bonjour, defender, enigma, error, esgscanner.sys, firefox, flash player, format, google, helper, install.exe, installation, jdownloader, monitor.exe, mozilla, object, photoshop, plug-in, registry, rundll, scan, security, software, system, taskhost.exe, udp, virus, windows


« PC hängt sich ständig beim gaming auf! Verdacht auf Virus! | Verdacht auf Reste vom Gvu Trojaner »


Ähnliche Themen: System Repair Virus


  1. Trojaner System Repair auf Windows XP SP3 nicht zu entfernen
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (17)
  2. System repair wizard trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (13)
  3. system repair virus
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (35)
  4. Trojaner eingefangen? - System Repair brauche euren Rat
    Plagegeister aller Art und deren Bekämpfung - 07.03.2013 (16)
  5. Virus system repair
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (27)
  6. System repair Virus Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (23)
  7. Windows System Repair Virus
    Log-Analyse und Auswertung - 26.02.2013 (17)
  8. System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte!
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (19)
  9. Erst System Repair, dann BKA-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.11.2011 (8)
  10. System Repair Virus - gebannt?
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (4)
  11. Trojaner System Repair
    Log-Analyse und Auswertung - 02.08.2011 (22)
  12. Win 7 Repair Viren Programm Sata ports, nun Festplatte leer ohne system
    Alles rund um Windows - 31.07.2011 (13)
  13. System Repair
    Plagegeister aller Art und deren Bekämpfung - 24.07.2011 (60)
  14. System Repair entfernen
    Anleitungen, FAQs & Links - 21.07.2011 (2)
  15. System repair Virus
    Log-Analyse und Auswertung - 18.07.2011 (2)
  16. system repair virus
    Plagegeister aller Art und deren Bekämpfung - 16.07.2011 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema System Repair Virus - Hi Leute, mein Vater kam heute ganz aufgeregt zu mir weil er sich diesen System Repair Virus eingefangen hat. Hab hier schon ein paar Threads zu diesem Thema gefunden. Hab - System Repair Virus...
Archiv
Du betrachtest: System Repair Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129