|
Log-Analyse und Auswertung: TR/Yakes.nys (3 Funde)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.02.2012, 09:42 | #1 |
| TR/Yakes.nys (3 Funde) Hallo zusammen, gestern beim Start meines Laptops hat Avira Alarm geschlagen und 3 Dateien in Quarantäne verschoben. Beim Scan wurden die folgenden Funde aufgelistet: 1) Ist das trojanische Pferd TR/Yakes.nys 2) Enthält Erkennungsmuster des Exploits EXP/CVE2011-3544 3) nochmals: ist das trojanische Pfer TR/Yakes.nys (jedoch in einer anderen Quelle) Wie habe ich weiter vorzugehen? Die Logfiles habe ich erstellt, jedoch finde ich gerade nicht die Möglichkei wo ich sie hochladen kann. Vielen Dank für die Hilfe im Voraus, Madeleine Geändert von Madi (10.02.2012 um 10:05 Uhr) |
10.02.2012, 10:01 | #2 | ||||
/// Helfer-Team | TR/Yakes.nys (3 Funde) Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Ich habe zwei Vorschläge: : 1. Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 2. Zitat:
Auch nach Systemwiederherstellung können noch (Viren) Probleme auftreten. Daher ich würde noch eine gründliche Systemreinigung und Systemupdate vorschlagen. Also führe die folgenden Schritte in der angegebenen Reihenfolge aus: 3. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
4. Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
5. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
10.02.2012, 14:38 | #3 |
| TR/Yakes.nys (3 Funde) Hallo,
__________________vielen Dank für die Antwort. Also die Systemwiederherstellung konnte ich nicht ausführen, habe es 2x versucht, jedoch erfolglos. Habe dann die letzte als funktionierend bekannten Konfiguration gemacht. Nummer 3) der komplett Scan: Es wurde nichts gefunden. Hier der Bericht: ******* Malwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.02.10.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Madeleine :: MADI85 [Administrator] 10.02.2012 11:00:20 mbam-log-2012-02-10 (11-00-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 274446 Laufzeit: 2 Stunde(n), 35 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 4) Systemscan mit OTL: Konnte es nicht auf Desktop speichern und der scan bleibt jedes mal hängen. Werde es später nochmals versuchen, hoffentlich erfolgreich. 5) Installierte Programme: Acer Crystal Eye webcam Liteon 14.03.2011 3,32MB 1.0.5.2 Acer ePower Management Acer Incorporated 14.03.2011 5.00.3009 Acer eRecovery Management Acer Incorporated 10.01.2011 4.05.3013 Acer GameZone Console Oberon Media, Inc. 10.01.2011 31,0MB 6.1.0.9 Acer Registration Acer Incorporated 13.03.2011 1.03.3003 Acer ScreenSaver Acer Incorporated 13.03.2011 1.1.1122.2010 Acer Updater Acer Incorporated 10.01.2011 1.02.3001 Acer VCM Acer Incorporated 10.01.2011 4.05.3004 Acrobat.com Adobe Systems Incorporated 10.01.2011 1,61MB 1.6.65 Adobe AIR Adobe Systems Inc. 10.01.2011 1.5.0.7220 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 13.03.2011 6,00MB 10.1.102.64 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.11.2011 6,00MB 11.1.102.55 Adobe Reader 9.4.6 MUI Adobe Systems Incorporated 11.10.2011 691MB 9.4.6 Airport Mania First Flight Oberon Media 13.03.2011 Amazonia Oberon Media 13.03.2011 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 10.01.2011 1.0.0.35 Avira AntiVir Personal - Free Antivirus Avira GmbH 08.02.2012 74,3MB 10.2.0.706 Bing Bar Microsoft Corporation 14.03.2011 6.0.2282.0 Cake Mania Oberon Media 13.03.2011 CCleaner Piriform 09.02.2012 3.15 Dream Day First Home Oberon Media 13.03.2011 eBay Worldwide OEM 14.07.2011 100,00KB 2.1.0901 ENE USB Card Reader Driver ENE 13.03.2011 5.89.0.70 eSobi v2 esobi Inc. 10.01.2011 20,4MB 2.0.4.000274 Farm Frenzy 2 Oberon Media 13.03.2011 Galapago Oberon Media 13.03.2011 Heroes of Hellas Oberon Media 13.03.2011 ICQ Toolbar ICQ 16.07.2011 3.0.0 ICQ7.5 ICQ 16.07.2011 7.5 Identity Card Acer Incorporated 13.03.2011 1.00.3003 Intel(R) Graphics Media Accelerator Driver Intel Corporation 13.03.2011 54,3MB 8.14.10.2117 Intel(R) Rapid Storage Technology Intel Corporation 11.01.2011 9.6.4.1002 Java(TM) 6 Update 30 Oracle 04.10.2011 97,1MB 6.0.300 Launch Manager Acer Inc. 13.03.2011 4.0.14 Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 09.02.2012 17,3MB 1.60.1.1000 McAfee SiteAdvisor McAfee, Inc. 06.02.2012 3.4.193 Merriam Websters Spell Jam Oberon Media 13.03.2011 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 28.10.2011 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 28.10.2011 2,94MB 4.0.30319 Microsoft Office 2010 Microsoft Corporation 14.03.2011 6,31MB 14.0.4763.1000 Microsoft Office Klick-und-Los 2010 Microsoft Corporation 23.07.2011 14.0.4763.1000 Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 23.07.2011 14.0.4763.1000 Microsoft PowerPoint Viewer Microsoft Corporation 08.02.2012 196,0MB 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 11.10.2011 60,3MB 4.0.60831.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 14.03.2011 1,72MB 3.1.0000 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.01.2011 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.10.2011 0,22MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 27.09.2011 0,59MB 9.0.30729.6161 Mozilla Firefox 9.0.1 (x86 de) Mozilla 15.01.2012 36,4MB 9.0.1 MyWinLocker Suite Egis Technology Inc. 10.01.2011 2,20MB 3.1.212.0 Norton Online Backup Symantec Corporation 10.01.2011 4,97MB 2.1.17869 OpenOffice.org 3.3 OpenOffice.org 04.10.2011 413MB 3.3.9567 Panda Cloud Antivirus Panda Security 09.02.2012 1.5.1 Panda Security Toolbar Visicom Media Inc. 08.02.2012 2.0.0.17 Panda Security URL Filtering Panda Security 08.02.2012 2.0.0.10 Poker Pop Oberon Media 13.03.2011 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 10.01.2011 6.0.1.6246 Skype™ 4.1 Skype Technologies S.A. 14.07.2011 25,0MB 4.1.179 Spin & Win Oberon Media 13.03.2011 Synaptics Pointing Device Driver Synaptics Incorporated 14.03.2011 15.0.7.0 Toolbar Cleaner 1.0 Visicom Media Inc. 08.02.2012 WEB.DE Internet Explorer Addon 1&1 Mail & Media GmbH 21.06.2011 1.0.1.0 WEB.DE Softwareaktualisierung 1&1 Mail & Media GmbH 23.06.2011 2.0.1.5 WEB.DE Toolbar für Internet Explorer 1&1 Mail & Media GmbH 10.11.2011 1.6.7.0 Welcome Center Acer Incorporated 13.03.2011 1.02.3007 Windows Live Anmelde-Assistent Microsoft Corporation 14.03.2011 1,94MB 5.000.818.5 Windows Live Essentials Microsoft Corporation 14.03.2011 14.0.8117.0416 Windows Live Sync Microsoft Corporation 14.03.2011 2,79MB 14.0.8117.416 Windows Live-Uploadtool Microsoft Corporation 14.03.2011 0,22MB 14.0.8014.1029 Danke schön, Madeleine |
11.02.2012, 02:12 | #4 |
