| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - Windows 7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
31.05.2013, 20:25
| #1 |
 |  GVU Trojaner - Windows 7 Hallo zusammen, ich habe heute im Laufe des Tages bereits das Forum hier durchstöbert und hoffe nun erstmal alles richtig darzustellen und natürlich auf Hilfe. Heute morgen hat meine Frau auf der Arbeit angerufen und von dem GVU Trojaner berichtet. Ich hab diesen dann gegoogelt und bin auf diese Seite aufmerksam geworden. Habe dann vorhin selber den Trojaner bestaunen können wusste aber das ich nen 2. PC brauche, den ich nicht habe. Habe aber nun Zugang über meinen befallenen PC bekommen (Ins Bootmenu und hier gabs 2 Varianten 1. CD, die ich nicht habe und hab dann einfach die 2. genommen...irgendwas mit Hitachi...) Hat jedenfalls geklappt. Hab mir sicherheitshalber direkt die OTLPENet-Datei gebrannt und OTL ausgeführt. Anbei die Logs: Ich wusste nur nicht, wie ich diese in die Code-Kästchen eingebaut bekomme. Hoffe es geht so. OTL Extras logfile created on: 31.05.2013 20:57:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,95% Memory free 3,93 Gb Paging File | 2,47 Gb Available in Paging File | 62,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,50 Gb Total Space | 93,37 Gb Free Space | 65,99% Space Free | Partition Type: NTFS Drive D: | 141,50 Gb Total Space | 25,85 Gb Free Space | 18,27% Space Free | Partition Type: NTFS Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 1,88 Gb Total Space | 1,76 Gb Free Space | 93,65% Space Free | Partition Type: FAT Computer Name: DIRKBREHME-PC | User Name: Dirk Brehme | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-575885078-3427260032-230283692-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1286C8D9-93C5-4233-80A9-23D2DDCB7894}" = lport=2869 | protocol=6 | dir=in | app=system | "{12E5E978-8CE9-4A75-B240-15CC905EDD6E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{1DD172AC-5A41-4F32-824F-CF6B70A71E3A}" = rport=445 | protocol=6 | dir=out | app=system | "{1F8A0E6A-D76F-402B-8419-F7CD9E7EC607}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2358DD10-9B43-4A14-A81B-AB0B60A10D62}" = lport=138 | protocol=17 | dir=in | app=system | "{264DE863-F751-4687-A146-C63686D3B4A5}" = rport=139 | protocol=6 | dir=out | app=system | "{2CE3A450-0C9F-4CBD-9454-0646EBE2691E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{31985234-C4B3-4958-B3BC-DFBF7A82A9F6}" = lport=2869 | protocol=6 | dir=in | app=system | "{31E4E205-4450-40F7-AC7A-A4D808692214}" = rport=138 | protocol=17 | dir=out | app=system | "{329BB486-2797-4126-B411-5A49FEE5A6A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{34A81B13-EB02-4841-B729-FF1C49772505}" = lport=10243 | protocol=6 | dir=in | app=system | "{4076E8F8-5CC6-4AE7-95D7-D9E56F4C95BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{45039FAD-4670-4CF6-9725-D19AB440F391}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{4848FABF-632F-4F7D-86C5-D43E3135AEE6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{591F25B1-01D8-4C5E-8DDD-564652F0706E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{72510CB5-FA79-4C5C-9D93-F3F24FBF7EA0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{77623096-86EB-4DC7-BFD5-71D78933A815}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7F56C436-B365-4D5A-855C-BDF5B9D7ED9F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{88850551-368C-486C-955A-12E421C3C85E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9335CE1B-C089-47F2-AB27-E72F71195D78}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9BED2038-9EB3-43D1-BB1D-3BFD07DC229A}" = lport=139 | protocol=6 | dir=in | app=system | "{9C0F0E90-5D95-47BA-8C56-7362562CED79}" = rport=137 | protocol=17 | dir=out | app=system | "{A5E2B8C6-2411-4C69-98F2-C5268237977C}" = lport=445 | protocol=6 | dir=in | app=system | "{AF29415C-C3AF-4DBA-A9F4-C3632306959C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B8953063-83A4-4E28-A6D9-35724FED14B6}" = lport=137 | protocol=17 | dir=in | app=system | "{BD88D79F-B23C-4A06-B3B0-8686F634CCFF}" = rport=10243 | protocol=6 | dir=out | app=system | "{C7AC6BC5-EC37-411F-A8F6-1ED5728E6A0B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{C857E118-75A7-4468-B041-0C88E9F40DC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CF248A4F-9EFB-4293-A065-977A3942B3E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D0A28B0D-9249-4A80-9FC8-917289E8F0A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F324A35C-051B-4EB9-AAE3-5B48091869E9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{F48D74DC-A345-4F7D-A9A1-8BA3EC32524C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{135733BE-36BF-4758-BA83-3DB0A288029C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1EC8688C-9735-4E6D-8CBF-1CBD5FD66896}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{26AF9C6F-77F5-4E83-98A5-A9FEFC5A3D1F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{292BB5D7-7E5F-4D83-99C3-251E1D725567}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{47D1EBD6-1AA0-478C-986D-BACCB276C523}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{482253F7-DA41-44D6-8477-8927A01E1F09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4CF75041-C173-492D-8720-F7E601DA86AB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{50EBD800-70D3-4C7C-B1C9-DC604643855C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5C972F3B-7EE4-4430-AFC9-9E362544ECA6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{63E7DA0F-C50E-44F3-B40A-0F9017B555D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{680E9D0A-EAAE-4AA4-B1CD-782673B7DFC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C2AF301-1746-4121-B783-7C5040257DB9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6C5D4FC0-581C-449B-954C-4C5526D55B01}" = protocol=6 | dir=out | app=system | "{7D7DF823-913B-4E7F-9FD2-A7C8DD470D52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{830179FB-BD7A-41DA-B054-613CFDCB5FAD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8A558660-4A29-4A9D-B679-C5D3D2C84EBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8ED3496E-CFF4-4D1F-99AE-2C2E0C1F7187}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{95232F22-DCBC-42CF-8C1B-8F652AA62D3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A85E40E8-5C56-42CD-A3A0-DC5E9B2FC37C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B1B3B827-4AE4-4B34-831B-AF31859E4DD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B4DC99A5-92E7-4522-BAB8-5FA46AEB21B8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D6AD5CC1-00A0-4623-93D6-A618E3835C5B}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema\powercinema.exe | "{D8F2B0F3-47D0-4A50-B6FB-3A18BCD92C06}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E9D16878-55A3-4762-A9CB-8D5655C14183}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema movie\powercinemamovie.exe | "{F4779471-6243-4125-B5ED-1AC1C703CD9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F723EFBE-12CC-4669-B3EB-DBAB7C2C6637}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7451CCD-473D-4DEF-B479-3B98498ABFA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{57024F15-9376-400C-9D20-E47F5A7037DD}C:\users\dirk brehme\appdata\roaming\kyamdi\waat.exe" = protocol=6 | dir=in | app=c:\users\dirk brehme\appdata\roaming\kyamdi\waat.exe | "TCP Query User{D8B7F8E9-9D1E-4D1E-BFB8-F18A93FA5F12}C:\users\dirk brehme\appdata\roaming\kyamdi\waat.exe" = protocol=6 | dir=in | app=c:\users\dirk brehme\appdata\roaming\kyamdi\waat.exe | "UDP Query User{8996D72A-FE98-4FB3-941A-14378243C082}C:\users\dirk brehme\appdata\roaming\kyamdi\waat.exe" = protocol=17 | dir=in | app=c:\users\dirk brehme\appdata\roaming\kyamdi\waat.exe | "UDP Query User{BA25411D-045A-45D1-B16B-AAB563DB0D98}C:\users\dirk brehme\appdata\roaming\kyamdi\waat.exe" = protocol=17 | dir=in | app=c:\users\dirk brehme\appdata\roaming\kyamdi\waat.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A2862596-B7C3-4D7F-A227-40FEDDF1332B}" = WEB.DE Toolbar MSVC100 CRT x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "HDMI" = Intel(R) Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR 4.10 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012 "{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}" = TouchSettings "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials "{92F59AB3-8B11-4552-8F40-462270A8FD5E}" = PX5 Advanced Sound Editor "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI "{b2a29cba-5a96-4080-984e-664b7cb66ede}" = Nero 9 Essentials "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C652F86F-348A-4A65-8BE8-A3F7A6370D98}" = Packard Bell Touch Suite "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86 "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar FF" = WEB.DE Toolbar für Mozilla Firefox "1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Flash Player Pro_is1" = Flash Player Pro V5.4 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema "loadtbs-2.1" = loadtbs-2.1 "McAfee Security Scan" = McAfee Security Scan Plus "Metaboli" = Metaboli "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "Packard Bell InfoCentre" = Packard Bell InfoCentre "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Software Suite SE" = Packard Bell Software Suite SE "Packard Bell Welcome Center" = Welcome Center "TuneUp Utilities 2013" = TuneUp Utilities 2013 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.10 (32-Bit) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.05.2012 03:51:47 | Computer Name = DirkBrehme-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.05.2012 03:55:42 | Computer Name = DirkBrehme-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.05.2012 03:55:42 | Computer Name = DirkBrehme-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.05.2012 03:55:56 | Computer Name = DirkBrehme-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.05.2012 03:55:56 | Computer Name = DirkBrehme-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.05.2012 03:55:58 | Computer Name = DirkBrehme-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.05.2012 03:55:58 | Computer Name = DirkBrehme-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.05.2012 03:58:12 | Computer Name = DirkBrehme-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 10.05.2012 03:58:13 | Computer Name = DirkBrehme-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 12.05.2012 11:27:29 | Computer Name = DirkBrehme-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d Name des fehlerhaften Moduls: PriceGongIE.