![]() |
|
Plagegeister aller Art und deren Bekämpfung: PUM.Bad.Proxy im Zusammenhang mit Update-Problematik diverser Programme?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() ![]() | ![]() PUM.Bad.Proxy im Zusammenhang mit Update-Problematik diverser Programme? Hallo Forum, seit geraumer Zeit funktionierte das Updaten unterschiedlichster Software nicht mehr wie gewohnt. Beispielsweise Antivir ließ sich nicht mehr automatisch aktualisieren, sowie auch einige weitere Programme wie der Acrobat Reader, etc. Um diesem Problem auf die Spur zu kommen, habe ich bereits einiges recherchiert, bis ich auf dieses Forum gestoßen bin. In diesem Zusammenhang habe ich mit Malewarebytes einen Scan durchgeführt, der mir den Fund von PUM.Bad.Proxy aufzeigte. Diesen habe ich bereits mit der Software selbst versucht zu bereinigen. Dies gelang nicht, jedoch funktioniert nun das Update von Antivir wieder wie gewohnt und muss nicht mehr manuell getätigt werden. Nun möchte ich mir gerne helfen lassen, den Schädling wieder richtig loszuwerden und möglichst sicher zu gehen, dass alles wieder in Ordnung ist ![]() Bevor ich mich angemeldet habe, habe ich einiges an Zeit mit diversen Scans verbracht: OTL.txt Code:
ATTFilter OTL logfile created on: 21.09.2011 18:26:40 - Run 2 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,64% Memory free 4,23 Gb Paging File | 2,73 Gb Available in Paging File | 64,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,36 Gb Total Space | 100,12 Gb Free Space | 45,23% Space Free | Partition Type: NTFS Drive D: | 11,52 Gb Total Space | 2,15 Gb Free Space | 18,69% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.) PRC - C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Hp\QuickPlay\Kernel\TV\CLTinyDB.dll () MOD - C:\Programme\Hp\QuickPlay\Kernel\TV\CLCapEngine.dll () MOD - C:\Programme\Hp\QuickPlay\Kernel\TV\CLSchMgr.dll () MOD - C:\Programme\Hp\QuickPlay\Kernel\TV\CLCapSvcps.dll () MOD - C:\Programme\Hp\QuickPlay\Kernel\common\MCEMediaStatus.dll () MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll () MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll () MOD - C:\Programme\7-Zip\7-zip.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (hpqcxs08) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (HPSLPSVC) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.) SRV - (hpqddsvc) -- C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation) DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation) DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation) DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation) DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation) DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation) DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation) DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {e1170235-2845-420c-acc3-42261a29dd46}:4.0.1 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.25 FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.04 20:40:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.02.18 15:51:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.15 13:13:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.21 15:25:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.04 20:40:15 | 000,000,000 | ---D | M] [2008.08.27 19:09:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.07.24 14:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions [2008.10.16 17:45:12 | 000,000,000 | ---D | M] ("Restore Scroll Position") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\{19492deb-bec0-4211-82bc-4383133521d0} [2010.04.29 15:38:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.12 18:26:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.01.24 15:35:31 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46} [2009.08.10 22:54:11 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jb9dal8k.default\extensions\moveplayer@movenetworks.com [2011.04.04 09:52:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JB9DAL8K.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011.09.15 13:13:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.09.21 17:34:48 | 000,438,248 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 15075 more lines... O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F4D76F09-7896-458A-890F-E1F05C46069F} - C:\Programme\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Programme\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &AOL Toolbar-Suche - Reg Error: Value error. File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - Reg Error: Value error. File not found O8 - Extra context menu item: Save YouTube Video - Reg Error: Value error. File not found O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ6.5\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ6.5\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE6BFA98-E137-457E-AE76-C20F4ED7FB5D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC3A04A0-F023-46A4-B61A-61A52850D1EC}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\Pictures\***.jpg O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\***.