| TR/Yakes.nys (3 Funde) Systemcheck mit OTL (Extras.txt) OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.02.2012 14:16:19 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Madeleine\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 200,10 Mb Available Physical Memory | 19,75% Memory free 1,99 Gb Paging File | 0,75 Gb Available in Paging File | 37,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 172,75 Gb Free Space | 80,06% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,11% Space Free | Partition Type: FAT32 Drive E: | 7,47 Gb Total Space | 0,83 Gb Free Space | 11,16% Space Free | Partition Type: FAT32 Computer Name: MADI85 | User Name: Madeleine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CC4BBCBA-89F6-47C3-9B0F-5CE5BB1C316C}" = WEB.DE Toolbar MSVC100 CRT x86 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus "1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer "3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "HDMI" = Intel(R) Graphics Media Accelerator Driver "ICQToolbar" = ICQ Toolbar "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Panda Cloud Antivirus" = Panda Cloud Antivirus "Panda Security URL Filtering" = Panda Security URL Filtering "pandasecuritytb" = Panda Security Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "Toolbar Cleaner" = Toolbar Cleaner 1.0 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.12.2011 20:08:57 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 01.01.2012 20:39:08 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 03.01.2012 07:15:12 | Computer Name = Madi85 | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 06.01.2012 05:52:34 | Computer Name = Madi85 | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 09.01.2012 04:51:16 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 10.01.2012 06:43:30 | Computer Name = Madi85 | Source = Application Hang | ID = 1002 Description = Programm ICQ.exe, Version 7.5.0.5259 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1108 Startzeit: 01cccf7d3be88cb5 Endzeit: 141 Anwendungspfad: C:\Program Files\ICQ7.5\ICQ.exe Berichts-ID: e969ef68-3b77-11e1-91f9-1c7508dfe924 Error - 14.01.2012 22:38:11 | Computer Name = Madi85 | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 16.01.2012 06:50:28 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 23.01.2012 07:19:08 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 27.01.2012 06:07:59 | Computer Name = Madi85 | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. [ System Events ] Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 28.01.2012 01:58:29 | Computer Name = Madi85 | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 28.01.2012 01:59:03 | Computer Name = Madi85 | Source = DCOM | ID = 10010 Description = Error - 28.01.2012 03:01:35 | Computer Name = Madi85 | Source = DCOM | ID = 10010 Description = Error - 28.01.2012 20:14:16 | Computer Name = Madi85 | Source = DCOM | ID = 10010 Description = < End of report > |
11.02.2012, 02:14 | #5 |
| TR/Yakes.nys (3 Funde) OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.02.2012 01:04:42 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Madeleine\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 178,07 Mb Available Physical Memory | 17,58% Memory free 1,99 Gb Paging File | 1,00 Gb Available in Paging File | 50,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 172,75 Gb Free Space | 80,06% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,11% Space Free | Partition Type: FAT32 Drive E: | 7,47 Gb Total Space | 0,83 Gb Free Space | 11,16% Space Free | Partition Type: FAT32 Computer Name: MADI85 | User Name: Madeleine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.10 13:49:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Madeleine\Downloads\OTL(1).exe PRC - [2012.01.16 11:24:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe PRC - [2011.07.15 13:50:43 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.29 09:29:44 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.28 14:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSUNMain.exe PRC - [2011.04.28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Cloud Antivirus\PSANHost.exe PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.09 12:01:24 | 000,407,416 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Android Manager\iSync.exe PRC - [2011.02.09 12:01:22 | 000,489,848 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Updater\iUpdate.exe PRC - [2011.01.05 15:24:24 | 000,714,120 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe PRC - [2011.01.05 15:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2011.01.05 15:24:16 | 000,468,360 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.20 14:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2010.10.05 23:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe PRC - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe PRC - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.06.02 00:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\EgisUpdate.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.01.16 11:24:28 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.02.09 12:01:23 | 000,411,136 | ---- | M] () -- C:\Programme\Acer\Android Manager\DEU.dll MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011.07.15 13:50:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain) SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.05 15:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.02 00:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.07.15 13:50:46 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.15 13:50:46 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.07.05 12:12:48 | 000,143,624 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt) DRV - [2011.04.28 13:57:47 | 000,112,712 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt) DRV - [2011.04.28 13:57:21 | 000,111,176 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc) DRV - [2011.04.28 13:57:20 | 000,126,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC) DRV - [2011.04.28 13:57:20 | 000,099,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.09.14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010.09.14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010.09.14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010.09.14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010.08.24 10:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.07.15 22:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.06.17 07:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://hotmail.com/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.03.15 00:14:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.15 00:14:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.15 00:14:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.02.10 10:32:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.16 11:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.15 13:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Madeleine\AppData\Roaming\mozilla\Extensions [2012.02.09 12:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Madeleine\AppData\Roaming\mozilla\Firefox\Profiles\9ofaiyri.default\extensions [2012.01.05 12:48:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Madeleine\AppData\Roaming\mozilla\Firefox\Profiles\9ofaiyri.