Trojaner mit dem schwarzen Bildschirm, der Deutschlandflagge und 50€
Hallo,
leider habe ich mir oben genannten Trojaner eingefangen. Ich habe wie hier im Board beschrieben mit OTL die Logfiles erstellt. Es wäre nett, wenn mir jemand helfen kann:
Extras: Code:
OTL Extras logfile created on: 11.04.2012 19:35:34 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\user\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 73,47% Memory free
3,98 Gb Paging File | 3,52 Gb Available in Paging File | 88,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,10 Gb Total Space | 44,95 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 52,23 Gb Free Space | 71,48% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [dm Fotowelt] -- "C:\Program Files (x86)\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files (x86)\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD94D4E-3A19-4B95-8FE9-20F25CE870C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{21519635-F398-4E20-99F3-0A9FBFD1E634}" = lport=5357 | protocol=6 | dir=in | app=system |
"{262A5FF1-C1B6-40B9-900C-C54353A725BB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{30711110-1BE2-45F9-BFF4-5A05D6328937}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{38D7A8D9-CFF0-4A0D-9B60-68F23D59E6B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{471CDA3D-64EB-4CDF-AA0C-CED8CB7C638C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5FAE9441-A432-43B3-8133-06D788C4BB4D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{602B0467-A12E-4324-AA19-AD1ED80B4AB7}" = rport=138 | protocol=17 | dir=out | app=system |
"{606EA699-DB86-494E-B39A-BE0563B611BA}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BD608CD-9DD3-4F99-BCAC-710C98B5EDD8}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{709FCFE9-9E74-438D-B5BC-08F25E5C77D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7973DB2A-9773-49CA-A73E-66FF1437727F}" = rport=5357 | protocol=6 | dir=out | app=system |
"{7B0E270D-D4DF-4C5F-AF9E-B1888111714F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{85DA8A20-CCE2-4DD6-8247-B90B75CAAC3F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{885B34E3-E975-4B85-AE67-496A2909ADC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{89A314E7-970D-4295-BE88-E5ABD0C740B5}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{902047D4-5BAB-4017-BFF9-484789294C4B}" = lport=5358 | protocol=6 | dir=in | app=system |
"{A2C72934-1F18-4038-AC56-9B0DF57639E8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{A36DD7A3-5010-433A-965B-B9AFABF46E58}" = rport=5358 | protocol=6 | dir=out | app=system |
"{A9265082-8DE0-4E30-A1C3-5B0AF1D29F1A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B83059E0-F889-4517-BC69-2110ED678225}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{C276B17D-759D-43F9-A7B3-D53168ABF3D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C6108155-0FCB-458E-869A-0CE230706A22}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CB3D5645-ED74-4F6D-99FD-7FC504422CF3}" = lport=445 | protocol=6 | dir=in | app=system |
"{E3169034-394C-40DE-8032-F3ABA0C03FBD}" = rport=139 | protocol=6 | dir=out | app=system |
"{E6F00E78-4CDF-406B-9494-241AFD78DA36}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA92E30C-80DC-41E1-8DF2-136F36DAB085}" = rport=445 | protocol=6 | dir=out | app=system |
"{ED2EFDD8-2E8D-4D71-B4F1-0630A5453642}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048F813A-E530-4546-9741-5AC05A17EB72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0889E0D3-FCD9-452E-92D7-1B4B88D935DF}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe |
"{08FBB425-7766-4D0F-9425-07E19E3CB602}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\webwaigd.exe |
"{0E01E844-B14D-4250-AA99-1B89131515A2}" = protocol=6 | dir=out | app=system |
"{18B3DECA-F97A-41C1-85BD-E6FEB10EEA3E}" = protocol=17 | dir=in | app=e:\fsetup.exe |
"{1C43EDDA-6BA6-4FA8-8788-3332BA21A99A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1F9FF7B8-97C6-4960-865A-24839470EB16}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{25780DA0-99AD-49FB-8B11-8A003435B20F}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe |
"{2939A1A2-6717-4045-AE4F-CC00DBEA3B05}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{29DDC95E-0BE7-49E2-BEE4-E0D25DF33A4F}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{2DF8F156-A396-48D9-90F0-A34170D29EB7}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{35EDA60E-C22D-4BAE-BBCD-04073F594343}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3DA91672-0014-4D74-A113-BDCFC17144CC}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{55ECD85B-BE93-4826-AF4B-E51B26EE12D8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{6F2DC6AB-2EA2-4B4E-834A-132A87C6F659}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6FC38413-5878-4EC6-96F6-8DFE9D4D0A1A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{7465E1E4-9C5F-4F44-9221-187784C98112}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{81B233F0-1884-40DC-91E4-7719F6FFC97C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9490011A-4439-41CE-887C-605A5710A791}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{94EC5A67-881F-4F89-83DA-35717585E7E0}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe |
"{95B13358-9447-4A2E-AF3A-9FD74BB52265}" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\igdctrl.exe |
"{B0F405CE-9B4B-4A2A-885F-A8F28259CD08}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{CA39A64C-E8D7-46B3-823F-ED601C782F86}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{D354D647-E2E9-47A5-B04E-9CC3007BC83F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D59B674E-BF29-4AB2-B9B8-6C0890AD1D0C}" = protocol=6 | dir=in | app=e:\fsetup.exe |
"{E13DB3D2-113F-4412-9E2E-D5A4A57500EA}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E45AC369-1626-42BA-9FFE-A72C172CA30F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{EBA959FB-D60C-47C2-AF1D-D6434CAE5073}" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fboxupd.exe |
