|
Computer hängt ständig - Trojaner? Hey, also wie schon im Titel beschrieben, hängt mein PC ständig. Teilweise erscheint beim Starten/nach der Anmeldung auch nur erst ein komplett schwarzer, dann ein weißer Bildschirm und bis ich dann mal mit dem Computer arbeiten kann, dauerts dementsprechend eine Weile. (kann bis zu einer halben, 3/4 Stunde dauern. Für die heutige Zeit doch ein wenig doof) Meistens hängt er alle 2 Minuten und selbst der Task Manager zeigt dann keine Rückmeldung (Was ziemlich depremierend ist ) Nicht nur im Internet ist er lahm und hängt sondern auch, wenn ich vielleicht mal ein Bild anschauen möchte, eine Datei in den Papierkorb schiebe und, und, und... Nun hab ich mich hier im Forum ein wenig umgesehen und mir auch Malwarebytes runtergeladen und einen vollständigen Scan durch geführt. Welch Wunder, natürlich wurden infizierte Dateien gefunden. Es heißt ja jetzt, dass man auf keinen Fall von anderen Threads Lösungsvorschläge übernehmen soll, deshalb fände ich es wunderbar, wenn mir jemand helfen könnte. Vor allem für die baldige Arbeit bräuchte ich einen PC der (muss auch nicht ganz) einwandfrei funktioniert. Vielen, vielen lieben Dank schon mal im Vorraus! (Falls das Problem behoben wird oder generell jemand sich die Zeit nimmt schicke ich in Gedanken einen Korb voll Muffins oder Alternativ einen Kasten Bier :) ) Hier das Ergebnis von der Anti-Maleware: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.12.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Holly :: HOLLY-PC [Administrator] Schutz: Aktiviert 12.11.2012 18:35:00 mbam-log-2012-11-12 (18-35-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 366418 Laufzeit: 1 Stunde(n), 8 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Holly\AppData\Local\Temp\nsd7C52.tmp\InstallManager.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holly\Downloads\CatLickingScreenCleaner.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holly\Downloads\LickingDogScreen_downloader(1).exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Holly\Downloads\LickingDogScreen_downloader.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und von OTL: OTL logfile created on: 12.11.2012 20:07:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,26% Memory free 6,00 Gb Paging File | 4,38 Gb Available in Paging File | 73,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917,41 Gb Total Space | 859,11 Gb Free Space | 93,64% Space Free | Partition Type: NTFS Drive D: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Holly\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (Realtek11nSU) -- C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe (Realtek) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (Updater Service) -- C:\Programme\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\rtl8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360212sn06973e54z45bh851431s IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE480DE470 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEQrW73a&i=26 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb165?a=6OyEQrW73a&i=26" FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: {336D0C35-8A85-403a-B9D2-65C292C39087}:2.0.0.478 FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEQrW73a&&i=26&search=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.24 19:47:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.24 19:47:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 14:11:26 | 000,000,000 | ---D | M] [2012.02.04 19:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\mozilla\Extensions [2012.10.24 15:24:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions [2012.06.13 18:39:09 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions\ffxtlbr@incredibar.com [2012.10.24 15:24:48 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Holly\AppData\Roaming\mozilla\Firefox\Profiles\cs67qn64.default\extensions\foxyproxy@eric.h.jung [2012.06.13 18:39:03 | 000,002,203 | ---- | M] () -- C:\Users\Holly\AppData\Roaming\mozilla\firefox\profiles\cs67qn64.default\searchplugins\MyStart Search.xml [2012.06.18 14:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.24 19:47:57 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.18 14:11:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Ixquick HTTPS - Deutsch (Enabled) CHR - default_search_provider: search_url = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=chrome&language=deutsch CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: Angry Birds = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Web Assistant = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.478_0\ CHR - Extension: Plants vs Zombies = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: Facebook Notifications = C:\Users\Holly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo\1.27_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll () O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2503033489-3743402571-3487927376-1007..