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4f6608ea Ausnahmecode: 0xc0000005 Fehleroffset: 0x6cb3ab4b ID des fehlerhaften Prozesses: 0x14a0 Startzeit der fehlerhaften Anwendung: 0x01cd3053b3726185 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: PriceGongIE.dll Berichtskennung: fbb0acdc-9c46-11e1-bfed-00269e48d491 [ System Events ] Error - 31.05.2013 07:27:58 | Computer Name = DirkBrehme-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?31.?05.?2013 um 13:24:54 unerwartet heruntergefahren. Error - 31.05.2013 07:28:41 | Computer Name = DirkBrehme-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv07 Error - 31.05.2013 12:57:01 | Computer Name = DirkBrehme-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?31.?05.?2013 um 13:41:53 unerwartet heruntergefahren. Error - 31.05.2013 12:57:20 | Computer Name = DirkBrehme-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv07 Error - 31.05.2013 13:01:24 | Computer Name = DirkBrehme-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv07 Error - 31.05.2013 13:10:41 | Computer Name = DirkBrehme-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv07 Error - 31.05.2013 14:24:39 | Computer Name = DirkBrehme-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?31.?05.?2013 um 20:21:32 unerwartet heruntergefahren. Error - 31.05.2013 14:24:48 | Computer Name = DirkBrehme-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv07 Error - 31.05.2013 14:31:14 | Computer Name = DirkBrehme-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv07 Error - 31.05.2013 14:32:38 | Computer Name = DirkBrehme-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: acedrv07 < End of report > __________ OTL logfile created on: 31.05.2013 20:57:12 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 45,95% Memory free 3,93 Gb Paging File | 2,47 Gb Available in Paging File | 62,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 141,50 Gb Total Space | 93,37 Gb Free Space | 65,99% Space Free | Partition Type: NTFS Drive D: | 141,50 Gb Total Space | 25,85 Gb Free Space | 18,27% Space Free | Partition Type: NTFS Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 1,88 Gb Total Space | 1,76 Gb Free Space | 93,65% Space Free | Partition Type: FAT Computer Name: DIRKBREHME-PC | User Name: Dirk Brehme | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\ProgramData\bProtectorForWindows\2.1.415.37\bProtect.exe (bProtector) PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results) PRC - C:\Users\Dirk Brehme\AppData\Roaming\Kyamdi\waat.exe () PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.) PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer) PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - c:\ProgramData\bProtectorForWindows\2.1.415.37\protector.dll () MOD - C:\Users\Dirk Brehme\AppData\Roaming\Kyamdi\waat.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (bProtector) -- C:\ProgramData\bProtectorForWindows\2.1.415.37\bProtect.exe (bProtector) SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe (Symantec Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys (Symantec Corporation) DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys (Symantec Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AF9035BDA) -- C:\Windows\SysNative\drivers\AF9035BDA.sys (AfaTech ) DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110816.030\IDSviA64.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=91D80CB5-A83A-435F-91E5-AFC7449130A0&psa=&ind=2012021919&st=sb&n=77ed049f&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\WWE12 IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=onetwo_m3700&r=273607101100p0337y105y48j1027n IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes,bProtectorDefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{04EC08BD-9AFB-40A5-B457-E5F290A48E02}: "URL" = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{157243D8-0508-4463-A67B-AF0123FC508B}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://blekko.com/ws/?source=017d87aa&tbp=rbox&toolbarid=blekkotb_020&u=20120430469146CF8D965C40F8A806E7&q={searchTerms} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE390 IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{7BACCF2B-4260-4D8D-B865-90E255E3789D}: "URL" = hxxp://go.web.de/tb/ie_amazon_sp/?field-keywords={searchTerms} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm049YYde&ptnrS=XPxdm049YYde&si=49647&ptb=91D80CB5-A83A-435F-91E5-AFC7449130A0&psa=&ind=2012021919&st=sb&n=77ed049f&searchfor={searchTerms} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{B3285770-9852-4413-A906-B9F23925BDDD}: "URL" = hxxp://go.web.de/tb2/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{B5733BB3-D919-407A-A2B5-54E3B435B720}: "URL" = hxxp://go.web.de/tb/ie_ebay_sp/?su={searchTerms} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{C6F14E0E-F819-4D76-B3F2-F74E0C67C8AC}: "URL" = hxxp://go.web.de/tb/ie_lastminute_sp/?searchText={searchTerms} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{CE51F858-4EA1-44E5-AA6A-468868D97F30}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\SearchScopes\{EBD07158-161E-40D5-9501-2B1F8B9C67FC}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-575885078-3427260032-230283692-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "Blekko" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Blekko" FF - prefs.js..browser.search.selectedEngine: "Blekko" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://blekko.com/ws/?source=017d87aa&toolbarid=blekkotb_020&u=20120430469146CF8D965C40F8A806E7&tbp=homepage" FF - prefs.js..extensions.enabledAddons: {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787}:1.3.19.12 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.18132 FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.6.4 FF - prefs.js..extensions.enabledItems: ffxtlbra@softonic.com:1.5.