Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Cannot load Hotkey.sys (https://www.trojaner-board.de/129320-cannot-load-hotkey-sys.html)

Jana05 10.01.2013 22:33

Cannot load Hotkey.sys
 
Also..Seit einigen Tagen, immer dann, wenn ich meinen Laptop hochfahre kommt ein Kästchen auf dem Desktop. Darin steht : "Cannot load hotkey.sys".
Ich habe mich im Internet darüber informiert und da ich nicht so der wirklich große Computerkenner bin, kam ich damit auch nicht wirklich zurecht.
Ich bin auf diesen Beitrag gestoßen, der auf Ihre Seite verwießen hatte.
hxxp://www.gutefrage.net/frage/was-soll-das--computer--wbutton--virus-

Wäre echt nett, wenn Sie mir helfen könnten mein Problem zu lösen.

cosinus 11.01.2013 23:36

Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Jana05 16.01.2013 19:19

Sorry aber ich bin echt kein Internet-/Computerfreak und komm leider damit gar nicht klar :/
wäre echt cool, wenn du mir das in "deutsch" schreiben kannst :b

cosinus 17.01.2013 12:59

Also wenn du dir nicht mal ein bisschen Mühe gibts wird das hier nix :nixda:
Ich werd hier nicht noch mal auf aufpfriemeln ohne zu wissen was genau du denn verstehst :balla:

Jana05 11.02.2013 22:37

OTL EXTRAS Logfile:
Code:

OTL Extras logfile created on: 06.02.2013 14:39:55 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\**** ********\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 51,18% Memory free
5,73 Gb Paging File | 3,94 Gb Available in Paging File | 68,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 182,57 Gb Free Space | 68,38% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 0,00 Gb Free Space | 0,01% Space Free | Partition Type: NTFS
 