\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{719D0F0D-6238-4220-86B1-A081EFA89FF8}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.12 18:39:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe [2012.11.12 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Malwarebytes [2012.11.12 18:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.12 18:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.12 18:33:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.12 18:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.12 18:33:22 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Holly\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.12 10:37:51 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Apple Computer [2012.11.12 10:37:50 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Apple Computer [2012.11.12 10:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.11.12 10:37:15 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.11.12 10:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.11.12 10:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.11.12 10:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012.11.12 10:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.11.12 10:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012.11.12 10:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012.11.03 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\Avira [2012.11.03 12:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.03 12:52:00 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.03 12:52:00 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.03 12:51:59 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.03 12:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.03 12:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.28 20:29:17 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Local\Daedalic Entertainment [2012.10.28 20:26:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment [2012.10.28 20:26:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daedalic Entertainment [2012.10.28 14:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2012.10.28 13:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2012.10.28 13:52:45 | 019,438,992 | ---- | C] (Tracker Software Products Ltd ) -- C:\Users\Holly\Documents\PDFXVwer.exe [2012.10.28 13:48:57 | 000,373,456 | ---- | C] (Softonic) -- C:\Users\Holly\Documents\SoftonicDownloader_fuer_pdf-xchange-viewer.exe [2012.10.21 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\dvdcss [2009.10.29 07:09:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2012.11.12 20:03:19 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.12 19:49:12 | 000,022,453 | ---- | M] () -- C:\Users\Holly\Desktop\Trojaner.odt [2012.11.12 18:41:25 | 000,050,477 | ---- | M] () -- C:\Users\Holly\Desktop\Defogger.exe [2012.11.12 18:39:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe [2012.11.12 18:33:38 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.11.12 18:33:23 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Holly\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.12 18:13:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 18:13:45 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 18:06:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.12 18:05:48 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 10:37:47 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.10 18:46:23 | 000,010,562 | ---- | M] () -- C:\Users\Holly\Desktop\Mastermöglichkeiten.odt [2012.11.09 19:30:18 | 000,127,237 | ---- | M] () -- C:\Users\Holly\Desktop\Praktikum_2013.pdf [2012.11.07 21:37:58 | 001,527,314 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.07 21:37:58 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.07 21:37:58 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.07 21:37:58 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.07 21:37:58 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.07 12:20:33 | 000,002,387 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.03 12:52:18 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.28 18:05:34 | 000,076,015 | ---- | M] () -- C:\Users\Holly\Documents\397340_453006064738454_624886939_n.jpg [2012.10.28 18:05:29 | 000,074,900 | ---- | M] () -- C:\Users\Holly\Documents\486675_453006088071785_188558932_n.jpg [2012.10.28 18:05:24 | 000,061,459 | ---- | M] () -- C:\Users\Holly\Documents\26630_453013251404402_358415169_n.jpg [2012.10.28 18:05:16 | 000,064,711 | ---- | M] () -- C:\Users\Holly\Documents\525011_453197651385962_1340122972_n.jpg [2012.10.28 18:05:09 | 000,038,592 | ---- | M] () -- C:\Users\Holly\Documents\229797_453197671385960_1444828907_n.jpg [2012.10.28 18:04:18 | 000,123,342 | ---- | M] () -- C:\Users\Holly\Documents\527272_453197751385952_25683797_n.jpg [2012.10.28 13:52:56 | 019,438,992 | ---- | M] (Tracker Software Products Ltd ) -- C:\Users\Holly\Documents\PDFXVwer.exe [2012.10.28 13:48:57 | 000,373,456 | ---- | M] (Softonic) -- C:\Users\Holly\Documents\SoftonicDownloader_fuer_pdf-xchange-viewer.exe ========== Files Created - No Company Name ========== [2012.11.12 20:07:48 | 000,000,110 | -H-- | C] () -- C:\Users\Holly\Desktop\.