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: 64ffxtbr@TelevisionFanatic.com:1.9.0.23371 FF - prefs.js..keyword.URL: "hxxp://blekko.com/ws/?source={SourceID}&tbp=url&toolbarid=blekkotb_020&u=USERGUID&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009.09.11 04:51:42 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009.09.11 04:51:42 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.10.11 18:46:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.14 21:14:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.1.415.37\FirefoxExtension [2012.04.30 18:14:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.14 21:14:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.22 20:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\Extensions [2013.05.24 14:37:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\Firefox\Profiles\04h3le2f.default\extensions [2013.02.18 17:12:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\Firefox\Profiles\04h3le2f.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.11.16 18:05:52 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\Firefox\Profiles\04h3le2f.default\extensions\{a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} [2012.01.30 20:12:42 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\Firefox\Profiles\04h3le2f.default\extensions\ffxtlbra@softonic.com [2012.04.14 12:10:28 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\Firefox\Profiles\04h3le2f.default\extensions\software@loadtubes.com [2011.12.10 13:05:27 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\Firefox\Profiles\04h3le2f.default\extensions\toolbar@ask.com [2013.05.24 14:37:53 | 000,620,338 | ---- | M] () (No name found) -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\firefox\profiles\04h3le2f.default\extensions\toolbar@web.de.xpi [2012.07.26 18:39:53 | 000,002,306 | ---- | M] () -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\firefox\profiles\04h3le2f.default\searchplugins\askcomsearch.xml [2013.03.23 03:56:36 | 000,002,387 | ---- | M] () -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\firefox\profiles\04h3le2f.default\searchplugins\buzzdock.xml [2010.12.18 14:45:31 | 000,000,873 | ---- | M] () -- C:\Users\Dirk Brehme\AppData\Roaming\mozilla\firefox\profiles\04h3le2f.default\searchplugins\conduit.xml [2013.05.31 20:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.26 18:39:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.05.31 20:32:36 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN [2013.01.14 21:14:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.12 15:53:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.14 21:14:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.12 15:53:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.12 15:53:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.30 18:15:20 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml [2012.07.12 15:53:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.12 15:53:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {a0442ee1-d2e7-44c0-b4a5-8c4e6b035787} - No CLSID value found. O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Dirk Brehme\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) O3:64bit: - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Search-Results) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.) O4:64bit: - HKLM..\Run: [TouchPortal] C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchPortal.exe (Acer Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Search-Results) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-575885078-3427260032-230283692-1001..\Run: [ctfmon32.exe] C:\ProgramData\dljri.dat (Microsoft Corporation) O4 - HKU\S-1-5-21-575885078-3427260032-230283692-1001..\Run: [MusicGadget] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-575885078-3427260032-230283692-1001..\Run: [PhotoGadget] C:\Program Files (x86)\Packard Bell\Packard Bell Touch Suite\TouchPhotoShow.exe (acer) O4 - HKU\S-1-5-21-575885078-3427260032-230283692-1001..\Run: [PhotoGadgetFirstRun] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-575885078-3427260032-230283692-1001..\Run: [PhotoGadgetFirstRun_Portal] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-575885078-3427260032-230283692-1001..\Run: [TouchMemo] Reg Error: Invalid data type. File not found O4 - HKU\S-1-5-21-575885078-3427260032-230283692-1001..\Run: [waat.exe] C:\Users\Dirk Brehme\AppData\Roaming\Kyamdi\waat.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-575885078-3427260032-230283692-1001\..Trusted Ranges: Range1 ([*] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.140.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F8498A6-BC99-4DAD-8393-656318550D77}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\symres - No CLSID value found O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll (Symantec Corporation) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\bprote~1\21415~1.37\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.1.415.37\protector.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{d1f7ac5a-ca69-11de-a234-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d1f7ac5a-ca69-11de-a234-806e6f6e6963}\Shell\AutoRun\command - "" = E:\reatogoMenu.exe -- [2005.07.16 23:36:50 | 000,240,128 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.30 15:57:41 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\dljri.dat [2013.05.30 15:57:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.05.30 15:57:29 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Users\Dirk Brehme\4684701.dll [2013.05.20 12:07:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.15 23:16:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 23:16:09 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 23:16:08 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.15 23:16:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.15 23:16:07 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 