| |
| |||||||
Log-Analyse und Auswertung: Win32/Small.CA-Virus entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.07.2013, 21:46
| #1 |
| |  Win32/Small.CA-Virus entfernen Hallo Zusammen, mein Windows Wartungscenter bringt mir folgende Fehlermeldung Win32/Small.CA-Virus entfernen. Ich habe mit Avira Free Antivirus meinen Rechner gescannt. Nach 1 oder 2 Abstürtzen hat Avira nichts gefunden. Der Rechner stürtzt regelmäßig ab. Oft erscheint die Fehlermeldung "Windows muss neu gestartet werden, weil der Dienst Stromversorgung unerwartet beendet wurde", oder "...der DCOM Server Prozessunerwartet beendet wurde". Ich habe die ersten 3 Schritte der Anleitung durchgeführt und die Files hier angefügt. Wäre klasse, wenn jemand trotz des tollen Wetters weiterhelfen kann  .Vielen Dank und guten Abend Peppone OTL logfile created on: 04.07.2013 20:54:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,54% Memory free 6,50 Gb Paging File | 5,39 Gb Available in Paging File | 83,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1300,79 Gb Free Space | 94,52% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,53% Space Free | Partition Type: NTFS Computer Name: HANS-PC | User Name: Hans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.04 20:30:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe PRC - [2013.07.04 20:18:56 | 000,050,477 | ---- | M] () -- C:\Users\Hans\Desktop\Defogger.exe PRC - [2013.07.02 21:10:12 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.07.02 21:09:19 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2013.07.02 21:09:13 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.07.02 21:09:05 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.07.02 21:09:05 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.01 13:00:26 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Programme\Ask.com\CallingIDSDK\CIDGlobalLight.exe PRC - [2013.04.01 12:59:32 | 001,646,216 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.01.09 01:34:18 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013.07.04 20:18:56 | 000,050,477 | ---- | M] () -- C:\Users\Hans\Desktop\Defogger.exe MOD - [2013.07.01 22:14:52 | 011,914,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ce6b7579fbb77330560e9122d1cf6526\System.Web.ni.dll MOD - [2013.07.01 22:14:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll MOD - [2013.05.14 22:46:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.14 22:45:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.01.10 08:10:00 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 08:09:39 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 08:09:34 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 08:09:20 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.02.02 11:33:39 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3660.33486__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard. dll MOD - [2010.02.02 11:33:39 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3660.33443__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3660.33319__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3660.33396__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3660.33397__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3660.33417__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3660.33329__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3660.33444__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3660.33395__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3660.33388__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.02.02 11:33:39 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l MOD - [2010.02.02 11:33:39 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3660.33338__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.02.02 11:33:39 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3660.33330__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll MOD - [2010.02.02 11:33:39 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3660.33487__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 001,290,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3660.33482__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dash board.dll MOD - [2010.02.02 11:33:38 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3660.33379__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,651,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3660.33458__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3660.33346__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll MOD - [2010.02.02 11:33:38 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3660.33410__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.02.02 11:33:38 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3660.33371__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3660.33345__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:38 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3660.33378__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3660.33385__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll MOD - [2010.02.02 11:33:38 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3660.33457__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3660.33376__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3660.33384__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll MOD - [2010.02.02 11:33:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3660.33351__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll MOD - [2010.02.02 11:33:38 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3660.33386__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.02.02 