T-mobile MMS {SYMBOL}_foto.zip "HIDDENEXT/Worm.Gen" Avira Archiv geöffnet... Hallo Helfer,
der PC wird geschäftlich genutzt (von meiner Frau Mediendesign Einzel -Klein- unternehmen)
natürlich werde ich mich bei Euch per Spende bedanken.
Ich bin nicht der Benutzer an diesem Rechner. Und werde erst am WE wieder davor sitzen.
Die folgende eMail wurde geöffnet und danach endgültig gelöscht.
Da ich nen CatchAll Account für betreffende Domain hab, habe ich 4 von diesen eMail
erhalten (1&1 Webmailer) und noch nicht gelöscht, (unwahrscheinlich)
aber evtl. hat meine Frau eine andere eMail erhalten.
Absendername:
T-mobile
eMail:
online@t-mobile.de
Betreff:
MMS Nachricht
Inhalt:
Handynummer (verschiedene, je Mail)
Anhang:
Part_1.2.html (Inhalt T-mobile Logo + Handynummer)
{SYBOL}_foto.zip (wurde geöffnet)
Diese eMail erhielt meine Frau 2x am 11.02.2013 eine ca. 11:00 die 2. ca. 17:00
OS Win7 Prof 64bit, MailClient Outlook 2010, Virus Avira FreeAV
Bei einer dieser Mails wurde die zip Datei geöffnet, die bekannte Warnmeldung (Windows)
wurde ignoriert. Danach passierte jedoch (scheinbar) nichts. Avira hat nichts
erkannt (an diesem Tag per on Access und Vollständige System Scans ca. am 13.02.
und am 16.02.)
Symptome:
- IMHO hat der PC recht oft Webseiten erst beim 2. Anlauf geöffnet.
- einmal hat er sich beim abmelden aufgehängt schwarzer Bildschirm und lt. Switch
Datenverkehr es waren nur NAS, Fritzbox und dieser PC verbunden.
Leider bin ich unter der Woche nicht zu hause, kann aber evtl. per Fernzugriff auf
den Rechner (ich hab mal in der EDV Branche gearbeitet..)
Die Logs habe ich als anderer Benutzer als meine Frau generiert (als Hauptbenutzer)
,wenn gefordert habe ich das Programm mit Adminrecht gestartet.
1 mal ist gmer abgestürzt, hab es nach Neustart nochmal gestartet (ohne defogger und OTL:confused:)
Hier die obligatorischen Logs:
OTL Code:
OTL logfile created on: 17.02.2013 17:13:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Omm\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,94 Gb Total Physical Memory | 6,73 Gb Available Physical Memory | 84,71% Memory free
15,88 Gb Paging File | 14,65 Gb Available in Paging File | 92,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 62,03 Gb Free Space | 55,49% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 140,35 Gb Free Space | 30,13% Space Free | Partition Type: NTFS
Computer Name: CELSIUS2 | User Name: UserName | Logged in as UserNamenistrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.02.17 17:07:52 | 000,050,477 | ---- | M] () -- D:\Downloads\Defogger.exe
PRC - [2013.02.17 17:07:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Omm\Desktop\OTL.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.09.24 13:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012.08.10 14:20:45 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.17 17:07:52 | 000,050,477 | ---- | M] () -- D:\Downloads\Defogger.exe
MOD - [2006.09.19 08:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
========== Services (SafeList) ==========
SRV:64bit: - [2012.03.09 19:28:36 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.17 17:08:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.06 13:24:29 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.24 13:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 13:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.09.21 20:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.09.21 20:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.09 20:49:54 | 010,497,024 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.03.09 18:51:12 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.07 12:12:06 | 001,581,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.11 11:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.06.06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.25 11:41:48 | 000,022,552 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rstfltr.sys -- (rstfltr)
DRV:64bit: - [2011.03.25 11:41:44 | 000,607,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rstescu1.sys -- (rstescu1)
DRV:64bit: - [2011.03.25 11:41:42 | 000,607,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rstescu.sys -- (rstescu)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.03.27 17:18:58 | 010,550,272 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 13:24:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013.02.06 13:24:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 13:24:29 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Docs = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\UserName\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD33A7C-78D8-4340-B85B-B3B54DA4860B}: NameServer = 192.168.13.200
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.02.13 13:39:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.10 20:27:56 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2013.02.10 20:27:56 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2013.02.10 20:27:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.02.10 20:27:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2013.02.10 20:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2013.02.10 20:18:20 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2013.02.10 20:18:20 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2013.02.10 20:18:20 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2013.02.10 20:18:20 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2013.02.10 20:18:20 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2013.02.10 20:18:20 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2013.02.10 20:18:20 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2013.02.10 20:18:20 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2013.02.10 20:18:20 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2013.02.10 20:18:20 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2013.02.10 20:18:20 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2013.02.10 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER