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.10 10:32:36 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Madeleine\AppData\Roaming\mozilla\Firefox\Profiles\9ofaiyri.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2012.02.09 12:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Madeleine\AppData\Roaming\mozilla\Firefox\Profiles\9ofaiyri.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions [2012.02.09 12:32:30 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Madeleine\AppData\Roaming\mozilla\Firefox\Profiles\9ofaiyri.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\Setup\bin\PandaSecurityTb_2.0.0.9\$[56]\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2011.12.25 11:12:07 | 000,000,933 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\11-suche.xml [2011.12.25 11:12:07 | 000,002,419 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\englische-ergebnisse.xml [2011.12.25 11:12:07 | 000,010,525 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\gmx-suche.xml [2012.02.08 09:48:27 | 000,000,950 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin-1.xml [2011.10.18 15:09:41 | 000,000,950 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin-2.xml [2011.11.14 04:30:48 | 000,000,950 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin-3.xml [2011.10.13 16:49:51 | 000,001,056 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin.xml [2011.12.25 11:12:07 | 000,002,457 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\lastminute.xml [2011.12.25 11:12:06 | 000,005,508 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\webde-suche.xml [2012.02.10 09:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.10 10:32:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MADELEINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OFAIYRI.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.01.16 11:24:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.18 14:33:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 14:33:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.18 14:33:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 14:33:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 14:33:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programme\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll () O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security) O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E32E81E-2697-4997-995D-DBD824DBB027}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.10 14:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.02.10 10:58:17 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Malwarebytes [2012.02.10 10:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.10 10:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.10 10:57:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.10 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.10 09:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.02.10 09:07:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.02.10 09:07:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.02.10 09:07:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.02.09 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Panda Security [2012.02.09 12:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner [2012.02.09 12:32:41 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Local\panda2_0dn [2012.02.09 12:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering [2012.02.09 12:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus [2012.02.09 12:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012.02.09 12:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012.02.09 12:30:40 | 000,000,000 | ---D | C] -- C:\temp [2012.01.31 11:09:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2012.01.31 11:09:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2012.01.29 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Urmuw [2012.01.29 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Keiwmui [2012.01.12 13:13:43 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\Desktop\Kapitel-29-Dateien [32 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.11 00:59:45 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.11 00:59:45 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.11 00:51:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.11 00:51:09 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2012.02.10 10:57:53 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.10 09:16:21 | 000,000,000 | ---- | M] () -- C:\Users\Madeleine\defogger_reenable [2012.02.10 08:59:04 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.10 08:59:04 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.10 08:59:04 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.10 08:59:04 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.09 12:32:06 | 000,000,264 | ---- | M] () -- C:\Windows\System32\PSUNCpl.dat [2012.02.04 15:00:58 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.12 13:14:29 | 000,055,388 | ---- | M] () -- C:\Users\Madeleine\Desktop\Kapitel-29.html [32 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.10 10:57:53 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.10 09:16:21 | 000,000,000 | ---- | C] () -- C:\Users\Madeleine\defogger_reenable [2012.02.09 12:32:06 | 000,000,264 | ---- | C] () -- C:\Windows\System32\PSUNCpl.dat [2012.02.04 15:00:57 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2012.01.12 13:14:26 | 000,055,388 | ---- | C] () -- C:\Users\Madeleine\Desktop\Kapitel-29.html [2011.07.15 13:52:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.15 08:31:22 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.03.15 08:31:21 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.03.15 08:31:21 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.03.15 08:31:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.01.11 11:11:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.01.11 11:01:44 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2011.01.11 11:01:44 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011.01.11 11:01:44 | 000,016,406 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT [2011.01.11 11:01:44 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.01.11 11:01:44 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2011.01.11 11:01:44 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.01.11 09:34:59 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,284,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012.02.10 14:52:26 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\ICQ [2012.02.09 10:13:54 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\Keiwmui [2011.10.05 22:06:16 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\OpenOffice.org [2012.02.10 10:32:36 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\Panda Security [2012.02.10 14:52:28 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\SoftGrid Client [2011.07.24 14:11:49 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\TP [2012.02.02 10:00:15 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\Urmuw [2011.12.05 12:07:20 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