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\Shell - "" = AutoRun O33 - MountPoints2\{7a70f57f-0c32-11e0-afb3-001e6800b02e}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{7e71569a-d7ea-11dc-b598-001e6800b02e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe KUNST.vbs O33 - MountPoints2\{8982f7fd-40b7-11de-aecd-001e6800b02e}\Shell - "" = AutoRun O33 - MountPoints2\{8982f7fd-40b7-11de-aecd-001e6800b02e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.09.21 11:23:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.09.21 11:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.09.21 11:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.09.21 11:23:15 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.09.21 11:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.09.15 22:48:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Ibiza Urlaub [2011.09.05 04:18:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery [2011.09.05 04:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery [2011.09.05 04:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2011.09.05 04:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2011.09.05 03:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2011.09.04 23:03:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.08.26 19:09:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.08.26 19:03:04 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails [2011.08.26 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\gegl-0.0 [2011.08.26 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.6 [2011.08.26 18:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP [2011.08.26 18:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2009.11.09 17:10:38 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe448E.dll [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.21 17:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.09.21 17:34:48 | 000,438,248 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.09.21 17:24:04 | 000,438,248 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110921-173448.backup [2011.09.21 17:19:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.21 17:19:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.21 16:50:36 | 000,436,293 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110921-172404.backup [2011.09.21 16:50:06 | 000,436,293 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110921-165036.backup [2011.09.21 16:04:35 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2011.09.21 15:37:01 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.09.21 15:37:01 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.09.21 13:43:31 | 000,043,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.21 13:43:31 | 000,015,752 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.21 13:43:31 | 000,007,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.21 13:43:31 | 000,005,348 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.21 12:59:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.09.21 11:23:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.21 09:20:44 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2011.09.21 09:20:26 | 000,027,335 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2011.09.21 09:19:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.21 09:19:24 | 2146,394,112 | -HS- | M] () -- C:\hiberfil.sys [2011.09.19 23:03:40 | 001,595,641 | ---- | M] () -- C:\Users\***\Desktop\***.pdf [2011.09.19 11:28:57 | 000,003,340 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2011.09.06 00:47:56 | 000,259,440 | ---- | M] () -- C:\Users\***\Desktop\***.pdf [2011.09.05 03:47:16 | 000,000,192 | ---- | M] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2011.09.05 03:43:52 | 000,039,424 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.05 03:31:57 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.26 18:54:46 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.08.25 19:29:06 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.21 16:04:35 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2011.09.21 11:23:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.19 23:03:40 | 001,595,641 | ---- | C] () -- C:\Users\***\Desktop\Pädagogik-Klausurfragen0001.pdf [2011.09.19 11:28:57 | 000,003,340 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2011.09.06 00:47:52 | 000,259,440 | ---- | C] () -- C:\Users\***\Desktop\***.pdf [2011.09.05 04:18:49 | 000,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD [2011.08.26 18:54:46 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2011.07.17 14:30:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.06.07 16:56:22 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2010.10.04 20:27:13 | 000,217,388 | ---- | C] () -- C:\Windows\hpoins46.dat [2009.08.18 20:48:59 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.18 20:48:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.18 20:48:00 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.06.11 05:02:28 | 000,000,606 | ---- | C] () -- C:\Windows\hpomdl46.dat [2009.05.19 23:51:46 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2009.04.12 02:54:04 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe [2008.07.14 00:58:42 | 000,007,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.02.17 02:59:30 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat [2008.02.11 23:20:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.02.09 17:10:45 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.02.07 20:49:13 | 000,039,424 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.07 20:38:27 | 000,000,192 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.02.07 20:26:37 | 000,027,335 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.02.07 20:24:53 | 000,027,335 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.01.10 08:05:20 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.01.10 08:00:57 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2007.10.24 17:37:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.10.24 17:37:51 | 000,043,730 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.10.24 17:37:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.24 17:37:51 | 000,015,752 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,379,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:33:01 | 000,007,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,005,348 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2002.08.15 12:26:30 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxazih.exe [2002.08.15 