"{F01CCDF9-7CCB-4350-A0B4-DBA282BED767}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{FE1E83C8-2281-4AAA-A055-F8540A07DEB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{1A027256-5441-4CB5-A8A7-40D1B07B9A97}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{8901BD4C-D7BB-4F4A-884E-0C6761E62E6D}E:\software\x_misc\fritz.box_fon_wlan_7270.04.57.recover-image.exe" = protocol=6 | dir=in | app=e:\software\x_misc\fritz.box_fon_wlan_7270.04.57.recover-image.exe |
"TCP Query User{9088AA95-3D93-4E82-BE64-1A35C12D9F71}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{08084E28-3858-4C45-9105-6A98B55FCF81}E:\software\x_misc\fritz.box_fon_wlan_7270.04.57.recover-image.exe" = protocol=17 | dir=in | app=e:\software\x_misc\fritz.box_fon_wlan_7270.04.57.recover-image.exe |
"UDP Query User{0A22CD03-8306-4E2E-8E9D-30B2B19562EA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{689FA366-B1B8-468E-A64E-6E1C8E6D1491}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6FF6937-3054-067A-EA3F-5AAE73E7AAC6}" = ATI Catalyst Install Manager
"{FE5CD583-6F4B-2DE4-BA5E-8A9202925D8F}" = ccc-utility64
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028741EB-70F5-BF63-EB23-480A7C48F096}" = CCC Help German
"{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{32AFDE70-6890-478B-BC92-8F3C76B8A77B}" = Branding
"{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}" = CSI
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587601F9-A917-AE27-263A-0854BE106BE9}" = Catalyst Control Center Localization German
"{66E98E51-BFF9-5922-1316-7AF58170CA54}" = Catalyst Control Center Graphics Light
"{689a58ab-7ba2-4f20-93d9-e27e7da73a58}" = Nero 9 Essentials
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C97813-ADFC-AA48-D24F-17E6CD41B413}" = Skins
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{787AD427-7FEB-A87C-4C2E-C95610EF345B}" = Catalyst Control Center Core Implementation
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8DEE4C35-1C60-413E-9630-77A0222D5C45}" = CSI-Dark Motives
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE73DF3-2349-A626-AE42-7959D7583E2B}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}" = ccc-core-static
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D723FE60-F9EC-D688-0274-7BF2FF96E80A}" = Catalyst Control Center Graphics Full New
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}" = Catalyst Control Center Graphics Previews Vista
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agfa ScanWise 1.50" = Agfa ScanWise 1.50
"AGFAnet Print Service" = AGFAnet Print Service
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BFGC" = Big Fish Games: Game Manager
"BFG-Jump Jump Jelly Reactor" = Jump Jump Jelly Reactor
"BFG-Schaetze der geheimnisvollen Insel - Das Geisterschiff" = Schätze der geheimnisvollen Insel: Das Geisterschiff
"BFG-Slingo Quest" = Slingo Quest
"dm Fotowelt" = dm Fotowelt
"dm-Fotowelt" = dm-Fotowelt
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Jewel Quest" = Jewel Quest (nur deinstallation)
"king.com" = king.com (remove only)
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"PokerStars.net" = PokerStars.net
"QuickTime" = QuickTime
"TeamViewer 6" = TeamViewer 6
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2012 07:28:58 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =
Error - 11.04.2012 07:29:56 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.04.2012 07:29:56 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.04.2012 07:29:56 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.04.2012 07:29:56 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.04.2012 07:29:58 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.04.2012 07:29:58 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 11.04.2012 07:37:34 | Computer Name = user-PC | Source = EventSystem | ID = 4609
Description =
Error - 11.04.2012 09:00:29 | Computer Name = user-PC | Source = EventSystem | ID = 4609
Description =
Error - 11.04.2012 13:32:43 | Computer Name = user-PC | Source = EventSystem | ID = 4609
Description =
[ System Events ]
Error - 11.04.2012 09:00:32 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =
Error - 11.04.2012 09:00:37 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =
Error - 11.04.2012 09:01:05 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.04.2012 09:01:05 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 11.04.2012 13:32:37 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =
Error - 11.04.2012 13:32:43 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =
Error - 11.04.2012 13:32:47 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =
Error - 11.04.2012 13:32:52 | Computer Name = user-PC | Source = DCOM | ID = 10005
Description =
Error - 11.04.2012 13:33:18 | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 11.04.2012 13:33:18 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
OTL: Code:
OTL logfile created on: 11.04.2012 19:35:34 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\user\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 73,47% Memory free
3,98 Gb Paging File | 3,52 Gb Available in Paging File | 88,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,10 Gb Total Space | 44,95 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 52,23 Gb Free Space | 71,48% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\program files (x86)\teamviewer\version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (IGDCTRL) -- C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys ()
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys ()
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE339
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