~lock.Trojaner.odt# [2012.11.12 19:49:10 | 000,022,453 | ---- | C] () -- C:\Users\Holly\Desktop\Trojaner.odt [2012.11.12 18:41:25 | 000,050,477 | ---- | C] () -- C:\Users\Holly\Desktop\Defogger.exe [2012.11.12 18:33:38 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.11.12 10:37:47 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.12 10:36:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.10 18:46:21 | 000,010,562 | ---- | C] () -- C:\Users\Holly\Desktop\Mastermöglichkeiten.odt [2012.11.09 19:30:17 | 000,127,237 | ---- | C] () -- C:\Users\Holly\Desktop\Praktikum_2013.pdf [2012.11.03 12:52:18 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.28 18:05:34 | 000,076,015 | ---- | C] () -- C:\Users\Holly\Documents\397340_453006064738454_624886939_n.jpg [2012.10.28 18:05:29 | 000,074,900 | ---- | C] () -- C:\Users\Holly\Documents\486675_453006088071785_188558932_n.jpg [2012.10.28 18:05:24 | 000,061,459 | ---- | C] () -- C:\Users\Holly\Documents\26630_453013251404402_358415169_n.jpg [2012.10.28 18:05:16 | 000,064,711 | ---- | C] () -- C:\Users\Holly\Documents\525011_453197651385962_1340122972_n.jpg [2012.10.28 18:05:09 | 000,038,592 | ---- | C] () -- C:\Users\Holly\Documents\229797_453197671385960_1444828907_n.jpg [2012.10.28 18:04:18 | 000,123,342 | ---- | C] () -- C:\Users\Holly\Documents\527272_453197751385952_25683797_n.jpg [2012.10.10 12:12:00 | 000,002,088 | ---- | C] () -- C:\Users\Holly\.recently-used.xbel [2012.06.03 17:52:04 | 000,483,328 | ---- | C] () -- C:\Windows\ssndii.exe [2012.05.15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.05.02 17:17:45 | 000,000,093 | ---- | C] () -- C:\Users\Holly\AppData\Local\fusioncache.dat [2012.05.02 17:16:24 | 001,553,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.24 09:34:15 | 000,005,120 | ---- | C] () -- C:\Users\Holly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.21 22:33:56 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.03.08 13:32:01 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Drivers [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Devices [2012.03.08 13:05:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Configurations [2012.03.08 13:05:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.03.08 13:05:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.03.08 13:05:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Overdrive [2012.03.08 13:05:39 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Organic [2012.03.08 13:05:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.03.08 13:05:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\NetServices [2012.03.04 20:36:58 | 000,013,078 | ---- | C] () -- C:\Windows\wininit.ini [2012.02.27 11:42:38 | 000,000,432 | ---- | C] () -- C:\Users\Holly\AppData\Local\HamsterVideoConverterSettings.cfg [2012.02.04 19:47:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2012.02.03 15:48:59 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.01.18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.07 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\3v [2012.07.15 18:31:21 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\A2 Entertainment [2012.03.21 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Alawar [2012.07.16 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\aliasworlds [2012.07.05 11:46:36 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Artifex Mundi [2012.03.21 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Be a King 2 [2012.03.24 13:22:42 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Boolat Games [2012.07.01 16:00:04 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\DailyMagic [2012.02.12 22:40:48 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\eMachines Drivers Update Utility [2012.03.24 23:20:11 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ERS G-Studio [2012.10.01 18:27:45 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Ewycm [2012.04.22 12:39:14 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\FileZilla [2012.10.01 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Fituih [2012.03.23 11:51:19 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\GameInvest [2012.09.26 13:17:11 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\gtk-2.0 [2012.10.04 12:44:53 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Hero [2012.06.19 15:32:52 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ICQ [2012.03.08 13:42:34 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Islands2 [2012.10.01 17:13:06 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Isuk [2012.07.04 21:00:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Lazy Turtle Games [2012.07.12 17:00:30 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Leadertech [2012.02.05 12:14:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\MAGIX [2012.07.01 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Maximize Games [2012.03.08 13:31:45 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Nikon [2012.10.11 10:21:09 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Nokia [2012.02.04 20:08:23 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\OpenOffice.org [2012.02.11 18:39:26 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Opera [2012.10.10 14:47:01 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PC Suite [2012.08.13 09:12:47 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\pdfforge [2012.03.05 11:51:28 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Peace Craft [2012.03.04 23:48:42 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PeaceCraft3 [2012.03.27 10:45:27 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Ph03nixNewMedia [2012.07.03 15:53:03 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\PlayFirst [2012.07.17 16:08:34 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Playrix Entertainment [2012.08.13 09:57:18 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Samsung [2012.02.14 00:44:09 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Sony [2012.03.26 13:37:48 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\SulusGames [2012.09.27 15:14:30 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Systweak [2012.10.04 12:17:49 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Taba [2012.10.04 12:43:08 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Teca [2012.03.25 15:37:22 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Top Evidence [2012.02.09 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ViquaSoft [2012.03.07 11:07:02 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\WendigoStudios [2012.03.28 10:46:11 | 000,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\YoudaGames [2012.08.13 09:56:58 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Samsung ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:AEEC88F6 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E9900C74 @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:ABE89FFE @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:AE289451 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:D453E38B @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:C9BC8592 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3EC5BC08 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:393F7B1E @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D2397415 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:A6B07419 @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2B9555D8 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CAF8DAC8 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C9B27A06 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:4B244549 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:474022C7 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:444C53BA @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:04ADB7A6 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:03D08225 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:751D6870 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F3591DDB @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:D4558A0B @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:30E0D641 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:47A24D4B @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E5F8E280 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:DCA79AB3 @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:27F44544 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3C0887BF @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:73B78E79 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:AC0528D9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7E4E56EA @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:0B9176C0 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0E22C5DB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:FECEF728 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3B07E6F4 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5BA9ADD @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:99C301D0 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35629AE6 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:063969F8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:15752405 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:3766E957 < End of report > OTL Extras OTL Extras logfile created on: 12.11.2012 20:07:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Holly\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,26% Memory free 6,00 Gb Paging File | 4,38 Gb Available in Paging File | 73,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 917,41 Gb Total Space | 859,11 Gb Free Space | 93,64% Space Free | Partition Type: NTFS Drive