Computer Name: ************-PC | User Name: **** ******** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027D3F6C-E49D-4088-9071-0BB309A79061}" = rport=137 | protocol=17 | dir=out | app=system |
"{0E7E4C81-E83A-4FE1-8319-E857D8F6DAE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1F061552-E502-4C36-B799-C4A090658DC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{224F74EC-FC56-4FBD-BA79-8FEF40B0910B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{264C54CA-0FDA-40ED-BBF4-42C8F10507CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{27E3172A-A29F-4C2D-94A3-41F683CF44EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35957087-E35E-4B2C-B3C1-936673B56FEB}" = lport=138 | protocol=17 | dir=in | app=system |
"{391E77FF-BEF3-493A-9F73-5C52E88B276B}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C60C8C1-3C98-4D9D-8365-676489D818BF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4F90BF44-10BA-4DB9-968E-8A855FC38525}" = rport=10243 | protocol=6 | dir=out | app=system |
"{582D0181-2AC3-44A6-966C-52ADDEE0B40F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5E06D180-07B6-4E7C-B5E8-A6D26C8817E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{699CA981-3474-41E5-AA59-7A395C6B867D}" = lport=139 | protocol=6 | dir=in | app=system |
"{6CFD1558-599A-4810-A2E0-8D9A9CE2AFEC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{70EF70A3-A3BD-4694-B1C4-2F8CA90CA807}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72C83512-9466-45D6-AC73-E0DC7E55A3B0}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7501265C-8641-4AA4-ADCD-5507980F4361}" = lport=137 | protocol=17 | dir=in | app=system |
"{7541BE6F-9EFC-45B8-9279-75E89DA29763}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B83B50A-4570-4A07-8BC4-41C965396A38}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7DA5C524-18CC-4583-B16A-10A5E0894CE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{83820D57-7DF6-4EDB-BE17-CE88EBAEA30D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85473A52-195D-4BB4-BA19-14B8CB81FB7E}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=%systemroot%\system32\svchost.exe |
"{855B245C-AEF7-4231-AB1C-55A7C6B43C52}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85AB9EB3-C2EC-42FB-A2BD-A0282A12B8B5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86E0D6F8-B485-46D2-9356-D65FF1B221D8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{89760FFD-F715-4E96-B7F5-BE52BAD3E492}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8CFB1EE6-2DFB-4CDC-AD4D-CC2E27878FB4}" = lport=445 | protocol=6 | dir=in | app=system |
"{95674B53-ED75-48EA-A83F-F2D9C0E02C05}" = rport=445 | protocol=6 | dir=out | app=system |
"{9CFD83A9-0869-482C-ADA3-F9B20961C81A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{A0DAAFDE-CF98-4BAA-B8C4-4FF4919BCC3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABCEA858-EE45-4F00-BE3A-7BD583DB1F0E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C01A5DF2-DD0F-4DA3-AEF5-73D04446DC20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB66E2B7-4B63-4F45-904C-6526FC2006E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CDFD6C36-BE94-4847-9C1F-F0387A528D65}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D6BC8F0C-3180-4118-A77C-EECE34610A28}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE6B818E-7389-4927-BA3D-2F8BEA3C0CC6}" = rport=139 | protocol=6 | dir=out | app=system |
"{F0D830D3-66EB-4D8E-A757-CB1F81459437}" = lport=10243 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FBDB4C-5778-4341-87B5-29E1807D8B4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0340A6BA-E3A1-4705-87AE-A9DEA2E67148}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{05D4EE4D-6036-4DAB-8E89-5282EFB6D221}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{0F8698B5-97D7-4B83-A47B-A0D22B0FE402}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{189F905E-50B2-4640-A11F-4A13F0567C13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{200B78DC-6B4A-41AA-AE8F-D8907B5F6A9F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2663094D-2056-49BE-BA16-3A25ED27E8DE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{275F836F-3BD0-4C51-B546-C68EA9B6214F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3686EEB9-60E3-4AA6-AAC6-5268F435B2EC}" = protocol=6 | dir=out | app=system |
"{398D0089-A0A1-4DD0-A043-9423EF5009C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3E32449D-AC0E-47EE-B966-85F54142A1AE}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{42829917-B4F1-4522-9755-36D8326D99DA}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{4C901F7D-E47A-4C2B-81DC-08F7473FB959}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{4F688035-A648-46F5-BB61-ACD0D271C609}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{537720AB-4BCE-4D65-BE6B-325B1437FE53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{55090793-BDE4-46DC-AD23-C0891BC5D951}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5EC1D8B9-04A4-4D40-8B70-2A68A37890A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65E67F9D-F871-47A1-997A-2E69B1918A26}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{6AD55E3C-4D5B-4F16-8558-87B48B9E5ABB}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{782BB232-F8BA-455B-BCE4-C92165EF0718}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{7A5C38EE-E885-4D5C-9570-A689D82E93CA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CA600C9-3A90-47A6-9A15-E913C9847E6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8382F56D-7574-4DF6-A228-4E6C5044775E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{88F0FB6C-A185-48E2-8A31-9E41C8DE5F7B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8D905905-95AC-4FFF-BE34-D8FA3DBD59F3}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{9387D2BB-9CE8-4420-A712-5983E894E9C7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{96347048-9C0D-4C39-9A61-56801CFEF3B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{96865124-114A-43AC-B747-9EEFB56A838A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9EEEEB5-773A-4EB9-981B-1C17CD7A73E6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ABA111D8-D46E-4DE6-A6C0-9FFDA7715C72}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{B1396055-5135-48AB-AB5C-6DF3EDE56B41}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2304A3B-E83C-4920-B4AD-F050B72ADE9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3F3120D-580D-412A-B2B8-ABC1FA649AD1}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{B5C489B3-2DEC-4A44-9B7E-CB052C8251FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA275CB2-41B0-4A9B-83FB-E2E81EA9E75D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D2541733-C0A3-4E22-A632-A2A806D036BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D97E2562-4B3A-473C-A36D-48CBB4BA30B1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DF262481-82C4-4593-AFFC-7E37CA89675D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6BD42F5-74E9-4369-B920-21D1C6FEB0E0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F45F1169-5779-4A60-8FF6-07DBB77DFEE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{176E541D-96C6-4365-8642-0DE8E2AC3619}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{C29A7373-4019-433B-ACAC-7FCD8E5A0D42}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{BD420BEE-77D8-45A5-9D44-4236B0D57159}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{CB6C67F8-BC38-44C7-9ED9-261D53A85F93}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.485
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Picasa 3" = Picasa 3
"Searchqu Toolbar" = Searchqu Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Updater Service" = Updater Service
"WinLiveSuite" = Windows Live Essentials
"WNLT" = Web Optimizer
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Little Shop - World Traveler Deluxe" = Little Shop - World Traveler Deluxe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.03.2012 15:54:18 | Computer Name = ************-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 06.03.2012 19:30:46 | Computer Name = ************-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.03.2012 19:30:46 | Computer Name = ************-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1030
 
Error - 06.03.2012 19:30:46 | Computer Name = ************-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1030
 
Error - 06.03.2012 19:30:47 | Computer Name = ************-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.03.2012 19:30:47 | Computer Name = ************-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2028
 
Error - 06.03.2012 19:30:47 | Computer Name = ************-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error - 06.03.2012 19:30:48 | Computer Name = ************-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.03.2012 19:30:48 | Computer Name = ************-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3027
 
Error - 06.03.2012 19:30:48 | Computer Name = ************-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3027
 