[2013.02.10 20:18:19 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2013.02.10 16:28:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2013.02.09 12:00:00 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Secunia PSI
[2013.02.06 13:24:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.20 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Adobe
[2013.01.20 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Adobe
[2013.01.20 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Google
[2013.01.19 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\ElevatedDiagnostics
[2013.01.19 18:35:58 | 000,000,000 | ---D | C] -- C:\Users\UserName\Documents\Meine Paletten
[2013.01.19 18:35:58 | 000,000,000 | ---D | C] -- C:\Users\UserName\Documents\Corel
[2013.01.19 18:35:55 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Corel
[2013.01.19 18:08:39 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Avira
[2013.01.19 18:04:52 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Logitech® Webcam-Software
[2013.01.19 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.01.19 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UserNamenistrative Tools
[2013.01.19 18:02:49 | 000,000,000 | R--D | C] -- C:\Users\UserName\Virtual Machines
[2013.01.19 18:02:49 | 000,000,000 | R--D | C] -- C:\Users\UserName\Searches
[2013.01.19 18:02:44 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Roaming\Identities
[2013.01.19 18:02:43 | 000,000,000 | R--D | C] -- C:\Users\UserName\Contacts
[2013.01.19 18:02:42 | 000,000,000 | --SD | C] -- C:\Users\UserName\AppData\Roaming\Microsoft
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Videos
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Saved Games
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Pictures
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Music
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Links
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Favorites
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Downloads
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Documents
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\Desktop
[2013.01.19 18:02:42 | 000,000,000 | R--D | C] -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Vorlagen
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\AppData\Local\Verlauf
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\AppData\Local\Temporary Internet Files
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Startmenü
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\SendTo
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Recent
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Netzwerkumgebung
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Lokale Einstellungen
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Documents\Eigene Videos
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Documents\Eigene Musik
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Eigene Dateien
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Documents\Eigene Bilder
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Druckumgebung
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Cookies
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\AppData\Local\Anwendungsdaten
[2013.01.19 18:02:42 | 000,000,000 | -HSD | C] -- C:\Users\UserName\Anwendungsdaten
[2013.01.19 18:02:42 | 000,000,000 | -H-D | C] -- C:\Users\UserName\AppData
[2013.01.19 18:02:42 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Temp
[2013.01.19 18:02:42 | 000,000,000 | ---D | C] -- C:\Users\UserName\AppData\Local\Microsoft
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.02.17 17:11:32 | 000,000,000 | ---- | M] () -- C:\Users\UserName\defogger_reenable
[2013.02.17 17:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.17 17:07:33 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.17 17:07:33 | 000,655,842 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.17 17:07:33 | 000,616,388 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.17 17:07:33 | 000,130,474 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.17 17:07:33 | 000,106,768 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.17 17:07:30 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.17 17:07:30 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.17 17:02:08 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.17 17:01:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.17 16:47:09 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.13 14:39:07 | 001,324,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.20 10:43:08 | 000,002,258 | ---- | M] () -- C:\Users\UserName\Desktop\Google Chrome.lnk
[2013.01.19 11:57:45 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.02.17 17:11:32 | 000,000,000 | ---- | C] () -- C:\Users\UserName\defogger_reenable
[2013.02.10 20:27:56 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.02.10 20:18:20 | 000,195,584 | RHS- | C] () -- C:\Windows\SysWow64\MatroskaDX.ax
[2013.02.10 20:18:20 | 000,121,344 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.ax
[2013.02.10 20:18:20 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2013.02.10 20:18:20 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2013.02.10 20:18:20 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2013.02.10 20:18:20 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2013.02.10 20:18:20 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2013.02.10 20:18:20 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2013.02.10 20:18:19 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2013.02.10 20:18:19 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2013.02.10 20:18:19 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2013.01.19 18:02:51 | 000,001,408 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.01.19 18:02:50 | 000,002,258 | ---- | C] () -- C:\Users\UserName\Desktop\Google Chrome.lnk