11.02.2012, 09:35 | #6 | ||
/// Helfer-Team | TR/Yakes.nys (3 Funde) 1. Du hast deinen Rechner mit zwei Anti-Viren-Programmen generell `geschwächt`: Zitat:
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen. Zitat:
► -> Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software 2. erneut einen Scan mit OTL:
__________________ --> TR/Yakes.nys (3 Funde) |
11.02.2012, 10:35 | #7 |
| TR/Yakes.nys (3 Funde) Panda habe ich deinstalliert und hier sind OTL Logfiles: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.02.2012 10:17:26 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Madeleine\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 141,50 Mb Available Physical Memory | 13,97% Memory free 1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 172,49 Gb Free Space | 79,94% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,11% Space Free | Partition Type: FAT32 Drive E: | 7,47 Gb Total Space | 0,83 Gb Free Space | 11,16% Space Free | Partition Type: FAT32 Computer Name: MADI85 | User Name: Madeleine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung "3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "HDMI" = Intel(R) Graphics Media Accelerator Driver "ICQToolbar" = ICQ Toolbar "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 25.12.2011 20:08:57 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 01.01.2012 20:39:08 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 03.01.2012 07:15:12 | Computer Name = Madi85 | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 06.01.2012 05:52:34 | Computer Name = Madi85 | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 09.01.2012 04:51:16 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 10.01.2012 06:43:30 | Computer Name = Madi85 | Source = Application Hang | ID = 1002 Description = Programm ICQ.exe, Version 7.5.0.5259 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1108 Startzeit: 01cccf7d3be88cb5 Endzeit: 141 Anwendungspfad: C:\Program Files\ICQ7.5\ICQ.exe Berichts-ID: e969ef68-3b77-11e1-91f9-1c7508dfe924 Error - 14.01.2012 22:38:11 | Computer Name = Madi85 | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 16.01.2012 06:50:28 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 23.01.2012 07:19:08 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 27.01.2012 06:07:59 | Computer Name = Madi85 | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. [ System Events ] Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 27.01.2012 21:29:01 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 28.01.2012 01:58:29 | Computer Name = Madi85 | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 28.01.2012 01:59:03 | Computer Name = Madi85 | Source = DCOM | ID = 10010 Description = Error - 28.01.2012 03:01:35 | Computer Name = Madi85 | Source = DCOM | ID = 10010 Description = Error - 28.01.2012 20:14:16 | Computer Name = Madi85 | Source = DCOM | ID = 10010 Description = < End of report > |
11.02.2012, 10:38 | #8 |
| TR/Yakes.nys (3 Funde) OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.02.2012 10:17:26 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Madeleine\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 141,50 Mb Available Physical Memory | 13,97% Memory free 1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 172,49 Gb Free Space | 79,94% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,11% Space Free | Partition Type: FAT32 Drive E: | 7,47 Gb Total Space | 0,83 Gb Free Space | 11,16% Space Free | Partition Type: FAT32 Computer Name: MADI85 | User Name: Madeleine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.10 13:48:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Madeleine\Downloads\OTL.exe PRC - [2012.01.16 11:24:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.01.13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe PRC - [2011.07.15 13:50:43 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.09 12:01:24 | 000,407,416 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Android Manager\iSync.exe PRC - [2011.02.09 12:01:22 | 000,489,848 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Updater\iUpdate.exe PRC - [2011.01.05 15:24:24 | 000,714,120 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe PRC - [2011.01.05 15:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2011.01.05 15:24:16 | 000,468,360 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.20 14:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2010.10.05 23:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe PRC - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe PRC - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.06.02 00:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\EgisUpdate.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.01.16 11:24:28 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.02.09 12:01:23 | 000,411,136 | ---- | M] () -- C:\Programme\Acer\Android Manager\DEU.dll MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV - [2012.01.13 11:21:10 | 000,095,200 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011.07.15 13:50:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.05 15:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.02 00:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.07.15 13:50:46 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.15 13:50:46 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.09.14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010.09.14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010.09.14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010.09.14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010.08.24 10:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.07.15 22:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.06.17 07:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://hotmail.com/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.03.15 00:14:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.15 00:14:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.15 00:14:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.02.10 10:32:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.16 11:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.15 13:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Madeleine\AppData\Roaming\mozilla\Extensions [2012.02.11 10:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Madeleine\AppData\Roaming\mozilla\Firefox\Profiles\9ofaiyri.default\extensions [2012.01.05 12:48:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Madeleine\AppData\Roaming\mozilla\Firefox\Profiles\9ofaiyri.