11:33:37 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3639.21544__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3639.21529__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3639.21799__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3639.21677__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3639.21772__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3660.33377__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.02.02 11:33:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3639.21517__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3639.21518__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3639.21922__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.02.02 11:33:37 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3639.21571__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3639.21582__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3639.21557__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3639.21776__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3639.21569__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.02.02 11:33:37 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3639.21562__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3639.21599__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3639.21620__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3639.21566__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3639.21663__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3639.21591__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3639.21613__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3639.21806__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3639.21789__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3639.21606__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.02.02 11:33:37 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3639.21788__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.02.02 11:33:37 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.02.02 11:33:36 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3660.33325__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.02.02 11:33:36 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3660.33479__90ba9c70f846762e\ResourceManagement.Foundation.Implementatio n.dll MOD - [2010.02.02 11:33:36 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3660.33428__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.02.02 11:33:36 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3660.33337__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.02.02 11:33:36 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3660.33436__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3660.33434__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3639.21679__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3660.33316__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3639.21608__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3660.33315__90ba9c70f846762e\APM.Server.dll MOD - [2010.02.02 11:33:36 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3660.33318__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3639.21609__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3639.21670__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3639.21589__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3660.33314__90ba9c70f846762e\AEM.Server.dll MOD - [2010.02.02 11:33:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3660.33451__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3639.21551__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3639.21578__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3639.21577__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3639.21601__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3639.21521__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3639.21666__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3639.21623__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3639.21565__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3639.21594__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3639.21673__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3639.21539__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3639.21592__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3639.21596__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3639.21681__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3639.21611__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l MOD - [2010.02.02 11:33:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3639.21604__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.02.02 11:33:36 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3660.33435__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.02.02 11:33:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3639.21570__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.02.02 11:33:36 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3660.33313__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2013.07.03 21:11:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.07.02 21:10:12 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.07.02 21:09:19 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2013.07.02 21:09:05 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.12 19:11:10 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 01:33:48 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2013.03.06 15:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.27 12:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.02.27 12:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.01.09 01:54:44 | 005,191,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.01.09 00:40:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.11.19 01:25:04 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.09.19 05:30:10 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2009.09.19 05:30:10 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2009.09.19 05:30:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.07 23:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2009.06.05 04:53:42 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.05.05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Hans\Pictures\Marie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ecosia.org/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{4D4694B9-385C-4AA2-82E8-3B56C804C15A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{71B7257F-4F9F-4078-B632-64B3276F960D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{EAD3B8FA-F916-4B42-ABED-F253FA45906E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=4de61975-5fbb-4e3d-a009-48862bf7b4e8&apn_sauid=23239F00-747E-4ED5-869E-7722D78292EC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "about:home|hxxp://ecosia.org/" FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.24.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.22 10:42:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.03 21:11:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.22 10:42:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.07.03 21:11:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.26 14:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Extensions [2013.04.19 19:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Firefox\Profiles\prpzkjhg.default-1351854918632\extensions [2013.04.19 19:54:45 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Hans\AppData\Roaming\mozilla\Firefox\Profiles\prpzkjhg.default-1351854918632\extensions\toolbar@ask.com [2013.04.19 19:54:46 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\firefox\profiles\prpzkjhg.default-1351854918632\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2013.07.03 22:08:52 | 000,002,413 | ---- | M] () -- C:\Users\Hans\AppData\Roaming\mozilla\firefox\profiles\prpzkjhg.default-1351854918632\searchplugins\askcom.xml [2013.07.03 21:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.03 21:11:45 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.03.15 17:46:08 | 000,000,911 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} hxxp://stulde2.mail.intranet.mahle/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://vpn1.mahle.com/+CSCOL+/csvrloader32.cab (Cisco SSL VPN Relay Loader) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C15B7B-3473-408D-807F-5F983914D6BB}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c64381a-ee90-11df-8554-40618699ebd4}\Shell - "" = AutoRun O33 - MountPoints2\{0c64381a-ee90-11df-8554-40618699ebd4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.04 20:30:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe [2013.07.03 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.06.22 21:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.06.09 10:31:09 | 000,000,000 | ---D | C] -- C:\Users\Hans\Documents\Krankenversicherung SDK [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.04 20:57:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.04 20:30:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe [2013.07.04 20:29:25 | 000,000,000 | ---- | M] () -- C:\Users\Hans\defogger_reenable [2013.07.04 20:20:11 | 000,000,168 | ---- | M] () -- C:\Users\Hans\Desktop\New Internet Shortcut.url [2013.07.04 20:18:56 | 000,050,477 | ---- | M] () -- C:\Users\Hans\Desktop\Defogger.exe [2013.07.04 20:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.04 20:08:57 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 20:08:57 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.04 20:04:41 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd997c7a355a48.job [2013.07.04 20:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.04 20:01:23 | 2615,910,400 | -HS- | M] () -- C:\hiberfil.sys [2013.07.02 21:10:27 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys [2013.07.01 22:12:53 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.01 22:12:53 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.01 22:12:53 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.01 22:12:53 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.27 16:54:02 | 360,120,221 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.23 10:30:00 | 000,000,111 | -H-- | M] () -- C:\Users\Hans\Documents\.~lock.Entliehene Bücher Tina.odt# [2013.06.22 21:53:59 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.21 08:35:37 | 000,001,054 | ---- | M] () -- C:\Users\Hans\Desktop\Mobile USB Modem 1.0 - Verknüpfung.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.04 20:29:25 | 000,000,000 | ---- | C] () -- C:\Users\Hans\defogger_reenable [2013.07.04 20:20:01 | 000,000,168 | ---- | C] () -- C:\Users\Hans\Desktop\New Internet Shortcut.url [2013.07.04 20:18:54 | 000,050,477 | ---- | C] () -- C:\Users\Hans\Desktop\Defogger.exe [2013.06.23 10:30:00 | 000,000,111 | -H-- | C] () -- C:\Users\Hans\Documents\.