23:16:07 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.15 23:16:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.15 23:16:07 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.15 23:16:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.15 23:16:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.15 23:16:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.15 23:16:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.15 23:16:04 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 23:16:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 23:16:03 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 18:24:02 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 18:24:02 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 18:23:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.15 18:23:50 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 18:23:50 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 18:23:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 18:23:50 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.08 11:59:32 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.08 11:59:32 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.08 11:59:32 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.08 11:59:32 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.08 11:59:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.08 11:59:32 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.08 11:59:32 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.08 11:59:32 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.08 11:59:32 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.08 11:59:32 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.08 11:59:32 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.08 11:59:32 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.08 11:59:32 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.08 11:59:32 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.08 11:59:32 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.08 11:59:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.08 11:59:32 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.08 11:59:31 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.08 11:59:31 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.08 11:59:31 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.08 11:59:31 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.08 11:59:31 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.08 11:59:31 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.08 11:59:31 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.08 11:59:31 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.08 11:59:31 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.08 11:59:31 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.08 11:59:31 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.08 11:59:31 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.08 11:59:31 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.08 11:59:31 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.08 11:59:31 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.08 11:59:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.08 11:59:31 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.08 11:59:31 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.08 11:59:31 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.08 11:59:31 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.08 11:59:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.08 11:59:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.08 11:59:31 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.08 11:59:31 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.08 11:59:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.08 11:59:31 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.08 11:59:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.08 11:59:31 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.08 11:59:31 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.08 11:59:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.08 11:59:31 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.08 11:59:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.08 11:59:31 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.08 11:59:31 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.08 11:59:31 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.08 11:59:31 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2009.09.11 04:55:12 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.31 20:42:05 | 001,654,440 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.31 20:42:05 | 000,711,362 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.31 20:42:05 | 000,664,592 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.31 20:42:05 | 000,155,752 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.31 20:42:05 | 000,126,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.31 20:39:44 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 20:39:44 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 20:32:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.31 20:32:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.31 20:32:30 | 1582,374,912 | -HS- | M] () -- C:\hiberfil.sys [2013.05.31 20:21:27 | 095,023,320 | ---- | M] () -- C:\ProgramData\irjld.pad [2013.05.31 20:21:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.31 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.30 15:59:11 | 000,001,037 | ---- | M] () -- C:\Users\Dirk