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.12.25 11:12:07 | 000,000,933 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\11-suche.xml [2011.12.25 11:12:07 | 000,002,419 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\englische-ergebnisse.xml [2011.12.25 11:12:07 | 000,010,525 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\gmx-suche.xml [2012.02.08 09:48:27 | 000,000,950 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin-1.xml [2011.10.18 15:09:41 | 000,000,950 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin-2.xml [2011.11.14 04:30:48 | 000,000,950 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin-3.xml [2011.10.13 16:49:51 | 000,001,056 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin.xml [2011.12.25 11:12:07 | 000,002,457 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\lastminute.xml [2011.12.25 11:12:06 | 000,005,508 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\webde-suche.xml [2012.02.10 09:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.10 10:32:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MADELEINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OFAIYRI.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.01.16 11:24:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.18 14:33:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 14:33:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.18 14:33:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 14:33:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 14:33:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E32E81E-2697-4997-995D-DBD824DBB027}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.11 01:55:10 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.02.11 01:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.02.10 14:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.02.10 10:58:17 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Malwarebytes [2012.02.10 10:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.10 10:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.10 10:57:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.10 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.10 09:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.02.10 09:07:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.02.10 09:07:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.02.10 09:07:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.02.09 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Panda Security [2012.02.09 12:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012.02.09 12:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012.02.09 12:30:40 | 000,000,000 | ---D | C] -- C:\temp [2012.01.31 11:09:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2012.01.31 11:09:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2012.01.29 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Urmuw [2012.01.29 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Keiwmui [2012.01.12 13:13:43 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\Desktop\Kapitel-29-Dateien [32 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.11 10:15:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.11 10:15:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.11 10:07:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.11 10:07:00 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2012.02.11 01:55:10 | 000,002,983 | ---- | M] () -- C:\Users\Madeleine\Desktop\HiJackThis.lnk [2012.02.10 10:57:53 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.10 09:16:21 | 000,000,000 | ---- | M] () -- C:\Users\Madeleine\defogger_reenable [2012.02.10 08:59:04 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.10 08:59:04 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.10 08:59:04 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.10 08:59:04 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.04 15:00:58 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.12 13:14:29 | 000,055,388 | ---- | M] () -- C:\Users\Madeleine\Desktop\Kapitel-29.html [32 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.11 01:55:10 | 000,002,983 | ---- | C] () -- C:\Users\Madeleine\Desktop\HiJackThis.lnk [2012.02.10 10:57:53 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.10 09:16:21 | 000,000,000 | ---- | C] () -- C:\Users\Madeleine\defogger_reenable [2012.02.04 15:00:57 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2012.01.12 13:14:26 | 000,055,388 | ---- | C] () -- C:\Users\Madeleine\Desktop\Kapitel-29.html [2011.07.15 13:52:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.15 08:31:22 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.03.15 08:31:21 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.03.15 08:31:21 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.03.15 08:31:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.01.11 11:11:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.01.11 11:01:44 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2011.01.11 11:01:44 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011.01.11 11:01:44 | 000,016,406 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT [2011.01.11 11:01:44 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.01.11 11:01:44 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2011.01.11 11:01:44 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.01.11 09:34:59 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,284,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012.02.10 14:52:26 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\ICQ [2012.02.09 10:13:54 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\Keiwmui [2011.10.05 22:06:16 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\OpenOffice.org [2012.02.10 10:32:36 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\Panda Security [2012.02.10 14:52:28 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\SoftGrid Client [2011.07.24 14:11:49 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\TP [2012.02.02 10:00:15 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\Urmuw [2011.12.05 12:07:20 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
12.02.2012, 12:10 | #9 | ||
/// Helfer-Team | TR/Yakes.nys (3 Funde) 1. der Internet Explorer von Web.de Seite heruntergeladet? hast Du dort Web.de Mail?: kann deinstalliert werden: Zitat:
Installation - "Never accept software from strangers" - nur von Herstellerseite Programme herunterladen! - also die Installation des Internet Explorer solltest v. microsoft.com downloaden! jetzt aber bitte belassen! 2. Code:
ATTFilter McAfee SiteAdvisor - Browser-Plug-in 3. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 4. reinige dein System mit CCleaner:
5. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 6. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 7. erneut einen Scan mit OTL:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