~lock.Entliehene Bücher Tina.odt# [2013.06.22 21:53:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.06.22 21:53:59 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.06.21 08:35:37 | 000,001,054 | ---- | C] () -- C:\Users\Hans\Desktop\Mobile USB Modem 1.0 - Verknüpfung.lnk [2012.05.06 20:49:25 | 000,017,408 | ---- | C] () -- C:\Users\Hans\AppData\Local\WebpageIcons.db [2011.11.12 01:03:47 | 000,000,000 | ---- | C] () -- C:\Users\Hans\AppData\Local\{F6A931C8-C935-4E9F-828C-5E8DC016BA88} [2011.01.19 19:25:54 | 000,001,940 | ---- | C] () -- C:\Users\Hans\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.01.03 06:45:47 | 000,000,000 | ---- | C] () -- C:\Users\Hans\AppData\Roaming\wklnhst.dat [2010.11.20 08:08:20 | 000,016,896 | ---- | C] () -- C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.12 19:15:45 | 000,007,605 | ---- | C] () -- C:\Users\Hans\AppData\Local\Resmon.ResmonCfg [2010.06.01 21:28:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.04.07 06:59:12 | 000,000,680 | RHS- | C] () -- C:\Users\Hans\ntuser.pol ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.05.20 23:57:09 | 000,000,000 | -HSD | M] -- C:\Users\Hans\AppData\Roaming\.# [2010.05.17 19:52:26 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\ALDI_SUED_Mah_Jong [2011.10.13 21:51:23 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Amazon [2012.11.16 18:48:42 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\elsterformular [2011.06.18 12:41:50 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Mp3tag [2010.06.03 11:25:32 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\OpenOffice.org [2012.01.01 18:25:30 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\ProtectDISC [2011.01.03 06:45:52 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Template [2010.10.24 18:42:22 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Tific [2010.05.10 06:33:13 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Windows Live Writer ========== Purity Check ========== < End of report > OTL Extras logfile created on: 04.07.2013 20:54:44 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hans\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 73,54% Memory free 6,50 Gb Paging File | 5,39 Gb Available in Paging File | 83,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1376,16 Gb Total Space | 1300,79 Gb Free Space | 94,52% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 19,91 Gb Free Space | 99,53% Space Free | Partition Type: NTFS Computer Name: HANS-PC | User Name: Hans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Meine CEWE FOTOWELT] -- "C:\Program Files\CeWe Color\Meine CEWE FOTOWELT\Meine CEWE FOTOWELT.exe" "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{044D6B2C-9AB3-4C41-A7C8-9263C7E38EE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{0A324E80-2F6D-44B4-BC15-200E93D0F744}" = rport=137 | protocol=17 | dir=out | app=system | "{0BABD92F-23C6-4736-89A5-3D74BB5936C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1184F647-DB7C-4C13-9566-8021337259FE}" = lport=2869 | protocol=6 | dir=in | app=system | "{1DE7637A-9B01-44A8-82E2-74215EE6C601}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2F7450A0-0BD7-467E-8566-D74BE47AD1E2}" = rport=10243 | protocol=6 | dir=out | app=system | "{35A9BFFC-CBBD-45D3-9BF2-F8F5ABF894B4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{49866BFD-EDB8-401F-9BFF-B0AE685E99AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4D54AF83-3100-468B-B7AF-D254EB4B3FF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{63A88686-FC4C-4DE8-A365-2D8A8F8D1B21}" = lport=445 | protocol=6 | dir=in | app=system | "{663D9FF7-6050-4E4B-B716-A71E81A00531}" = rport=139 | protocol=6 | dir=out | app=system | "{6975EC16-BFB5-43D7-AF3F-5FC8D9A36FFF}" = rport=445 | protocol=6 | dir=out | app=system | "{8A8F8418-73A9-429C-845E-05089CE3A4F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A4B7FFE9-D6EB-4AE0-B8C3-E2DBC47B6C0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A7591091-80E9-4AF0-A1CE-43DBF23B5385}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B41978D7-EED5-4363-839F-8780A43D0C3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C50B3350-D4EA-4968-ADEC-32E694058681}" = lport=138 | protocol=17 | dir=in | app=system | "{CBE5E4E2-5799-4062-B8DA-280FAD0E6050}" = lport=139 | protocol=6 | dir=in | app=system | "{CDB78CA8-B0BF-4A1D-945A-B4BCDB55917D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D7B55B5A-0C43-44A9-A14C-FBEC2B8EF386}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E9BF06EE-41A0-45DC-9CC2-89734EFF1ACA}" = rport=138 | protocol=17 | dir=out | app=system | "{EBD44A1A-99C0-4568-95BE-A27DC64E1F85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{ECBCF07D-F005-42AF-B9CD-0071F4E56EE9}" = lport=2869 | protocol=6 | dir=in | app=system | "{F5FEFEFB-4F3F-4AE8-B583-0751AE4E8ADF}" = lport=137 | protocol=17 | dir=in | app=system | "{FFC45B75-3E56-4406-B849-D61FAC49E938}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C25583D-EB91-4BAF-89BC-23D6CC6EB244}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | "{0DC4C320-F0CD-4B9D-92F3-0E8B95D0B9F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{19C4FE0E-4178-45F6-9F58-C5045FA3D2F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{1BE639D1-4DB1-462E-B678-299BCCEA07D1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | "{28892240-7E53-47C9-A261-038DD4D4FBC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2D18F8C2-A0DF-44CD-8592-98AEA6EB7367}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{31E8DF8D-4C4C-4ACA-8D04-413F8EB9F829}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{3AAC8937-A984-46C7-B7E2-8DF6CA685449}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{3ADEB1A0-AFD2-4B73-A1E4-2D3FCD66F997}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{40A29986-F288-4E47-A3F7-DE5BC4D6B9FC