D: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HOLLY-PC | User Name: Holly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B3DBFDA-0444-44C9-8B9D-868BD1248003}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0BD6999D-B982-49F7-9D40-D523356D4977}" = lport=137 | protocol=17 | dir=in | app=system | "{0FDE3E21-5A5D-4664-B55E-C02E3245490B}" = rport=139 | protocol=6 | dir=out | app=system | "{11997C98-C340-48B6-9A3B-95FC6778084E}" = rport=138 | protocol=17 | dir=out | app=system | "{11CC0787-B9E1-4723-9AF0-870F3BEA6588}" = lport=2869 | protocol=6 | dir=in | app=system | "{177C2D56-F32F-46E4-BFF9-5F50113D5198}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2443997D-39EB-4C0D-AE90-4F7DF9F7990E}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{2EB8885B-0410-4355-9BC0-2BF8DEAA62FB}" = rport=137 | protocol=17 | dir=out | app=system | "{4B46EB79-12FE-4F2A-91D8-3B149994835A}" = rport=445 | protocol=6 | dir=out | app=system | "{4BB960F0-6B01-45B1-A716-BEE68BAD3438}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4CFE1AD3-67F3-45E7-81DD-1CA4C1CA4936}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52A9CB31-C4A4-4CC9-8DD4-B3DE236C4019}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{63581111-8B58-4C9A-BA59-F86DBB601E23}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{657BCB93-69B9-48C0-B9A9-42A49ADD4415}" = lport=139 | protocol=6 | dir=in | app=system | "{679119ED-D2D2-4FB2-B3F1-A31476781673}" = lport=10243 | protocol=6 | dir=in | app=system | "{6D12D772-BD53-4045-8E48-E39570D14F04}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E12649F-5607-477D-8747-6621D0405200}" = lport=2869 | protocol=6 | dir=in | app=system | "{71569EF8-594D-4020-95F3-D064090741EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7EAD29FA-CA7F-431B-B50B-A6B516C9433A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{87497B38-C438-4249-B179-97C59AB69FBC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8DD2D3EA-778A-426E-A9E8-9A22A5CF372C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8FDDB1D6-461C-46B0-8C34-B2699F7ADBB0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{915E6490-678A-4ACD-89F3-C13A4BCD39D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{946E212C-1B4F-4B8C-AE76-D411DD593AF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{949872DA-F687-4181-ACE6-3F81E01C224D}" = rport=10243 | protocol=6 | dir=out | app=system | "{A1DEB659-B539-406B-AE65-6CD230FD88D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A9D4CC51-793C-49BE-AE5B-20AF3A56D9C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AF0F5924-2F10-4C4A-9320-EA17901AD405}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C476D948-34AE-4DCE-B7D2-AC20F3CA0C87}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CD6CB58C-96A4-42DE-BBEA-FE54F8BFED52}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | "{D334148B-FBCD-47A5-ACF8-D8979234F260}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D9327A3D-1C46-4BE8-90F6-F8782ED364E8}" = lport=138 | protocol=17 | dir=in | app=system | "{DF27A6DB-4ADB-4DBB-95CE-81E68F5E1D5A}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{F3551E64-4756-4AC5-A0E0-7D014B345E90}" = lport=445 | protocol=6 | dir=in | app=system | "{FA621F5F-0A65-4034-889D-C060C4FCCA09}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FD5FDB4C-F692-4085-B645-275F800FF387}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{036F2CA4-2152-4989-BBED-E6A71149B7B3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{05D5DC64-8D43-4037-8C92-5125BC52FE43}" = protocol=17 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe | "{087BD802-3F91-492E-8AAF-8B4104C34E2E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{095BB923-7F87-450D-A34E-5D8D61D4970F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{0D0F5963-11CD-4F70-832D-077A9C989F0C}" = protocol=6 | dir=in | app=c:\program files (x86)\sitecom\300n x2 usb wireless lan utility\rtwlan.exe | "{0DC585B8-1B3C-4C42-AC9C-462C1EA125E0}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{0F2B777B-EA02-462B-A84D-7BA6A26B944B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{14DACBCA-B089-487B-9833-A7FAF10BF737}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{174D1878-96A8-4938-B4BB-225B4F3878E4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1BD3F9CD-C4A6-4F82-9DAF-631810AC0834}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{1BFD5554-F7C7-47B4-BEDA-6F8ABCA01449}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{1CB598E7-6FD9-4E5E-8051-648E2AF46AB7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{1F673594-66FE-4D29-9142-9627423CD599}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe | "{26FF9933-6442-41AA-AC5A-39FC5D2AD34E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{2848522C-EB25-40A3-9084-9450D35D08BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{28D25042-1B5C-4B90-8B71-D6490ABFAB11}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{29114D44-D833-47FF-B2F4-9B8202A38D92}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{29F29B48-8BED-44FF-BB34-8C77117AA009}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2AAD3FE4-2835-4C08-9D90-ABDEC137CFDA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{2E17A58E-6B54-45C5-9149-D9FA845D4FCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{30EDE398-7FEE-4660-979F-ED93BE7CDF11}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{32988AB2-3B18-4BC8-B964-332DC0A9D059}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{33D9063D-F11C-4AFF-8903-A50206398254}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{395F3F72-E463-4398-A9F3-5AFABB30831D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{3CC14A62-1A19-479D-A397-2B458E941397}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5CE9000E-7793-47C5-AB09-C2D3515D9D1D}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe | "{603B2745-FD5A-41BE-8E76-2B9A8232CD01}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6746F7A3-D622-4931-AD1E-DB4C7A512751}" = protocol=6 | dir=out | app=system | "{68FB0663-63FF-4007-8B5A-5E2129C0C2A6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{6CAC2253-50EF-4F88-A91A-8EEB2EAEAAB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{708E6793-9FD2-4047-8F2C-376403C04918}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\sony ericsson media manager\mediamanager.exe | "{71CC7D71-0D9C-4701-8E89-A1E6DD74C1E6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{75257F08-58F6-4F48-AE15-22ADB9462D5F}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{756CA6A3-ABD0-4B0E-86AB-D6EFC0E89987}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{7B76BC88-4840-4F4F-A933-5FB63C0C4C7A}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe | "{8A999F48-5462-48EF-B625-A81F58DD4B52}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{8B0B8143-50E1-42F6-B5D8-513524538DF8}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{9194BEC6-7FFA-4B29-9846-8F6DC81D43D4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9276E005-8DDD-4FA4-A9BC-E2CB992BB644}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{93C9662B-BC7E-491C-AE1E-1520F91E9440}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9B7B881F-23B7-4699-96F1-4AE7380520DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9BD60B84-9CF7-4184-8587-C4D2D7FBB8C3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9CFE09D1-832A-4293-AEC6-358B718BDD87}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{9F020372-1CED-4EB7-806D-E4F2BB2677CB}" = protocol=17 | dir=in | app=c:\users\holly\appdata\local\temp\ins17b6\setup\bin\maininst.exe | "{A52AA55E-5675-47CE-95AF-BDC92A2BBC18}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{B462FCE4-2F06-47F6-BF91-75A5734D6B3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B62A4A38-5743-4675-9D92-32E1FA32EA06}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{BD9BC4C4-25A9-4C30-AAFB-B0F287A04DA6}" = protocol=6 | dir=in | app=c:\users\holly\appdata\local\temp\ins17b6\setup\bin\maininst.exe | "{C708378F-FA00-4EC6-B295-788FCC2703E1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{CC61D8B8-2F46-47C6-A5ED-65DB53FF7B64}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{CCB23B3A-19F6-48E3-808E-0454A8E88364}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{D0631B2B-46D9-4297-9A05-08CED0BC26BD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D83DD9DB-C701-4F2D-A68E-806851534F97}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{D969251B-133B-4993-A64F-B46C8446C1F8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D9D525DA-261F-4361-9D2E-9BF65D7D45A8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D9E4FB79-F32E-4E9F-A820-8B8FBD4A90D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DA235B6D-0F78-4645-9AEB-88E9A2370345}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DA5F27CC-67DB-446B-A719-A668484CF461}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{DD8A503F-3380-4520-861D-433A4A2643C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E116897C-CFBE-4629-A251-1EDE56FA825D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E290888F-989C-497B-9EE7-73B982226B12}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{F3F96D9F-ED9F-4F6C-B086-DFB5C86CE811}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe | "{F42B01A9-ACE3-4793-8388-5294BE17ED36}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "TCP Query User{6B0A90A5-347F-4C09-80E7-05BB4E8775F5}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | "UDP Query User{37C07ED4-7D4B-4201-8E8B-C41303997472}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.478 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A7096369-9332-466C-8357-08770CDCE277}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) "CCleaner" = CCleaner "lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "WinGimp-2.0_is1" = GIMP 2.6.8 "WNLT" = Web Optimizer [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{092D4427-C1D9-43C0-B1BB-C8BCFE67D5C0}" = Windows Tweaker 4.0 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1" = eMachines