[ Media Center Events ]
Error - 12.11.2011 17:56:41 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 22:56:41 - Fehler beim Herstellen der Internetverbindung.  22:56:41
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 12.11.2011 17:56:51 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 22:56:46 - Fehler beim Herstellen der Internetverbindung.  22:56:46
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.12.2011 20:15:26 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 01:15:26 - Fehler beim Herstellen der Internetverbindung.  01:15:26
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.12.2011 20:15:36 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 01:15:32 - Fehler beim Herstellen der Internetverbindung.  01:15:32
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.12.2011 21:18:25 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 02:18:25 - Fehler beim Herstellen der Internetverbindung.  02:18:25
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.12.2011 21:18:31 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 02:18:30 - Fehler beim Herstellen der Internetverbindung.  02:18:30
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.12.2011 22:18:35 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 03:18:35 - Fehler beim Herstellen der Internetverbindung.  03:18:35
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.12.2011 22:18:41 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 03:18:40 - Fehler beim Herstellen der Internetverbindung.  03:18:40
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.12.2011 23:18:49 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 04:18:48 - Fehler beim Herstellen der Internetverbindung.  04:18:48
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 25.12.2011 23:18:58 | Computer Name = ************-PC | Source = MCUpdate | ID = 0
Description = 04:18:54 - Fehler beim Herstellen der Internetverbindung.  04:18:54
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ Spybot - Search and Destroy Events ]
Error - 23.12.2012 20:33:04 | Computer Name = ************-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 05.02.2013 17:59:54 | Computer Name = ************-PC | Source = DCOM | ID = 10016
Description =
 
Error - 05.02.2013 18:01:55 | Computer Name = ************-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Intel(R) Rapid Storage Technology" ist von folgendem Dienst
 abhängig: winmgmt. Dieser Dienst ist eventuell nicht installiert.
 
Error - 05.02.2013 18:01:57 | Computer Name = ************-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig:
winmgmt. Dieser Dienst ist eventuell nicht installiert.
 
Error - 06.02.2013 09:16:25 | Computer Name = ************-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IP-Hilfsdienst" ist von folgendem Dienst abhängig: winmgmt.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 06.02.2013 09:16:31 | Computer Name = ************-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Gemeinsame Nutzung der Internetverbindung" ist von folgendem
 Dienst abhängig: winmgmt. Dieser Dienst ist eventuell nicht installiert.
 
Error - 06.02.2013 09:16:41 | Computer Name = ***********-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig:
winmgmt. Dieser Dienst ist eventuell nicht installiert.
 
Error - 06.02.2013 09:16:42 | Computer Name = ***********-PC | Source = DCOM | ID = 10016
Description =
 
Error - 06.02.2013 09:16:42 | Computer Name = ***********-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1075
 
Error - 06.02.2013 09:18:44 | Computer Name = ***********-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Intel(R) Rapid Storage Technology" ist von folgendem Dienst
 abhängig: winmgmt. Dieser Dienst ist eventuell nicht installiert.
 
Error - 06.02.2013 09:18:46 | Computer Name = ***********-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Sicherheitscenter" ist von folgendem Dienst abhängig:
winmgmt. Dieser Dienst ist eventuell nicht installiert.
 
 
< End of report >

--- --- ---


OTL Logfile:
Code:

OTL logfile created on: 06.02.2013 14:39:55 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\**** ********\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,87 Gb Total Physical Memory | 1,47 Gb Available Physical Memory | 51,18% Memory free
5,73 Gb Paging File | 3,94 Gb Available in Paging File | 68,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 266,99 Gb Total Space | 182,57 Gb Free Space | 68,38% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 0,00 Gb Free Space | 0,01% Space Free | Partition Type: NTFS
 