[2013.01.19 18:02:50 | 000,001,442 | ---- | C] () -- C:\Users\UserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.01.19 18:02:49 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013.01.19 11:57:45 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.09.21 20:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.09.21 20:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.09.21 20:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.08.26 14:19:50 | 000,000,000 | ---- | C] () -- C:\Windows\NICSettingTool.INI
[2012.06.12 21:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.09 19:13:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 19:13:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
========== Purity Check ==========
< End of report > GMER Code:
GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-17 20:32:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-VERT rev.2.22 111,79GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\Admi\AppData\Local\Temp\pfryqpoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a01465 2 bytes [A0, 77]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1576] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a014bb 2 bytes [A0, 77]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a01465 2 bytes [A0, 77]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a014bb 2 bytes [A0, 77]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077a01465 2 bytes [A0, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077a014bb 2 bytes [A0, 77]
.text ... * 2
---- Files - GMER 2.1 ----
File C:\Program Files (x86)\Secunia\PSI\SUA\running 0 bytes
---- EOF - GMER 2.1 ---- Code:
OTL Extras logfile created on: 17.02.2013 17:13:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Omm\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,94 Gb Total Physical Memory | 6,73 Gb Available Physical Memory | 84,71% Memory free
15,88 Gb Paging File | 14,65 Gb Available in Paging File | 92,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 62,03 Gb Free Space | 55,49% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 140,35 Gb Free Space | 30,13% Space Free | Partition Type: NTFS
Computer Name: CompName | User Name: Admi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E89DF7-4FC3-466F-923F-55CF1119E8FD}" = rport=139 | protocol=6 | dir=out | app=system |
"{091D8D11-C71A-44D9-AB23-A7C892EE4521}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1420C6BF-D480-42F0-8446-0561DCCA1A8F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{182F75B6-3298-4AAA-A7E3-016C448921B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1868C946-96FB-48D7-928E-6C2214BF671B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2188D26D-3290-4E40-A74A-7775C6C56A3B}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A482A25-C2D0-44FC-9E02-3D17F7F2DA51}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60D64B66-C8A5-4705-BBFC-96F7D14FE93E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64E426C4-8808-495B-BD73-0FEA91AAE7B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{76F14545-7F35-4EDD-8F88-808AD66CB5C0}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DAB09A7-A030-4EA3-89AE-E2FB1C00AA75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{803F2DB1-15DA-4DFE-A4C4-453FE9CFC63E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83BE23F8-58B0-4B61-9B88-D12D930FD3EA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8497B64C-806D-4F5E-83F1-177401F48AF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{86298068-8506-43C0-B643-BEDC4879FD29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98E5DB94-A7AC-4E7B-B25A-24B27C548965}" = lport=137 | protocol=17 | dir=in | app=system |
"{9B548299-B656-459B-B872-ED9DE46DEBA3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9CD4CE07-0C41-48F0-8A34-B8E77B4C1104}" = rport=138 | protocol=17 | dir=out | app=system |
"{9FE39EE6-628E-423B-98FF-0B9B7421CCEC}" = rport=137 | protocol=17 | dir=out | app=system |
"{A7EFDCD8-0729-43E7-921F-AD2791E53F2F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CC881415-43DB-478C-B232-691A57C877D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E53F8970-6914-4CBC-87E6-BF77953E8EF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F211635C-6BF7-4D66-A536-F462B06284B5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08642443-D386-4BC4-AEA2-D908ADEB28C5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{13717A28-3B4F-4D8E-81AC-854A83901D7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B4928C3-7D4C-4179-AA2F-2C50D8E7EF01}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{241987C2-3A5B-4A23-A16B-381B36F56720}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{270C636E-EF77-4362-913C-CBF374E83829}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{55EFFA51-1C0B-451F-91A2-02A8A7F4469F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A18504C3-1736-46F0-838D-71DCE1243610}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FAD8BE26-5144-4B00-A3A1-CD5D3AA7A9B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{23FEB3C1-5AA7-4A43-BA58-76C67C0A5B64}C:\oki\nicsetup\nicsettingtool.exe" = protocol=6 | dir=in | app=c:\oki\nicsetup\nicsettingtool.exe |
"TCP Query User{7B6A5E97-C966-4AED-BCFA-E8423F7C2D57}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe |
"UDP Query User{6EFBAB2A-9358-44A8-A7BC-EA0E1DB3042F}C:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zyxel\nas starter utility\nas starter utility.exe |
"UDP Query User{8E08B520-59A4-4962-AF2C-A3E8CC5FC40F}C:\oki\nicsetup\nicsettingtool.exe" = protocol=17 | dir=in | app=c:\oki\nicsetup\nicsettingtool.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3394D0CA-2E9E-1EF8-D06B-F22EC05866E2}" = AMD AVIVO64 Codecs