Brehme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk [2013.05.30 15:58:13 | 000,002,646 | ---- | M] () -- C:\ProgramData\irjld.js [2013.05.30 15:58:13 | 000,000,151 | ---- | M] () -- C:\ProgramData\irjld.reg [2013.05.30 15:58:13 | 000,000,056 | ---- | M] () -- C:\ProgramData\irjld.bat [2013.05.30 15:57:41 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\dljri.dat [2013.05.30 15:57:41 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe [2013.05.30 15:57:30 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Users\Dirk Brehme\4684701.dll [2013.05.20 12:07:33 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.05.16 07:59:16 | 000,351,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 16:29:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 16:29:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.08 11:59:32 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.08 11:59:32 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.08 11:59:32 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.08 11:59:32 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.08 11:59:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.08 11:59:32 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.08 11:59:32 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.08 11:59:32 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.08 11:59:32 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.08 11:59:32 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.08 11:59:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.08 11:59:32 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.08 11:59:32 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.08 11:59:32 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.08 11:59:32 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.08 11:59:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.08 11:59:32 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.08 11:59:31 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.08 11:59:31 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.08 11:59:31 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.08 11:59:31 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.08 11:59:31 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.08 11:59:31 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.08 11:59:31 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.08 11:59:31 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.08 11:59:31 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.08 11:59:31 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.08 11:59:31 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.08 11:59:31 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.08 11:59:31 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.08 11:59:31 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.08 11:59:31 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.08 11:59:31 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.08 11:59:31 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.08 11:59:31 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.08 11:59:31 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.08 11:59:31 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.08 11:59:31 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.08 11:59:31 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.08 11:59:31 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.08 11:59:31 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.08 11:59:31 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.08 11:59:31 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.08 11:59:31 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.08 11:59:31 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.08 11:59:31 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.08 11:59:31 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.08 11:59:31 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.08 11:59:31 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.08 11:59:31 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.08 11:59:31 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.08 11:59:31 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.08 11:59:31 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.08 11:59:31 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.08 11:59:31 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.30 15:59:11 | 000,001,037 | ---- | C] () -- C:\Users\Dirk Brehme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk [2013.05.30 15:58:13 | 000,002,646 | ---- | C] () -- C:\ProgramData\irjld.js [2013.05.30 15:58:13 | 000,000,151 | ---- | C] () -- C:\ProgramData\irjld.reg [2013.05.30 15:58:13 | 000,000,056 | ---- | C] () -- C:\ProgramData\irjld.bat [2013.05.30 15:58:07 | 095,023,320 | ---- | C] () -- C:\ProgramData\irjld.pad [2013.05.08 11:59:31 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.08 11:59:31 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.01.06 15:47:59 | 001,631,398 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.14 09:57:08 | 000,000,844 | ---- | C] () -- C:\Windows\wiso.ini [2012.01.30 20:12:42 | 000,000,731 | ---- | C] () -- C:\Windows\wininit.ini [2011.12.26 20:35:28 | 001,806,336 | ---- | C] () -- C:\Users\Dirk Brehme\s-1-5-21-575885078-3427260032-230283692-1001.rrr [2011.10.05 16:51:01 | 000,003,584 | ---- | C] () -- C:\Users\Dirk Brehme\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.07.28 04:12:32 | 000,000,000 | -HSD | M] -- C:\Users\Dirk Brehme\AppData\Roaming\.