Computer Name: ************-PC | User Name: **** ********| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\**** ********\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\ProgramData\IBUpdaterService\ibsvc.exe ()
PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Windows\System32\dmwu.exe ()
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.)
PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\**** ********\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Programme\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
MOD - c:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (IBUpdaterService) -- C:\ProgramData\IBUpdaterService\ibsvc.exe ()
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Web Assistant Updater) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (WebOptimizer) -- C:\Windows\System32\dmwu.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (qzusabih) -- C:\Windows\system32\drivers\qzusabih.sys File not found
DRV - (pjovymfw) -- C:\Windows\system32\drivers\pjovymfw.sys File not found
DRV - (L1C) -- system32\DRIVERS\L1C62x86.sys File not found
DRV - (clwvd) -- system32\DRIVERS\clwvd.sys File not found
DRV - (chnspggn) -- C:\Windows\system32\drivers\chnspggn.sys File not found
DRV - (bzfruhjg) -- C:\Windows\system32\drivers\bzfruhjg.sys File not found
DRV - (bgfxbhsc) -- C:\Windows\system32\drivers\bgfxbhsc.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                          )
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN179&keywords={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QUESTSCAN179&keywords={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Claro Search
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN [binary data]
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Claro Search
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=0113_1&babsrc=SP_clro&mntrId=bea871220000000000001c4bd6e4b1bc
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{0EEDFA32-D76C-4DCD-9DC0-4B246CEC8BAF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{301786F0-E23C-45F0-9A32-233D3FA06A4B}: "URL" = hxxp://search.softonic.com/MON00016/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}: "URL" = hxxp://www.questscan.com/?prt=QstscanPB&keywords={searchTerms}
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=342&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6PQKCgehko&i=26
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\SearchScopes\{DDFD6BFE-15B7-42A4-93CA-D4960B2C6EDA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\Jana Herrmann\Desktop\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files\ClickPotatoLite\bin\10.0.701.0\firefox\extensions [2011.07.20 00:06:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.24 14:28:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.01.06 20:51:22 | 000,000,000 | ---D | M]
 
[2012.05.09 22:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Jana Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Jana Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jana Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Jana Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Jana Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Google Mail = C:\Users\Jana Herrmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2570544766-1661257119-737222368-1000\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [YouCam Service] "C:\Program Files\CyberLink\YouCam\YouCamService.exe" /s File not found
O4 - HKU\S-1-5-21-2570544766-1661257119-737222368-1000..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-2570544766-1661257119-737222368-1000..\Run: [Facebook Update] "C:\Users\Jana Herrmann\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-2570544766-1661257119-737222368-1000..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2570544766-1661257119-737222368-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.09 22:19:08 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.01.09 22:18:44 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.01.09 22:18:44 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.01.09 22:18:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 22:18:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 22:18:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 22:18:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 22:18:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 22:18:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 22:18:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 22:18:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 22:18:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 22:18:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 22:18:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 22:18:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 22:18:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 22:18:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 22:18:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 22:18:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 22:18:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 22:18:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 22:18:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 22:18:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 22:18:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 22:18:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 22:18:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 22:18:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 22:18:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 22:18:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 22:18:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 22:18:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 22:18:08 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.01.09 22:18:08 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.01.09 22:18:08 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.01.09 22:18:08 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.01.09 22:18:08 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.01.09 22:18:08 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.01.09 22:18:08 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.01.09 22:18:08 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.01.09 22:18:08 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.01.09 22:18:08 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.01.09 22:18:07 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.01.09 22:18:07 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.01.09 22:18:06 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.01.09 22:18:06 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.01.09 22:18:06 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.01.09 22:18:06 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.01.09 22:17:48 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.01.09 22:17:47 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.01.07 20:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.06 14:29:09 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.06 14:28:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.06 14:23:47 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 14:23:47 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.06 14:16:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.06 14:16:07 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.05 22:58:20 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2570544766-1661257119-737222368-1000UA.job
[2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013.01.16 18:31:24 | 000,002,205 | ---- | M] () -- C:\Users\Jana Herrmann\Desktop\Google Chrome.lnk
[2013.01.10 22:03:02 | 000,379,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.10 14:49:06 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 14:49:06 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 14:49:06 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 14:49:06 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.07 20:32:44 | 000,002,205 | ---- | C] () -- C:\Users\’ **** ********\Desktop\Google Chrome.lnk
[2012.12.22 12:01:43 | 000,002,964 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.22 12:01:37 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.08 15:30:28 | 000,918,768 | ---- | C] () -- C:\Users\**** ********\IMAG0012.jpg
[2012.11.08 15:28:18 | 000,913,400 | ---- | C] () -- C:\Users\**** ********\IMAG0011.jpg
[2012.11.08 15:24:18 | 000,271,982 | ---- | C] () -- C:\Users\Jana Herrmann\loveyou_08272011222313.jpg
[2012.11.07 21:16:27 | 000,274,381 | ---- | C] () -- C:\Users\**** ********\PicMonkey Collage.jpg
[2012.09.24 14:28:53 | 000,362,104 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.09.24 14:28:53 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2011.09.15 22:36:12 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.08.19 15:05:36 | 000,000,000 | ---- | C] () -- C:\Users\Jana Herrmann\AppData\Roaming\chrtmp
[2011.06.16 16:47:47 | 000,000,017 | ---- | C] () -- C:\Users\Jana Herrmann\AppData\Local\resmon.resmoncfg
[2011.06.16 15:49:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.12 12:34:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.23 16:29:02 | 000,031,094 | -HS- | C] () -- C:\Users\Jana Herrmann\Folder.jpg
[2011.03.23 16:29:02 | 000,031,094 | -HS- | C] () -- C:\Users\Jana Herrmann\AlbumArt_{CA5F93F5-E176-4785-AEF7-6A5E447336D7}_Large.jpg
[2011.03.23 16:29:02 | 000,007,087 | -HS- | C] () -- C:\Users\Jana Herrmann\AlbumArtSmall.jpg
[2011.03.23 16:29:02 | 000,007,087 | -HS- | C] () -- C:\Users\Jana Herrmann\AlbumArt_{CA5F93F5-E176-4785-AEF7-6A5E447336D7}_Small.jpg
[2011.02.11 18:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011.02.11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.01.22 20:01:18 | 000,004,608 | ---- | C] () -- C:\Users\Jana Herrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.27 17:37:30 | 000,000,034 | -H-- | C] () -- C:\Users\Jana Herrmann\.picasa.ini
[2010.06.24 18:36:19 | 000,005,362 | ---- | C] () -- C:\Users\Jana Herrmann\AppData\Roaming\wklnhst.dat
[2010.06.17 17:16:53 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.06.17 09:48:47 | 000,033,134 | ---- | C] () -- C:\Users\Jana Herrmann\AppData\Roaming\UserTile.png
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.06.17 07:37:48 | 000,000,000 | -HSD | M] -- C:\Users\Jana Herrmann\AppData\Roaming\.#
[2013.01.06 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\Babylon
[2012.12.24 01:11:49 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\DVDVideoSoft
[2011.10.04 14:19:50 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\EPSON
[2013.01.10 15:08:41 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\ICQ
[2011.09.05 20:51:13 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\ooVoo Details
[2012.07.26 00:08:49 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\OpenCandy
[2013.01.06 20:52:36 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\PerformerSoft
[2012.04.25 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\PhotoScape
[2012.05.09 22:45:49 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\Systweak
[2010.06.24 18:36:44 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\Template
[2010.06.17 15:06:31 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\Windows Live Writer
[2010.10.18 23:44:07 | 000,000,000 | ---D | M] -- C:\Users\Jana Herrmann\AppData\Roaming\Zylom
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