13.02.2012, 12:57 | #10 |
| TR/Yakes.nys (3 Funde) Hallo Kira, 1) habe Web.de deinstalliert 2) habe McAfee SiteAdvisor gelöscht 3) habe Adobe Reader aktualisiert 4) habe System mit CCleaner gereinigt 5 + 6) habe online scan mit Eset durchgeführt, jedoch bekomme ich eine Fehlermeldung wenn ich versuche mit HJT den Eintrag zu fixen: O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab Fehlermeldung: an unexpected error has ocurred at procedure modBackup_MakeBackup.... Wenn ich es erneut versuche, sehe ich, dass der Eintrag nicht gefixt wurde und noch aufgelistet ist. 7) fehlt mir noch. Werde ich morgen machen und die Logfiles hier posten. Ansonsten verhält sich der Laptop normal. Danke. |
14.02.2012, 09:28 | #11 |
| TR/Yakes.nys (3 Funde) OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.02.2012 09:09:56 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Madeleine\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 197,94 Mb Available Physical Memory | 19,54% Memory free 1,99 Gb Paging File | 0,92 Gb Available in Paging File | 46,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 174,08 Gb Free Space | 80,67% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,11% Space Free | Partition Type: FAT32 Drive F: | 7,45 Gb Total Space | 3,87 Gb Free Space | 51,94% Space Free | Partition Type: FAT32 Computer Name: MADI85 | User Name: Madeleine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.10 13:48:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Madeleine\Downloads\OTL.exe PRC - [2012.01.16 11:24:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.07.15 13:50:43 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.09 12:01:24 | 000,407,416 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Android Manager\iSync.exe PRC - [2011.02.09 12:01:22 | 000,489,848 | ---- | M] (Insyde Software Corp.) -- C:\Programme\Acer\Updater\iUpdate.exe PRC - [2011.01.05 15:24:24 | 000,714,120 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe PRC - [2011.01.05 15:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2011.01.05 15:24:16 | 000,468,360 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.20 14:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2010.10.05 23:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\AcerVCM.exe PRC - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe PRC - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2010.06.02 00:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe PRC - [2010.05.27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.03.11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\EgisUpdate.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.01.16 11:24:28 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.11.16 02:11:39 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2011.02.09 12:01:23 | 000,411,136 | ---- | M] () -- C:\Programme\Acer\Android Manager\DEU.dll MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV - [2011.07.15 13:50:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.05 15:24:20 | 000,734,592 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.11.20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.09.14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.02 00:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.07.15 13:50:46 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.15 13:50:46 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.09.14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2010.09.14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2010.09.14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2010.09.14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010.08.24 10:55:52 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.07.15 22:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.06.17 07:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://hotmail.com/" FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011.03.15 00:14:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.03.15 00:14:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011.03.15 00:14:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.16 11:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.15 13:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Madeleine\AppData\Roaming\mozilla\Extensions [2012.02.11 10:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Madeleine\AppData\Roaming\mozilla\Firefox\Profiles\9ofaiyri.default\extensions [2012.01.05 12:48:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Madeleine\AppData\Roaming\mozilla\Firefox\Profiles\9ofaiyri.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.12.25 11:12:07 | 000,000,933 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\11-suche.xml [2011.12.25 11:12:07 | 000,002,419 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\englische-ergebnisse.xml [2011.12.25 11:12:07 | 000,010,525 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\gmx-suche.xml [2012.02.08 09:48:27 | 000,000,950 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin-1.xml [2011.10.18 15:09:41 | 000,000,950 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin-2.xml [2011.11.14 04:30:48 | 000,000,950 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin-3.xml [2011.10.13 16:49:51 | 000,001,056 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\icqplugin.xml [2011.12.25 11:12:07 | 000,002,457 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\lastminute.xml [2011.12.25 11:12:06 | 000,005,508 | ---- | M] () -- C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\9ofaiyri.default\searchplugins\webde-suche.xml [2012.02.10 09:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.10 10:32:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} () (No name found) -- C:\USERS\MADELEINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9OFAIYRI.