========== FireFox ==========
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\user\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.08 17:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011.02.23 21:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011.02.23 21:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\x7p4teyk.default\extensions
[2012.04.08 17:28:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [SkypePM] C:\Users\user\AppData\Local\Skype\SkypePM.exe (Microsoft Corporation)
O4 - HKCU..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\FRITZ!DSL\sarah.dll (AVM Berlin)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D9A8D0-FAED-451E-9592-3D881F62D22A}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DB38AF2-56C4-4F64-8053-78A5E29E09CE}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.04.11 15:02:08 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.04.11 13:42:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012.03.31 08:43:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\BigFish Games
[2012.03.31 08:43:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump Jump Jelly Reactor
[2012.03.31 08:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jump Jump Jelly Reactor
[2012.03.31 08:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jump Jump Jelly Reactor
[2012.03.31 08:10:26 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Slingo Quest Documents
[2012.03.31 08:10:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\funkitron
[2012.03.31 08:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Quest
[2012.03.31 08:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest
[2012.03.13 16:08:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Nevosoft Games
========== Files - Modified Within 30 Days ==========
[2012.04.11 19:32:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.11 19:17:22 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012.04.11 15:04:25 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.11 15:04:25 | 000,617,456 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.11 15:04:25 | 000,586,568 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.11 15:04:25 | 000,122,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.11 15:04:25 | 000,100,640 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.11 13:52:45 | 000,001,460 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps64.dat
[2012.04.11 13:42:10 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!DSL Startcenter.lnk
[2012.04.11 13:28:17 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 13:28:16 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 13:28:14 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.11 12:24:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.08 17:28:15 | 000,000,894 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.13 09:37:06 | 000,081,799 | ---- | M] () -- C:\Users\user\Documents\blaue tonne.pdf
========== Files Created - No Company Name ==========
[2012.03.13 09:37:06 | 000,081,799 | ---- | C] () -- C:\Users\user\Documents\blaue tonne.pdf
[2012.01.24 13:14:09 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2012.01.24 13:14:09 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.11.03 17:00:21 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.09.20 10:09:04 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Snape50.bin
[2011.09.20 10:09:04 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Snape40.bin
[2011.09.20 10:09:04 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\snape20.bin
========== LOP Check ==========
[2009.08.29 20:47:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Amazon
[2011.06.14 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Artogon
[2011.12.14 15:57:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\casualArts
[2011.02.21 11:40:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular
[2011.06.14 20:12:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ERS Game Studios
[2011.06.27 11:22:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FRITZ!
[2012.03.31 08:10:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\funkitron
[2011.11.03 17:00:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ghost Ship Studios
[2012.03.12 14:34:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HdO Adventure
[2012.03.11 12:35:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MagicIndie
[2012.03.13 16:08:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nevosoft Games
[2009.11.26 21:09:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2009.11.26 21:06:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2011.11.06 16:00:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SecretIslandDeuBF
[2011.12.13 10:10:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Specialbit
[2012.04.11 13:42:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2011.11.06 16:16:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TOMI2.THE GATES OF FATE
[2011.06.12 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TOMI3
[2012.04.11 08:02:27 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:961B84C5
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:0C5BC70E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3A7527E8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:88A44CC1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:BD34FFC5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:A819A132
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:A6D6E537
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:512E1728
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:491270B8
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8075370B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9D06FB9C
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BEB6D0B2
< End of report >
Danke vielmals. |