12:26:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxazlcnp.dll [2002.08.15 12:26:21 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE [1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2011.07.16 13:46:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2009.10.08 21:42:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1 [2010.08.12 18:26:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.31 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2011.09.21 11:18:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2008.07.01 20:46:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQLite [2010.08.12 19:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut [2008.12.09 16:13:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QIP [2011.02.18 19:00:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software [2009.09.21 13:17:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp [2008.02.07 20:38:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template [2009.09.21 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent [2011.09.20 23:45:26 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.09.2011 16:16:07 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,33% Memory free 4,23 Gb Paging File | 3,09 Gb Available in Paging File | 73,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,36 Gb Total Space | 99,95 Gb Free Space | 45,15% Space Free | Partition Type: NTFS Drive D: | 11,52 Gb Total Space | 2,15 Gb Free Space | 18,69% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3081651487-471574012-991591674-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04F49504-9DCE-4529-856E-9612B340658A}" = lport=2869 | protocol=6 | dir=in | app=system | "{0E3E44FE-40E3-497C-837B-2837FD1935FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{B2EEA14D-A39B-4479-80AB-C7DDFA9B2183}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01DDC398-FF99-4E2B-8EC3-E93E31628ACD}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | "{06A9CCA1-E0DE-4BDF-87BC-486119C1DED5}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{06E7E775-89E9-410D-8D5D-726D520B31DC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqste08.exe | "{0FFD5ABE-9BB4-4873-8EA3-DE25FAA90BED}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{112E062A-3EA5-4682-84F6-80C2EEB0C801}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe | "{19F2A36C-FA8F-445C-A90E-86CA8F6474C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{292374C8-0CDE-43E3-ADE6-9F0B204028D8}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hposid01.exe | "{2B9C5D94-D273-4DDC-94C9-5A71F8B566EB}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | "{2C3AC89C-1BD9-47E9-AB76-2F58E1129FC0}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpiscnapp.exe | "{472C4E9A-DE99-4C98-85B9-688918600F6D}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | "{4C34D963-3987-4EFD-A067-0B4B3DF66B41}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{4E4DE71B-0E1D-45B0-8441-0C90907314E2}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgh.exe | "{55E9053C-8370-4949-8952-CEA983292920}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{5C1BDBCD-A111-4618-90CA-9FDBEE4144C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{63C70CE5-794E-4710-846F-D12614A55C95}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\smart web printing\smartwebprintexe.exe | "{65076D90-E8CF-45CC-A013-A167D76022E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{66C03272-7BBE-4A0B-87B1-8EA2FBC68BC3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{671D7A7F-93A6-4863-A19B-549864A30771}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{6AFDB053-D245-4B5A-9F24-C1B5649DD665}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\update.exe | "{6C9677C2-690B-49A8-ACF8-ED8DC02F0708}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{77FB49AB-9245-4CF9-BF56-5194BDFD70F8}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | "{82BD6292-3753-4C8C-B85B-84D9D47E3E86}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{86D3A2F2-8B2F-4DD0-808F-AC49F59AB428}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqusgm.exe | "{98DF1619-8B2F-4612-9670-440D03031E4F}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\update.exe | "{A24120C5-178E-4D6E-8369-AA4774DA4DAC}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqcopy2.exe | "{A603A047-F3EC-46D4-99DB-552BA7A394BA}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpfccopy.exe | "{AEDD4483-6983-4A50-960D-FDB9C930B85E}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpoews01.exe | "{B13C0495-61D8-4BA5-9ECF-49285C8AB4E6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{B4D549DA-FBD3-48E9-9221-0672B5FB1772}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | "{C2966E71-9258-4983-A07A-7A984ED28EF4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | "{CBCE38E8-CB1A-485F-9849-AC5286B6245C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{CE12EEFA-D11B-4EFC-80E9-1205721D56D7}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "{D5D27ECD-3096-4E0E-A421-3324A2BC88D0}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgplgtupl.exe | "{D81DCF4F-D3B7-40C9-8186-03D27A64E629}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{D8B450F8-5D11-41BC-9C80-015630442AAF}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | "{DFE8D8AB-2D87-415C-886A-B062EF79CEB0}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqkygrp.exe | "{E81EFE11-0E64-4B6B-84AD-49CA08137DA4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | "{F96EB83C-959F-46B5-A168-3B373018A0BE}" = dir=in | app=c:\program files\hewlett-packard\digital imaging\bin\hpqgpc01.exe | "{FA4568A6-2C12-4209-9CA9-0E5BA99EE8DA}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq7.4\icq.exe | "{FC192219-3B52-4A65-8D92-2F684767F1F7}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | "TCP Query