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.01.16 11:24:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.18 14:33:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.18 14:33:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.18 14:33:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.18 14:33:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 14:33:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E32E81E-2697-4997-995D-DBD824DBB027}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.13 09:52:55 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.02.13 09:52:55 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.02.13 09:52:54 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.02.13 09:52:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.13 09:52:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.13 09:52:53 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.02.13 09:52:53 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.02.13 09:52:53 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.02.13 09:52:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.02.13 09:52:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.02.13 09:52:53 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.02.13 09:52:53 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.02.13 09:52:52 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.02.13 09:52:52 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.02.13 09:52:52 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.02.13 09:52:52 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.02.13 09:52:52 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.02.13 09:52:52 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.02.13 09:52:52 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.02.13 09:52:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.13 09:52:52 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.02.13 09:52:52 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.02.13 09:52:52 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.02.13 09:52:52 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.02.13 09:52:52 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.02.13 09:52:52 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.02.13 09:52:52 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.02.13 09:52:52 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.02.13 09:52:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.13 09:52:51 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.02.13 09:52:51 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.02.13 09:52:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.02.13 09:52:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.02.13 09:52:51 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.02.13 09:52:51 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.02.13 09:52:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.02.13 09:52:51 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.02.11 01:55:10 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012.02.11 01:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012.02.10 14:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.02.10 10:58:17 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Malwarebytes [2012.02.10 10:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.10 10:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.10 10:57:43 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.10 10:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.10 09:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.02.10 09:07:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.02.10 09:07:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.02.10 09:07:45 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.02.09 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Panda Security [2012.02.09 12:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012.02.09 12:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012.02.09 12:30:40 | 000,000,000 | ---D | C] -- C:\temp [2012.01.31 11:09:29 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll [2012.01.31 11:09:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2012.01.29 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Urmuw [2012.01.29 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Madeleine\AppData\Roaming\Keiwmui [33 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.14 09:00:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.14 09:00:07 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.14 08:56:32 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.14 08:56:32 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.14 08:56:32 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.14 08:56:32 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.14 08:51:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.14 08:51:27 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2012.02.13 09:52:55 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.02.13 09:52:55 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.02.13 09:52:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.13 09:52:54 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.02.13 09:52:54 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.02.13 09:52:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.13 09:52:53 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.02.13 09:52:53 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.02.13 09:52:53 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.02.13 09:52:53 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.02.13 09:52:53 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.02.13 09:52:53 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.02.13 09:52:52 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.02.13 09:52:52 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.02.13 09:52:52 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.02.13 09:52:52 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.02.13 09:52:52 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.02.13 09:52:52 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.02.13 09:52:52 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.02.13 09:52:52 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.13 09:52:52 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.02.13 09:52:52 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.02.13 09:52:52 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.02.13 09:52:52 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.02.13 09:52:52 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.02.13 09:52:52 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.02.13 09:52:52 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.02.13 09:52:52 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.02.13 09:52:52 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.02.13 09:52:51 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.13 09:52:51 | 001,798,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.02.13 09:52:51 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.02.13 09:52:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.02.13 09:52:51 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.02.13 09:52:51 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.02.13 09:52:51 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.02.13 09:52:51 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.02.13 09:52:51 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.02.12 12:43:22 | 000,053,798 | ---- | M] () -- C:\Users\Madeleine\Desktop\cc_20120212_124242.reg [2012.02.12 12:29:50 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.02.11 01:55:10 | 000,002,983 | ---- | M] () -- C:\Users\Madeleine\Desktop\HiJackThis.lnk [2012.02.10 10:57:53 