"{4852330E-C44C-10B1-A6DC-0378C5B748DF}" = AMD Catalyst Install Manager
"{563CB99D-0545-12B6-DF1D-AF05179EF025}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A0EFF1A6-52F5-5F2B-DCCC-7DBBCB4FAC03}" = AMD Drag and Drop Transcoding
"{A4F9CCCB-5FD0-4E0F-8587-6930142CD762}" = Intel Processor Diagnostic Tool 64Bit
"{BE9F86FE-5639-5287-70B7-B417BA24C90F}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{03D4321D-593F-28FB-C420-36FD1EA58EBC}" = Catalyst Control Center Profiles Desktop
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1748865D-3D0A-08E4-238A-1132696C1263}" = CCC Help Thai
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1B770788-2E01-102B-72D2-DA900FAE4692}" = CCC Help Russian
"{1C37C0A8-F4C7-F7C3-0413-9E47FC5BE053}" = HydraVision
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2E51CE67-9BE2-D6B5-6E9E-E45E890A45AE}" = CCC Help Greek
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3434A2E3-32A2-414D-9D3C-CFAE5845686A}" = CCC Help Danish
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3C2F0EFA-FBA8-5CC5-FD40-55F3358719D7}" = CCC Help French
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41A6D096-4FD7-6C5C-6E54-DEE1B5267985}" = CCC Help Czech
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{471F9128-EEB5-D4AD-8D3D-55E14795097C}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E28A3AA-63A6-46ED-8934-9466FEBC4F09}" = CCC Help Korean
"{5321A0B7-4D4C-C0CF-32D2-C890A1992148}" = CCC Help Dutch
"{56A91A07-803C-E9D7-FA2C-30779D648758}" = CCC Help Hungarian
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5A185831-73F9-E474-5286-143CFE87EB55}" = Catalyst Control Center InstallProxy
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE48541-4F49-4608-520E-C4E39BEAA712}" = CCC Help Portuguese
"{6126E562-21D2-4329-ABF9-E8ED8D391BA3}" = Catalyst Control Center Localization All
"{63731D90-E544-5DFB-57A8-9D3F0E0B6EDE}" = CCC Help Chinese Standard
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EA6C26A-6F56-4BFA-BD2F-340E2FD0EB22}" = Catalyst Control Center Graphics Previews Common
"{81232F64-4A33-6E5C-B94A-4066C62CD8EB}" = CCC Help Italian
"{827EC93F-9173-5649-24CA-78AD1F4D52D1}" = CCC Help Turkish
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A91C9AAB-1DE1-2D61-18CA-B348BE566EA5}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AB64524C-D708-DD51-2766-1E22EA399523}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{C67A9D78-3095-4E1D-9DBC-9B3D83F32772}" = Catalyst Control Center - Branding
"{CF165254-74B0-9ECE-1317-8BE1EDFC1F10}" = Catalyst Control Center
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D44E955A-D43F-FFA2-5C5F-6936038CBB03}" = CCC Help Finnish
"{D484D035-015C-9663-ECC3-0A8481CA8C96}" = CCC Help Norwegian
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DF6EB7A5-1417-FA03-DC54-3097B9558C3A}" = CCC Help Japanese
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBEA3D43-B49C-F613-C3F4-EBD47B18F365}" = CCC Help Chinese Traditional
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F793CDB6-86E1-BC06-CB57-0DE678F56D4E}" = CCC Help German
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FAF72E36-0934-6B4D-473A-74DC2EF97409}" = CCC Help Polish
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Digital Photo Professional" = Canon Utilities Digital Photo Professional 3.11
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAS Starter Utility" = NAS Starter Utility
"Notepad++" = Notepad++
"Secunia PSI" = Secunia PSI (3.0.0.4001)
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.02.2013 13:08:44 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 10.02.2013 06:45:04 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 10.02.2013 11:01:39 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 11.02.2013 06:39:17 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 12.02.2013 06:31:52 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 13.02.2013 06:18:57 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 13.02.2013 09:41:01 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 15.02.2013 04:08:35 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 15.02.2013 12:23:23 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 17.02.2013 06:27:21 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
Error - 17.02.2013 12:03:28 | Computer Name = CompName | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 02.10.2012 14:50:47 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 03.10.2012 07:45:24 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 04.10.2012 09:17:22 | Computer Name = CompName | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error - 08.11.2012 06:17:47 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 09.11.2012 12:48:19 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 17.11.2012 06:21:45 | Computer Name = CompName | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
Error - 17.11.2012 06:22:13 | Computer Name = CompName | Source = Ntfs | ID = 262281
Description = Auf dem Volume "F:" konnte der Transaktionsressourcen-Manager aufgrund
eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
den Daten enthalten.
Error - 17.11.2012 07:47:50 | Computer Name = CompName | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR10
gefunden.
Error - 24.11.2012 07:34:55 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
Error - 26.11.2012 12:41:46 | Computer Name = CompName | Source = DCOM | ID = 10010
Description =
< End of report > Falls gewünsch kann ich 4 dieser eMails und eine 5. mit anderem Inhalt hochladen,
alles T-Mobile + MMS + ZIP (gamarue 1 & 2 & 'TR/Winlock.JX' )
Inzwischen erkennt Avira den 'WORM/Gamarue.EB.1' oder 'WORM/Gamarue.EB.2'
Ich weiß die übernächste Investition ist Avira Prof.,
als erstes werde ich mich bei Euch bedanken (wenn Onlinebanking wieder möglich...). |