cosinus 12.02.2013 00:02

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).


Jana05 16.02.2013 12:46

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-16 12:24:37
-----------------------------
12:24:37.667 OS Version: Windows 6.1.7601 Service Pack 1
12:24:37.667 Number of processors: 4 586 0x2502
12:24:37.670 ComputerName: ************-PC UserName: **** ********
12:25:11.625 Initialize success
12:28:40.182 AVAST engine defs: 13021600
12:28:55.608 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:28:55.611 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
12:28:55.615 Disk 0 MBR read successfully
12:28:55.619 Disk 0 MBR scan
12:28:55.626 Disk 0 unknown MBR code
12:28:55.633 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
12:28:55.707 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 273397 MB offset 206848
12:28:55.777 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 560123904
12:28:55.835 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 623038464
12:28:55.877 Disk 0 scanning sectors +625139712
12:28:55.959 Disk 0 scanning C:\Windows\system32\drivers
12:29:16.438 Service scanning
12:29:40.313 Service MpKsl3372463d c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1EADC59-0C32-4855-BE5B-9DBDC6D3CA96}\MpKsl3372463d.sys **LOCKED** 32
12:30:08.129 Modules scanning
12:30:40.959 Disk 0 trace - called modules:
12:30:40.972 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
12:30:40.973 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8815e7c8]
12:30:40.973 3 CLASSPNP.SYS[8b79059e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861ec028]
12:30:42.285 AVAST engine scan C:\Windows
12:30:45.719 AVAST engine scan C:\Windows\system32
12:35:39.898 AVAST engine scan C:\Windows\system32\drivers
12:36:03.012 AVAST engine scan C:\Users\**** ********
12:40:38.851 Disk 0 MBR has been saved successfully to "C:\Users\**** ********\Desktop\MBR.dat"
12:40:38.870 The log file has been saved successfully to "C:\Users\**** ********\Desktop\aswMBR.txt"

cosinus 16.02.2013 18:31

Was ist mit GMER?
Und die Logs bitte immer in CODE-Tags posten

Jana05 17.02.2013 15:29

GMER hat nicht funktioniert. Habe es dann nochmal versucht, es ist dann aber wieder abgestürtzt.