# [2011.12.19 19:15:59 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\1&1 Mail & Media GmbH [2013.04.17 20:58:51 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\Algoo [2012.02.10 21:55:37 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\Audacity [2012.07.14 09:58:00 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\Buhl Data Service [2012.10.18 21:04:55 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\DVDVideoSoft [2010.07.28 04:10:23 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\GameConsole [2013.04.17 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\Kyamdi [2012.04.14 12:10:28 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\loadtbs [2012.10.18 21:04:30 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\OpenCandy [2010.07.27 17:12:09 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\PowerCinema [2010.09.07 20:55:38 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\Registry Mechanic [2013.04.12 15:37:45 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\Systweak [2013.06.01 05:09:00 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\TouchGadget [2012.10.18 21:06:01 | 000,000,000 | ---D | M] -- C:\Users\Dirk Brehme\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1D32EC29 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:51574724 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp  1B5B4F1< End of report > |
|
31.05.2013, 20:29
| #2 |
| /// Malware-holic   | GVU Trojaner - Windows 7 bHi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKU\S-1-5-21-575885078-3427260032-230283692-1001..\Run: [waat.exe] C:\Users\Dirk Brehme\AppData\Roaming\Kyamdi\waat.exe ()
O4 - HKU\S-1-5-21-575885078-3427260032-230283692-1001..\Run: [ctfmon32.exe] C:\ProgramData\dljri.dat (Microsoft Corporation)
[2013.05.30 15:57:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.05.30 15:57:29 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Users\Dirk Brehme\4684701.dll
:files
C:\Users\Dirk Brehme\AppData\Roaming\Kyamdi
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
31.05.2013, 20:51
| #3 |
| | GVU Trojaner - Windows 7 Folgend das Ergebnis. Datei konnte wie beschrieben auch schon im Upchannel hochgeladen werden.
__________________Anmerkung: Nach Neustart hatte ich folgende Fehlermeldung: RunDLL Problem beim starten von C:\PROGRA~3\dljri.dat Das angegebene Modul wurde nicht gefunden. All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-575885078-3427260032-230283692-1001\Software\Microsoft\Windows\CurrentVersion\Run\\waat.exe deleted successfully. C:\Users\Dirk Brehme\AppData\Roaming\Kyamdi\waat.exe moved successfully. Registry value HKEY_USERS\S-1-5-21-575885078-3427260032-230283692-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe deleted successfully. C:\ProgramData\dljri.dat moved successfully. C:\ProgramData\rundll32.exe moved successfully. C:\Users\Dirk Brehme\4684701.dll moved successfully. ========== FILES ========== C:\Users\Dirk Brehme\AppData\Roaming\Kyamdi folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dirk Brehme ->Temp folder emptied: 55553987 bytes ->Temporary Internet Files folder emptied: 112016485 bytes ->Java cache emptied: 581631 bytes ->FireFox cache emptied: 125334338 bytes ->Flash cache emptied: 4647 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 386797082 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42305012 bytes RecycleBin emptied: 997408 bytes Total Files Cleaned = 690,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05312013_213729 Files\Folders moved on Reboot... C:\Users\Dirk Brehme\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Dirk Brehme\AppData\Local\Temp\~DF3553919900813ECE.TMP not found! File\Folder C:\Users\Dirk Brehme\AppData\Local\Temp\~DF3709C07A9E1BADC6.TMP not found! File\Folder C:\Users\Dirk Brehme\AppData\Local\Temp\~DF661D490E438CF54E.TMP not found! File\Folder C:\Users\Dirk Brehme\AppData\Local\Temp\~DFCCEE248F6BF4E044.TMP not found! File\Folder C:\Users\Dirk Brehme\AppData\Local\Temp\~DFD979A9F9A98227AB.TMP not found! File\Folder C:\Users\Dirk Brehme\AppData\Local\Temp\~DFFEB2C2CC79374F9D.TMP not found! C:\Users\Dirk Brehme\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRZ934OS\135879-gvu-trojaner-windows-7-a[1].htm moved successfully. C:\Users\Dirk Brehme\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRZ934OS\login[1].htm moved successfully. C:\Users\Dirk Brehme\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LRZ934OS\timelapse[1].dat moved successfully. C:\Users\Dirk Brehme\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DICYWH7\ads[5].htm moved successfully. File move failed. C:\Users\Dirk Brehme\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. File\Folder C:\Windows\temp\JET7899.tmp not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
31.05.2013, 21:13
| #4 |
| /// Malware-holic | GVU Trojaner - Windows 7 Aloa, nutzt ihr diesen PC fürs Onlinebanking, zum einkaufen, für sonstige Zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 21:18
| #5 |
| | GVU Trojaner - Windows 7 Onlinebanking = nein Internet einkaufen = durchaus (es sind also Kontodaten z.B. Amazon hinterlegt) Beruflich = Nein |
|
31.05.2013, 21:23
| #6 |
| /// Malware-holic | GVU Trojaner - Windows 7 Hi, Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC für einkaufen, , verwendest Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Ich würge, wenn es mein PC währe, ihn einmal neu aufsetzen und absichern, dafür bekommst du natürlich anleitungen. Auch wenn du bereinigen willst, die Entscheidung liegt bei dir.