GameZone Console "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Hilfe "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CC4C262-FE40-433D-A8B4-CC3EE18032CE}_is1" = Fallen City version 1.0 "{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007 "{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007 "{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007 "{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Sitecom 300N X2 USB Wireless LAN Driver and Utility "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6 "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{f2a1968e-87eb-4bb6-b579-27de6f2b8e4f}" = Nero 9 Essentials "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "BFGC" = Big Fish Games: Game Manager "eMachines Drivers Update Utility_is1" = eMachines Drivers Update Utility "eMachines Registration" = eMachines Registration "eMachines Screensaver" = eMachines ScreenSaver "eMachines Welcome Center" = Welcome Center "FileZilla Client" = FileZilla Client 3.5.3 "Google Chrome" = Google Chrome "Harvey" = Harveys Neue Augen Demo "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch "Opera 12.10.1652" = Opera 12.10 "Samsung ML-2950 Series" = Samsung ML-2950 Series "Samsung Printer Live Update" = Samsung Printer Live Update "VLC media player" = VLC media player 2.0.1 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2503033489-3743402571-3487927376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "RadarSync PC Updater 2011" = RadarSync PC Updater 2011 (driver updates & patches) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.10.2012 12:47:59 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.10.2012 12:47:59 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 23.10.2012 12:47:59 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 24.10.2012 10:24:42 | Computer Name = Holly-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 11.0.0.4454, Zeitstempel: 0x4f5ecbd4 Name des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5066df1c Ausnahmecode: 0xc0000005 Fehleroffset: 0x6dd08ce3 ID des fehlerhaften Prozesses: 0xb2c Startzeit der fehlerhaften Anwendung: 0x01cdb1e999e58e78 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_4_402_287.dll Berichtskennung: 8c8b6964-1de6-11e2-9e0d-002511659ce9 Error - 25.10.2012 06:27:51 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 25.10.2012 06:28:56 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 25.10.2012 06:29:20 | Computer Name = Holly-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 28.07.2012 14:30:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Media Player-Netzwerkfreigabedienst erreicht. Error - 28.07.2012 14:30:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 28.07.2012 14:32:42 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error - 28.07.2012 14:32:42 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 28.07.2012 19:23:30 | Computer Name = Holly-PC | Source = DCOM | ID = 10010 Description = Error - 30.07.2012 19:01:33 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FontCache3.0.0.0 erreicht. Error - 31.07.2012 03:12:34 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error - 02.08.2012 05:25:45 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NVIDIA Update Service Daemon erreicht. Error - 02.08.2012 05:26:48 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 02.08.2012 05:33:26 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. < End of report > |
Hallo und :hallo: Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Hast du noch weitere Logs mit Funden? Das bezieht sich nicht nur auf Malwarebytes. Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten |
Hallo und jetzt schon mal Danke für die Zeit, die du dir nimmst :) Hier ist das Ergebnis von Avira Antivirus Programm: Exportierte Ereignisse: 12.11.2012 20:03 [System-Scanner] Malware gefunden Die Datei 'C:\Users\Holly\AppData\Roaming\Microsoft\Windows\unicode2.nls' enthielt einen Virus oder unerwünschtes Programm 'TR/Symmi.1984.9' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5930d60b.qua' verschoben! 12.11.2012 19:43 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Holly\AppData\Roaming\Microsoft\Windows\unicode2.nls' wurde ein Virus oder unerwünschtes Programm 'TR/Symmi.1984.9' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 12.11.2012 18:56 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Holly\AppData\Roaming\Microsoft\Windows\unicode2.nls' wurde ein Virus oder unerwünschtes Programm 'TR/Symmi.1984.9' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern 12.11.2012 18:56 [Echtzeit-Scanner] Malware gefunden In der Datei 'C:\Users\Holly\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\654c6f6f-2a4bf 2fe' wurde ein Virus oder unerwünschtes Programm 'TR/Dldr.Karagany.I.382' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Von ESET Online Scan: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=a085d21375523c449f4be6ed920a6c11 