und was sind CODE- Tags ? Sorry aber das versteh ich nicht :D

cosinus 19.02.2013 17:22

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Jana05 04.03.2013 21:35

Code:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-04 20:30:58
-----------------------------
20:30:58.914    OS Version: Windows 6.1.7601 Service Pack 1
20:30:58.914    Number of processors: 4 586 0x2502
20:30:58.915    ComputerName: JANAHERRMANN-PC  UserName: Jana Herrmann
20:31:02.599    Initialize success
20:40:26.428    AVAST engine defs: 13021600
20:40:28.296    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:40:28.303    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
20:40:28.323    Disk 0 MBR read successfully
20:40:28.329    Disk 0 MBR scan
20:40:28.342    Disk 0 unknown MBR code
20:40:28.357    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:40:28.498    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      273397 MB offset 206848
20:40:28.568    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 560123904
20:40:28.648    Disk 0 Partition 4 00    12  Compaq diag NTFS        1026 MB offset 623038464
20:40:28.722    Disk 0 scanning sectors +625139712
20:40:28.852    Disk 0 scanning C:\Windows\system32\drivers
20:40:48.771    Service scanning
20:41:13.173    Service MpKsl69b47915 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54388C72-BD68-4699-A67B-9C68816B8F77}\MpKsl69b47915.sys **LOCKED** 32
20:41:41.525    Modules scanning
20:41:48.835    Disk 0 trace - called modules:
20:41:48.850    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:41:48.851    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8815a030]
20:41:48.851    3 CLASSPNP.SYS[8b78959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861e8028]
20:41:50.007    AVAST engine scan C:\Windows
20:41:53.808    AVAST engine scan C:\Windows\system32
20:48:37.441    AVAST engine scan C:\Windows\system32\drivers
20:49:13.055    AVAST engine scan C:\Users\Jana Herrmann
21:09:46.021    AVAST engine scan C:\ProgramData
21:12:23.780    Scan finished successfully
21:29:10.369    Disk 0 MBR has been saved successfully to "C:\Users\Jana Herrmann\Desktop\MBR.dat"
21:29:10.403    The log file has been saved successfully to "C:\Users\Jana Herrmann\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-04 20:30:58
-----------------------------
20:30:58.914    OS Version: Windows 6.1.7601 Service Pack 1
20:30:58.914    Number of processors: 4 586 0x2502
20:30:58.915    ComputerName: JANAHERRMANN-PC  UserName: Jana Herrmann
20:31:02.599    Initialize success
20:40:26.428    AVAST engine defs: 13021600
20:40:28.296    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:40:28.303    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
20:40:28.323    Disk 0 MBR read successfully
20:40:28.329    Disk 0 MBR scan
20:40:28.342    Disk 0 unknown MBR code
20:40:28.357    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:40:28.498    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      273397 MB offset 206848
20:40:28.568    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 560123904
20:40:28.648    Disk 0 Partition 4 00    12  Compaq diag NTFS        1026 MB offset 623038464
20:40:28.722    Disk 0 scanning sectors +625139712
20:40:28.852    Disk 0 scanning C:\Windows\system32\drivers
20:40:48.771    Service scanning
20:41:13.173    Service MpKsl69b47915 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54388C72-BD68-4699-A67B-9C68816B8F77}\MpKsl69b47915.sys **LOCKED** 32
20:41:41.525    Modules scanning
20:41:48.835    Disk 0 trace - called modules:
20:41:48.850    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
20:41:48.851    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8815a030]
20:41:48.851    3 CLASSPNP.SYS[8b78959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861e8028]
20:41:50.007    AVAST engine scan C:\Windows
20:41:53.808    AVAST engine scan C:\Windows\system32
20:48:37.441    AVAST engine scan C:\Windows\system32\drivers
20:49:13.055    AVAST engine scan C:\Users\Jana Herrmann
21:09:46.021    AVAST engine scan C:\ProgramData
21:12:23.780    Scan finished successfully
21:29:10.369    Disk 0 MBR has been saved successfully to "C:\Users\Jana Herrmann\Desktop\MBR.dat"
21:29:10.403    The log file has been saved successfully to "C:\Users\Jana Herrmann\Desktop\aswMBR.txt"
21:29:37.567    Disk 0 MBR has been saved successfully to "C:\Users\Jana Herrmann\Desktop\MBR.dat"
21:29:37.574    The log file has been saved successfully to "C:\Users\Jana Herrmann\Desktop\aswMBR.txt"


cosinus 05.03.2013 10:29

Warum machst du nur die Hälfte, was ist mit dem anderen Log?