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{455599EE-B2AB-4AE4-8AEC-2152282BCEC4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{4C344266-8816-4DF9-B164-22ABC675B3C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{55A37448-04D6-4A84-BD53-2D303B2B1344}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{5CC97F29-2363-4A25-8820-B74A73B2B45F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{6337DEDB-D042-4D4C-AC5E-ADDB088C1CFE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{64135EB3-D921-4257-82F0-6C5585726B39}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{65869BE4-A580-456F-8BEE-1B554A61215F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | "{7002F95A-EA6C-4F63-8658-FE5061620813}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{7C1A490F-AF93-4FC4-8FF1-11FABF32B64E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{887FA4E8-FE8E-4A5A-BB4F-E7345C837F27}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{898CED55-A8A9-43AB-9F0D-1CC763CB5BA4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{8A516A9E-16B9-4BBF-B028-17163B2692DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{8C4F7495-E0CD-4796-858F-154D72F9083A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{8FE560DD-6B95-47BC-9D96-FFCB56755CB1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{961D50ED-25AC-4329-A130-7488A48636C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "{96F66570-4FB2-41EA-8B37-68DAFF2E3EFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9CE53C92-1F50-43E1-A5DB-3C3169AD1E48}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{A1B633E1-F05E-4B2E-BD4F-4AB4E3F9A0A1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | "{A589F4A8-F831-4CAB-A06D-8A48973C39AF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{A88D738F-3899-4098-B7F2-F8EBF802BAF8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{AB58BE99-986D-421F-800C-7B1708B6C86B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AE125130-A198-42CA-929C-A550032B5190}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | "{B15F0AF0-2E75-4C7B-B14E-628F038B566C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | "{CE326E96-674A-4CE9-B1F1-408E0DE36DF1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{D425BBBA-BF5B-4DEE-BD1B-997F0EDB34D8}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{D67A0EE2-8865-45D4-94AE-B7840BFAC2F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D8594E4D-A09D-4556-A98A-B3774AD81AD9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{DE790F8E-CF9F-4031-9B2D-4A9516837802}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E0F3B78F-C9BE-4B10-A9A6-04E81C4D854B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{E1B6AAB4-5711-4106-A15B-0B31AD376D92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{E43FF323-6995-4092-A16E-A1ABD89E8E0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EBAB9B18-6FD4-4672-A402-FB0AEC0C4A0C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{EF258321-1056-40F4-92A2-D520F79ED03F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F142515C-1BD5-4E75-9873-06BCE72C6EB0}" = dir=in | app=c:\program files\itunes\itunes.exe | "{F26AA263-A162-4D12-927D-8A38B41C5D99}" = protocol=6 | dir=out | app=system | "{F2B43345-09FD-4857-BAC5-309740BCB1F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F623A2D8-6362-4EE4-99F4-EB2AFCF531DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F9263217-4756-4AFD-AAAB-7F898604FEA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FF3C7EFD-96D4-43D1-BCB0-54E7CB95004D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{413070A8-C741-4E78-803F-F07E2ED3B47C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{3C9A6C63-3DF8-4D77-888B-94452FD088B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{1433046A-BAE7-EBC6-4CAE-9A7BD0C3A35D}" = CCC Help Finnish "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{4D66F66A-D5FA-15A2-F6E5-5589BD7E29AA}" = Catalyst Control Center InstallProxy "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport "{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver "{54873998-9F2C-4D2F-2CC1-BEE8D9D9FC73}" = ccc-utility "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77A2EA4C-F1DD-BBA7-F816-BD76EA3C08DF}" = CCC Help French "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help "{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88A34D88-1A75-8C9D-A26E-F283436AC0A6}" = ATI Catalyst Install Manager "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C1969E4-3533-3735-B5DF-82F24164203C}" = CCC Help Japanese "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C516706-B1CC-EBFC-A0CB-02E1FF5FC0FC}" = CCC Help Danish "{9D8004FF-B214-18C6-4473-4993230B11D5}" = CCC Help Norwegian "{9E3C6E9F-26C9-F771-36B5-2065515AA7C2}" = CCC Help Dutch "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A81FC45F-6431-CFD2-2FEF-B259C3B8DEB4}" = Catalyst Control Center Graphics Light "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACCC042D-A515-F15A-44DC-B8916D269A53}" = Catalyst Control Center Localization All "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA67EF42-DC5C-18EE-5DB4-7EB3987589BC}" = Catalyst Control Center Core Implementation "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BC37B94A-1C40-D769-0E53-157C3FF481C6}" = CCC Help German "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C170B7B5-9720-C191-F5FA-981C3FACAED6}" = CCC Help English "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5346D3C-C9FF-A4FD-FDDB-A36DE137A513}" = CCC Help Italian "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB5167B0-61DF-D5EA-E1C4-438D869D0B4A}" = ccc-core-static "{D443CF18-21ED-8648-CB98-B338EF0D8A51}" = CCC