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.10 09:16:21 | 000,000,000 | ---- | M] () -- C:\Users\Madeleine\defogger_reenable [2012.02.04 15:00:58 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [33 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.14 08:53:26 | 000,001,417 | ---- | C] () -- C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.02.13 09:52:52 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.02.12 12:42:47 | 000,053,798 | ---- | C] () -- C:\Users\Madeleine\Desktop\cc_20120212_124242.reg [2012.02.11 01:55:10 | 000,002,983 | ---- | C] () -- C:\Users\Madeleine\Desktop\HiJackThis.lnk [2012.02.10 10:57:53 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.10 09:16:21 | 000,000,000 | ---- | C] () -- C:\Users\Madeleine\defogger_reenable [2012.02.04 15:00:57 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat [2011.07.15 13:52:48 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.15 08:31:22 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.03.15 08:31:21 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.03.15 08:31:21 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.03.15 08:31:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.01.11 11:11:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.01.11 11:01:44 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2011.01.11 11:01:44 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011.01.11 11:01:44 | 000,016,406 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT [2011.01.11 11:01:44 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.01.11 11:01:44 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2011.01.11 11:01:44 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.01.11 09:34:59 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,284,200 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2012.02.12 12:46:16 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\ICQ [2012.02.09 10:13:54 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\Keiwmui [2011.10.05 22:06:16 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\OpenOffice.org [2012.02.10 10:32:36 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\Panda Security [2012.02.13 13:00:16 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\SoftGrid Client [2011.07.24 14:11:49 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\TP [2012.02.02 10:00:15 | 000,000,000 | ---D | M] -- C:\Users\Madeleine\AppData\Roaming\Urmuw [2011.12.05 12:07:20 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
14.02.2012, 09:30 | #12 |
| TR/Yakes.nys (3 Funde) OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.02.2012 09:09:56 - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Madeleine\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 197,94 Mb Available Physical Memory | 19,54% Memory free 1,99 Gb Paging File | 0,92 Gb Available in Paging File | 46,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 174,08 Gb Free Space | 80,67% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,11% Space Free | Partition Type: FAT32 Drive F: | 7,45 Gb Total Space | 3,87 Gb Free Space | 51,94% Space Free | Partition Type: FAT32 Computer Name: MADI85 | User Name: Madeleine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "HDMI" = Intel(R) Graphics Media Accelerator Driver "ICQToolbar" = ICQ Toolbar "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.01.2012 20:39:08 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 03.01.2012 07:15:12 | Computer Name = Madi85 | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 06.01.2012 05:52:34 | Computer Name = Madi85 | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 09.01.2012 04:51:16 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 10.01.2012 06:43:30 | Computer Name = Madi85 | Source = Application Hang | ID = 1002 Description = Programm ICQ.exe, Version 7.5.0.5259 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1108 Startzeit: 01cccf7d3be88cb5 Endzeit: 141 Anwendungspfad: C:\Program Files\ICQ7.5\ICQ.exe Berichts-ID: e969ef68-3b77-11e1-91f9-1c7508dfe924 Error - 14.01.2012 22:38:11 | Computer Name = Madi85 | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 16.01.2012 06:50:28 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 23.01.2012 07:19:08 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = Error - 27.01.2012 06:07:59 | Computer Name = Madi85 | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. Error - 30.01.2012 04:26:35 | Computer Name = Madi85 | Source = Windows Backup | ID = 4104 Description = [ System Events ] Error - 13.02.2012 04:42:07 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 13.02.2012 04:42:07 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 13.02.2012 04:42:07 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 13.02.2012 04:42:07 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 13.02.2012 04:42:12 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 13.02.2012 04:42:12 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 13.02.2012 04:42:12 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 13.02.2012 04:42:12 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 13.02.2012 04:42:17 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. Error - 13.02.2012 04:42:17 | Computer Name = Madi85 | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk1\DR1. < End of report > |
14.02.2012, 20:14 | #13 | |
/// Helfer-Team | TR/Yakes.nys (3 Funde) Der Online-Scanner von Eset hat etwas gefunden? Die Ergebnisse möchte ich sehen Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
15.02.2012, 11:52 | #14 |
| TR/Yakes.nys (3 Funde)Code:
ATTFilter ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=1741b4eb6562e7479cab2370afb52d42 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-13 11:21:10 # local_time=2012-02-13 12:21:10 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 6253 65656174 72410 0 # compatibility_mode=5893 16776573 100 94 261553 80755502 0 0 # compatibility_mode=8192 67108863 100 0 3957 3957 0 0 # scanned=97605 # found=0 # cleaned=0 # scan_time=7759 |
15.02.2012, 12:01 | #15 |
| TR/Yakes.nys (3 Funde) Unter Systemsteuerung hatte ich Eset schon deinstalliert. Mit HJT lässt sich der Eintrag 016 immer noch nicht fixen. Bei der Fehlermeldung steht auch noch dabei: Error #75 ß Path/File access error. Wenn ich HJT öffne und auf "Do a scan and safe a log file" klicke, erhalte ich die Meldung: For some reason your system denied write access to the Hosts files. If any hijacked domains are in the file, HJT may not be able to fix this. If that happens you need to edit the file by yourself. Was mache ich mit den 3 Dateien die bei Avira in Quarantäne sind? Vielen Dank für den support. |
Themen zu TR/Yakes.nys (3 Funde) |
alarm, andere, anderen, avira, dateien, enthält, exploits, folge, folgende, folgenden, funde, laptops, nochmals, pferd, quarantäne, quelle, scan, start, tr/yakes.nys, troja, trojanische, trojanische pferd |