User{F5ACBED1-B52C-45BB-A6D2-B2C25E7E72D1}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{35660676-F707-4B81-8532-B4A0A79ABE9F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{2284D904-C138-4B58-93EC-5C362AB5130A}" = Die Sims™ Lebensgeschichten "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17 "{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista "{3EE2F527-F306-49E9-0086-662C337ADD3B}" = FUSSBALL MANAGER 07 "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087 "{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery "{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4 "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4 "{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 "{8933F004-2CEB-4656-A2E7-E27CE66E082D}" = Fathom 2 "{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91244C78-951F-457C-B7E5-1447A3F79238}_is1" = ANSTOSS 4 Edition 03-04 1.7 "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update "{B7B4C7E0-078F-42D6-90B2-001400795416}" = NWZ-S750 WALKMAN Guide "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{CCC66778-C62B-D147-A3AC-B6E2FAA61715}" = Fragen-Lern-CD 4.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13 "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "7-Zip" = 7-Zip 4.32 "82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AskPBar Uninstall" = Ask Toolbar "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "Cinderella 1.4" = Cinderella 1.4 "Cinderella 2.0" = Cinderella 2.0 "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "CyberGhost VPN_is1" = CyberGhost VPN "de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "ERUNT_is1" = ERUNT 1.1j "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Free Studio_is1" = Free Studio version 4.8 "Free YouTube Download_is1" = Free YouTube Download 2.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3 "Funkyplot_is1" = Funkyplot 1.1.0-pre1 "FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08 "Google Updater" = Google Updater "Handballparty 7m Action 1.0" = Handballparty 7m Action 1.0 "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "NVIDIA Drivers" = NVIDIA Drivers "Pacific Hawk" = Pacific Hawk 1.0 "PDF Editor 2" = PDF Editor 2 "PokerStars" = PokerStars "QIP 2005 8095 Jeak-Edition" = QIP 2005 8095 Jeak-Edition "Recuva" = Recuva "Shop for HP Supplies" = Shop for HP Supplies "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "Update Service" = Sony Ericsson Update Service "VLC media player" = VLC media player 1.0.1 "WildTangent hp Master Uninstall" = My HP Games "WinGimp-2.0_is1" = GIMP 2.6.11 "XMedia Recode" = XMedia Recode 2.2.3.9 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GeoGebra WebStart" = GeoGebra WebStart "QIP Infium" = QIP Infium 2.0.9030 RC4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 21.09.2011 05:24:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.09.2011 05:24:41 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.09.2011 09:22:34 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.09.2011 09:22:44 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.09.2011 09:38:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.09.2011 09:38:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.09.2011 09:39:22 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.09.2011 09:39:32 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.09.2011 09:40:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 21.09.2011 09:40:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ OSession Events ] Error - 25.11.2010 08:26:48 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3454 seconds with 780 seconds of active time. This session ended with a crash. [ System Events ] Error - 20.09.2011 09:27:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Error - 20.09.2011 10:57:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 20.09.2011 10:57:21 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Error - 20.09.2011 15:48:07 | Computer Name = ***-PC | Source = Dhcp | ID = 1001 Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 001E6800B02E zugeteilt werden. Der folgende Fehler ist aufgetreten: %%1168. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen. Error - 20.09.2011 16:02:08 | Computer Name = ***-PC | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.0.100 für die Netzwerkkarte mit der Netzwerkadresse 001E4CA63D35 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 21.09.2011 03:20:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21.09.2011 03:20:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026 Description = Error - 21.09.2011 09:23:45 | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 21.09.2011 09:23:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009 Description = Error - 21.09.2011 09:23:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-09-21 18:14:36 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHY2250BH rev.890B Running: 5qvdojir.exe; Driver: C:\Users\***\AppData\Local\Temp\kgloypow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C00C360, 0x35B0A2, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 7761 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19120 21.09.2011 16:08:59 mbam-log-2011-09-21 (16-08-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Durchsuchte Objekte: 397481 Laufzeit: 2 Stunde(n), 7 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) jonmg |
Themen zu PUM.Bad.Proxy im Zusammenhang mit Update-Problematik diverser Programme? |
32 bit, 7-zip, antivir, audacity, avira, c:\windows\system32\rundll32.exe, converter, cyberghost, desktop, excel, firefox, flash player, grand theft auto, helper, hijack, hijackthis, install.exe, launch, microsoft office word, nvlddmkm.sys, office 2007, plug-in, problem, pum.bad.proxy, registry, registry cleaner, scan, sched.exe, schädling, security, security update, senden, shell32.dll, software, studio, svchost.exe, teamspeak, wscript.exe |