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-15 12:23:31 # local_time=2012-11-15 01:23:31 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 1035115 1035115 0 0 # compatibility_mode=5893 16776573 100 94 129723 104604881 0 0 # compatibility_mode=8192 67108863 100 0 3699 3699 0 0 # scanned=172109 # found=2 # cleaned=2 # scan_time=7180 C:\Users\Holly\AppData\Local\Temp\nso8DEF.tmp\incoctrl.exe Win32/InstallMonetizer.AD Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Users\Holly\Documents\SoftonicDownloader_fuer_pdf-xchange-viewer.exe Variante von Win32/SoftonicDownloader.E Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C Und von Emsisoft Anti Malware: Emsisoft Anti-Malware - Version 7.0 Letztes Update: 15.11.2012 11:40:46 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, E:\ Riskware-Erkennung: Aus Archiv Scan: An ADS Scan: An Dateitypen-Filter: Aus Erweitertes Caching: An Direkter Festplattenzugriff: Aus Scan Beginn: 15.11.2012 12:41:01 C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5930d60b.qua -> (Quarantine-8) gefunden: Gen:Variant.Symmi.3088 (B) C:\ProgramData\Avira\AntiVir Desktop\INFECTED\5c6a59fc.qua -> (Quarantine-8) gefunden: Gen:Variant.Zusy.19455 (B) Gescannt 477897 Gefunden 2 Scan Ende: 15.11.2012 14:37:56 Scan Zeit: 1:56:55 |
1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png |
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-18 21:52:27 ----------------------------- 21:52:27.670 OS Version: Windows x64 6.1.7601 Service Pack 1 21:52:27.670 Number of processors: 2 586 0x170A 21:52:27.670 ComputerName: HOLLY-PC UserName: Holly 21:52:30.447 Initialize success 21:52:44.565 AVAST engine defs: 12111801 21:53:03.833 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b 21:53:03.833 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3 21:53:03.880 Disk 0 MBR read successfully 21:53:03.880 Disk 0 MBR scan 21:53:03.880 Disk 0 unknown MBR code 21:53:03.895 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048 21:53:03.926 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 29362176 21:53:03.958 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 939431 MB offset 29566976 21:53:04.004 Disk 0 scanning C:\Windows\system32\drivers 21:53:19.699 Service scanning 21:53:38.669 Modules scanning 21:53:38.669 Disk 0 trace - called modules: 21:53:38.700 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 21:53:39.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80034d4610] 21:53:39.215 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8003260c20] 21:53:39.230 5 ACPI.sys[fffff88000d837a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8003013060] 21:53:41.118 AVAST engine scan C:\Windows 21:53:44.503 AVAST engine scan C:\Windows\system32 21:56:26.323 AVAST engine scan C:\Windows\system32\drivers 21:56:37.726 AVAST engine scan C:\Users\Holly 22:02:07.498 AVAST engine scan C:\ProgramData 22:03:22.786 Scan finished successfully 22:42:48.071 Disk 0 MBR has been saved successfully to "C:\Users\Holly\Desktop\MBR.dat" 22:42:48.081 The log file has been saved successfully to "C:\Users\Holly\Desktop\aswMBR.txt" |
Ich hoffe es hat funktioniert mit dem "zippen";) |
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
|
Adw Cleaner Report |
Die Logs bitte NICHT anhängen!! Sie müssen nur dann in den Anhang (als eine ZIP-Datei mit allen Logdateien), wenn sie zu groß sind um direkt gepostet zu werden! Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher, übersichtlicher und man spart sich ne Menge Rumklickerei! Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das Log |
Die Logs vom TDSSKILLER und Adw Cleaner Report sind zu groß bzw. haben zuviele Zeichen um sie direkt zu posten. D.h. ich soll die beiden Logs zusammen in EINE ZIP - Datei anhängen? |
Das vom adwCleaner war aber nicht zu groß Und wenn du schon gezippte Logs in den Anhang packst, dann nicht für jedes Log eine separate ZIP-Datei, sondern ALLE Logs in eine gemeinsame ZIP |
Es hieß der adW Cleaner Log wäre zu groß gewesen. Ist es jetzt so richtig? :/ (Ich bin nicht so bewandert in diesen Sachen, sorry) Code: # AdwCleaner v2.008 - Datei am 18/11/2012 um 23:34:26 erstellt |
Entpackt belegt das Log aber vom adwCleaner nur 12 kB und das ist etwa nur ein Zehntel von dem was erlaubt ist Das Log vom TDSS-Killer hast du doch außerdem schon oben angehangen wieso muss das nochmal als ZIP-Datei in den Anhang, welchen Sinn & Zweck erfüllt das? Es hätte gereicht, wenn du einfach das Log von adwCleaner richtig gepostet hättest. Ich korrigier mal. adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
|
Ich übergehe jetzt einfach die letzte Antwort und poste einfach still und leise den nächsten Log vom ADW Cleaner Code: # AdwCleaner v2.008 - Datei am 20/11/2012 um 13:35:55 erstelltCode: OTL logfile created on: 20.11.2012 14:23:28 - Run 2Code: OTL Extras logfile created on: 20.11.2012 14:23:28 - Run 2 |
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 03:08 Uhr. |
Copyright ©2000-2025, Trojaner-Board