__________________ --> GVU Trojaner - Windows 7 |
|
31.05.2013, 21:29
| #7 |
| | GVU Trojaner - Windows 7 Oh je, so schlimm? Aber ich würde dann glaub ich in den sauren Apfel beißen und komplett neu aufsetzen. Das wollte ich eh schon mal gemacht haben, als hier einiges langsam wurde, was ich aber dann über normale Optimierungen wieder auf Standard bringen konnte. Grund warum ichs nicht gemacht habe: Ich habe davon ehrlich gesagt keine Ahnung und ich habe keine Windows-CD, das war hier auf dem Rechner (ist so ein MacBook nennt man es glaub ich) alles vorinstalliert. Aber ich hoffe, dass ihr mich richtig dadurch führt. Also kompletter Neustart.... |
|
31.05.2013, 21:31
| #8 |
| /// Malware-holic | GVU Trojaner - Windows 7 Hi wenn du erst mal so gut bist, und mir sagst, wie das gute Stück heißt? Hersteller und bezeichnung
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 21:39
| #9 |
| | GVU Trojaner - Windows 7 Systemhersteller Packard Bell Systemmodell ONETWO M3700 Systemtyp x64-basierter PC Prozessor Celeron(R) Dual-Core CPU T3100 @ 1.90GHz, 1900 MHz, 2 Kern(e), 2 logische(r) Prozessor(en) |
|
31.05.2013, 21:41
| #10 |
| /// Malware-holic | GVU Trojaner - Windows 7 hmm, die Firma haben wir schon mal, steht im kaufvertrag nichts weiter oder auf dem Laptop/PC?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 21:48
| #11 |
| | GVU Trojaner - Windows 7 Auf dem Rechner selber gar nichts..... Auf der Rechnung leider auch nicht wirklich etwas anderes... Packerd Bell One Two U5000GE T31 Mehr gibt's da nicht :-( |
|
31.05.2013, 21:53
| #12 |
| /// Malware-holic | GVU Trojaner - Windows 7 gibts dazu noch n handbuch wo was über die Recovery drinn steht?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.05.2013, 22:18
| #13 |
| | GVU Trojaner - Windows 7 Hatte befürchtet, dass du danach fragst. Wie es nach ein paar Jahren so ist, wir werden sie noch irgendwo haben, aber nach jetzt halber Stunde suchen an den prägnantesten stellen, nicht gefunden. Die ist unabdingbar? Dann muss ich morgen nochmal weitersuchen..... |
|
02.06.2013, 12:09
| #14 |
| | GVU Trojaner - Windows 7 So halbes Haus auf den Kopf gestellt, jede mögliche Bedienungsanleitung gefunden, nur die für den PC nicht. Dann müssen wir es wohl über eine Bereinigung versuchen so sauber wie nur möglich zu bekommen. |
|
02.06.2013, 13:47
| #15 |
| /// Malware-holic | GVU Trojaner - Windows 7 könntest du dir denn ein windows 7 home 64 bit ausleien? dann könnten wirs neu instalieren wenn wir deinen Lizenzkey auslesen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU Trojaner - Windows 7 |
| autorun, bho, ebay, error, excel, fehler, flash player, google, home, homepage, iexplore.exe, install.exe, intranet, logfile, mozilla, packard bell, plug-in, realtek, registry, rundll, scan, security, server, software, svchost.exe, symantec, trojaner, windows, wiso |
Textbox. 