Jana05 19.03.2013 18:19

Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 17:54:05
-----------------------------
17:54:05.572    OS Version: Windows 6.1.7601 Service Pack 1
17:54:05.572    Number of processors: 4 586 0x2502
17:54:05.573    ComputerName: JANAHERRMANN-PC  UserName: Jana Herrmann
17:54:06.625    Initialize success
17:57:23.573    AVAST engine defs: 13031900
17:57:28.979    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:57:28.985    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
17:57:29.095    Disk 0 MBR read successfully
17:57:29.101    Disk 0 MBR scan
17:57:29.232    Disk 0 Windows 7 default MBR code
17:57:29.252    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:57:29.393    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      273397 MB offset 206848
17:57:29.463    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 560123904
17:57:29.532    Disk 0 Partition 4 00    12  Compaq diag NTFS        1026 MB offset 623038464
17:57:29.601    Disk 0 scanning sectors +625139712
17:57:29.789    Disk 0 scanning C:\Windows\system32\drivers
17:57:53.110    Service scanning
17:58:15.948    Service MpKslfa66478d c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{932343B0-680D-4258-8DA6-8E41B95E09F5}\MpKslfa66478d.sys **LOCKED** 32
17:58:41.860    Modules scanning
17:58:48.843    Disk 0 trace - called modules:
17:58:48.868    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
17:58:48.874    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8815aac8]
17:58:48.881    3 CLASSPNP.SYS[8b5aa59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861ec028]
17:58:49.814    AVAST engine scan C:\Windows
17:58:53.359    AVAST engine scan C:\Windows\system32
18:03:18.247    AVAST engine scan C:\Windows\system32\drivers
18:03:41.238    AVAST engine scan C:\Users\Jana Herrmann
18:15:26.740    AVAST engine scan C:\ProgramData
18:17:18.161    Scan finished successfully
18:17:47.018    Disk 0 MBR has been saved successfully to "C:\Users\Jana Herrmann\Desktop\MBR.dat"
18:17:47.098    The log file has been saved successfully to "C:\Users\Jana Herrmann\Desktop\aswMBR.txt"


cosinus 20.03.2013 11:16

Bitte nochmal GMER probieren, anschließend MBAR - es wäre außerdem von Vorteil wenn du etwas schneller reagieren könntest und nicht pro Antwort tw. drei Wochen benötigst :)

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Jana05 09.09.2013 14:57

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-01 18:03:30
-----------------------------
18:03:30.046 OS Version: Windows 6.1.7601 Service Pack 1
18:03:30.046 Number of processors: 4 586 0x2502
18:03:30.047 ComputerName: JANAHERRMANN-PC UserName: Jana Herrmann
18:03:35.966 Initialize success
18:07:32.265 AVAST engine defs: 13050100
18:08:30.349 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:08:30.351 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
18:08:30.655 Disk 0 MBR read successfully
18:08:30.660 Disk 0 MBR scan
18:08:30.666 Disk 0 Windows 7 default MBR code
18:08:30.679 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:08:30.753 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 273397 MB offset 206848
18:08:30.835 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 560123904
18:08:30.925 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 623038464
18:08:30.988 Disk 0 scanning sectors +625139712
18:08:31.527 Disk 0 scanning C:\Windows\system32\drivers
18:09:33.224 Service scanning
18:11:31.248 Service MpKsl531ad9f2 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C9DFF40-B91D-4DD3-AA7A-D85C255D9D36}\MpKsl531ad9f2.sys **LOCKED** 32
18:13:03.415 Modules scanning
18:14:04.609 Disk 0 trace - called modules:
18:14:04.618
18:14:27.619 AVAST engine scan C:\Windows
18:14:46.787 AVAST engine scan C:\Windows\system32
18:22:33.314 AVAST engine scan C:\Windows\system32\drivers
18:22:58.194 AVAST engine scan C:\Users\Jana Herrmann
18:23:37.933 Disk 0 MBR has been saved successfully to "C:\Users\Jana Herrmann\Desktop\MBR.dat"
18:23:37.942 The log file has been saved successfully to "C:\Users\Jana Herrmann\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-09 16:27:31
-----------------------------
16:27:31.960 OS Version: Windows 6.1.7601 Service Pack 1
16:27:31.960 Number of processors: 4 586 0x2502
16:27:31.963 ComputerName: JANAHERRMANN-PC UserName: Jana Herrmann
16:27:32.939 Initialize success
16:29:10.436 AVAST engine defs: 13090900
16:30:21.962 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:30:21.964 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
16:30:22.097 Disk 0 MBR read successfully
16:30:22.102 Disk 0 MBR scan
16:30:22.113 Disk 0 Windows 7 default MBR code
16:30:22.142 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:30:22.228 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 273397 MB offset 206848
16:30:22.298 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 560123904
16:30:22.367 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 623038464
16:30:22.415 Disk 0 scanning sectors +625139712
16:30:22.608 Disk 0 scanning C:\Windows\system32\drivers
16:30:45.269 Service scanning
16:31:09.476 Service MpKsl0a749891 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C56F6AD-C253-4585-BFF4-82BA34A4EB9F}\MpKsl0a749891.sys **LOCKED** 32
16:31:37.958 Modules scanning
16:31:45.369 Disk 0 trace - called modules:
16:31:45.392 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:31:45.399 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8815b590]
16:31:45.404 3 CLASSPNP.SYS[8b7b659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861e8028]
16:31:46.282 AVAST engine scan C:\Windows
16:31:50.249 AVAST engine scan C:\Windows\system32
16:37:23.747 AVAST engine scan C:\Windows\system32\drivers
16:37:50.222 AVAST engine scan C:\Users\Jana Herrmann
16:39:42.699 Disk 0 MBR has been saved successfully to "C:\Users\Jana Herrmann\Desktop\MBR.dat"
16:39:42.857 The log file has been saved successfully to "C:\Users\Jana Herrmann\Desktop\aswMBR.txt"

Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-01 18:03:30
-----------------------------
18:03:30.046    OS Version: Windows 6.1.7601 Service Pack 1
18:03:30.046    Number of processors: 4 586 0x2502
18:03:30.047    ComputerName: JANAHERRMANN-PC  UserName: Jana Herrmann
18:03:35.966    Initialize success
18:07:32.265    AVAST engine defs: 13050100
18:08:30.349    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:08:30.351    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
18:08:30.655    Disk 0 MBR read successfully
18:08:30.660    Disk 0 MBR scan
18:08:30.666    Disk 0 Windows 7 default MBR code
18:08:30.679    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:08:30.753    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      273397 MB offset 206848
18:08:30.835    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 560123904
18:08:30.925    Disk 0 Partition 4 00    12  Compaq diag NTFS        1026 MB offset 623038464
18:08:30.988    Disk 0 scanning sectors +625139712
18:08:31.527    Disk 0 scanning C:\Windows\system32\drivers
18:09:33.224    Service scanning
18:11:31.248    Service MpKsl531ad9f2 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C9DFF40-B91D-4DD3-AA7A-D85C255D9D36}\MpKsl531ad9f2.sys **LOCKED** 32
18:13:03.415    Modules scanning
18:14:04.609    Disk 0 trace - called modules:
18:14:04.618   
18:14:27.619    AVAST engine scan C:\Windows
18:14:46.787    AVAST engine scan C:\Windows\system32
18:22:33.314    AVAST engine scan C:\Windows\system32\drivers
18:22:58.194    AVAST engine scan C:\Users\Jana Herrmann
18:23:37.933    Disk 0 MBR has been saved successfully to "C:\Users\Jana Herrmann\Desktop\MBR.dat"
18:23:37.942    The log file has been saved successfully to "C:\Users\Jana Herrmann\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-09 16:27:31
-----------------------------
16:27:31.960    OS Version: Windows 6.1.7601 Service Pack 1
16:27:31.960    Number of processors: 4 586 0x2502
16:27:31.963    ComputerName: JANAHERRMANN-PC  UserName: Jana Herrmann
16:27:32.939    Initialize success
16:29:10.436    AVAST engine defs: 13090900
16:30:21.962    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:30:21.964    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
16:30:22.097    Disk 0 MBR read successfully
16:30:22.102    Disk 0 MBR scan
16:30:22.113    Disk 0 Windows 7 default MBR code
16:30:22.142    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:30:22.228    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      273397 MB offset 206848
16:30:22.298    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        30720 MB offset 560123904
16:30:22.367    Disk 0 Partition 4 00    12  Compaq diag NTFS        1026 MB offset 623038464
16:30:22.415    Disk 0 scanning sectors +625139712
16:30:22.608    Disk 0 scanning C:\Windows\system32\drivers
16:30:45.269    Service scanning
16:31:09.476    Service MpKsl0a749891 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C56F6AD-C253-4585-BFF4-82BA34A4EB9F}\MpKsl0a749891.sys **LOCKED** 32
16:31:37.958    Modules scanning
16:31:45.369    Disk 0 trace - called modules:
16:31:45.392    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
16:31:45.399    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8815b590]
16:31:45.404    3 CLASSPNP.SYS[8b7b659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861e8028]
16:31:46.282    AVAST engine scan C:\Windows
16:31:50.249    AVAST engine scan C:\Windows\system32
16:37:23.747    AVAST engine scan C:\Windows\system32\drivers
16:37:50.222    AVAST engine scan C:\Users\Jana Herrmann
16:39:42.699    Disk 0 MBR has been saved successfully to "C:\Users\Jana Herrmann\Desktop\MBR.dat"
16:39:42.857    The log file has been saved successfully to "C:\Users\Jana Herrmann\Desktop\aswMBR.txt"



Alle Zeitangaben in WEZ +1. Es ist jetzt 19:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132