Help Swedish "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential "{D8104EB7-EA8D-08D1-9A69-717E2F2E86F9}" = Catalyst Control Center Graphics Full New "{D8D76911-AA3A-62C8-8E1B-F94A518BD27D}" = Catalyst Control Center Graphics Previews Vista "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "{EC27B0C8-F3B7-95BD-96B8-A8D8C78A94B8}" = Catalyst Control Center Graphics Full Existing "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F2DC2589-C894-43DD-BA70-8FDCA7360584}" = 5600 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F92DBD0E-7769-3E62-3526-45ED37E0A921}" = CCC Help Spanish "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free "ALDI Süd Foto Service D" = ALDI Süd Foto Service "Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice "ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong "ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "dm-Fotowelt" = dm-Fotowelt "ElsterFormular" = ElsterFormular "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Photosmart Essential" = HP Photosmart Essential 3.5 "HP Smart Web Printing" = HP Smart Web Printing 4.51 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6 "MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued "Meine CEWE FOTOWELT" = Meine CEWE FOTOWELT "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.49 "OpenAL" = OpenAL "Picasa 3" = Picasa 3 "Shop for HP Supplies" = Shop for HP Supplies "VLC media player" = VLC media player 2.0.6 "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.10.2012 08:06:48 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.10.2012 08:06:48 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6794327 Error - 13.10.2012 08:06:48 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6794327 Error - 13.10.2012 09:08:27 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 13.10.2012 09:08:27 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15584 Error - 13.10.2012 09:08:27 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15584 Error - 14.10.2012 05:30:43 | Computer Name = Hans-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error - 14.10.2012 11:20:30 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 14.10.2012 11:20:30 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 15600 Error - 14.10.2012 11:20:30 | Computer Name = Hans-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 15600 [ System Events ] Error - 04.07.2013 14:57:06 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:09 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:12 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:15 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:17 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:21 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:23 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:26 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:29 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. Error - 04.07.2013 14:57:32 | Computer Name = Hans-PC | Source = amdsata | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden. < End of report > GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-04 22:16:36 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000054 WDC_WD15 rev.80.0 1397,27GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Hans\AppData\Local\Temp\pwldipoc.sys ---- System - GMER 2.1 ---- SSDT 91D08286 ZwCreateSection SSDT 91D08290 ZwRequestWaitReplyPort SSDT 91D0828B ZwSetContextThread SSDT 91D08295 ZwSetSecurityObject SSDT 91D0829A ZwSystemDebugControl SSDT 91D08227 ZwTerminateProcess ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8307F9F5 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B91F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 830C053C 4 Bytes [86, 82, D0, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 830C0898 4 Bytes [90, 82, D0, 91] {NOP ; ADC AL, 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 830C08DC 4 Bytes [8B, 82, D0, 91] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 830C0958 4 Bytes [95, 82, D0, 91] {XCHG EBP, EAX; ADC AL, 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 830C09AC 4 Bytes [9A, 82, D0, 91] .text ... .text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x9242D000, 0x2D293E, 0xE8000020] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740324CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7401562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740156EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74032546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740285AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74024D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74025105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740251DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74026707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74028301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74028850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740290B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7402E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[212] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74024C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
| Themen zu Win32/Small.CA-Virus entfernen |
| 32 bit, 7-zip, antivirus, avira, avira searchfree toolbar, bho, bingbar, bonjour, ebay, entfernen, error, firefox, flash player, format, helper, home, iexplore.exe, install.exe, logfile, lotus, mozilla, mp3, officejet, plug-in, realtek, registry, richtlinie, rundll, security, senden, server, software, svchost.exe, windows |
Baum-Darstellung