|
Plagegeister aller Art und deren Bekämpfung: TR/ Agent.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.06.2012, 06:38 | #1 |
| TR/ Agent.Gen Guten Morgen, nach einem plötzlichen verschwinden aller Programmsymbole auf dem Desktop welche dann einfach als weiße Seiten wieder aufgetaucht sind, waren alle Verknüpfungen verschwunden. Alle Programme lassen sich wenn überhaupt nur noch über sehr umständliche Wege starten, denn beim direkten anklicken der Dateien, also auch der exe Dateien,kommt immer sofort das "Öffnen mit" Fenster. Avira hat nichts gemeldet und erst nach der Malware suche kam der Fund TR/Agent.Gen hier das Log Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.04.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 HOLGER :: HOLGER-PC [Administrator] Schutz: Deaktiviert 27.06.2012 19:35:33 mbam-log-2012-06-27 (19-35-33).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 964311 Laufzeit: 7 Stunde(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\HOLGER\M-1-25-5432-6437-5685 (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) schon mal Danke für die Hilfe OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2012 08:28:13 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\HOLGER\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,86% Memory free 6,50 Gb Paging File | 5,46 Gb Available in Paging File | 83,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 823,28 Gb Free Space | 90,43% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe PRC - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 06:16:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeecoms.exe PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeecoms.exe -- (lxee_device) SRV - [2010.04.14 16:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2012.05.09 06:16:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 06:16:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = t-online.de - IE 8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Nachrichten - Service - Shopping bei t-online.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Nachrichten - Service - Shopping bei t-online.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{8B1196D5-0608-4457-99D6-954CD28EA96A}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi IE - HKCU\..\SearchScopes\{908FAB45-330E-4808-875D-8B7EA2DFD6F5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{924FA814-6FC3-40E2-8355-8E8E93F200B5}: "URL" = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi IE - HKCU\..\SearchScopes\{984A2770-6C96-44C8-B170-A4DDEF742AD9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AD2BDD94-CEBA-493B-9B79-99C956660F09}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Plasmoo" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Plasmoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HOLGER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 20:09:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 06:05:46 | 000,000,000 | ---D | M] [2012.04.11 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Extensions [2012.06.04 06:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions [2012.05.24 21:25:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.04.11 11:52:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.06.06 20:38:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011.06.06 20:38:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\engine@plasmoo.com [2012.04.11 11:56:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\software@loadtubes.com [2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\conduit.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\plasmoo.xml [2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\Search_Results.xml [2012.06.04 06:43:20 | 000,003,915 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\sweetim.xml [2012.06.18 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.04 06:43:18 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\HOLGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3U9OSS91.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.04 22:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\HOLGER\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe () O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe () O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Facebook Update] C:\Users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3752C415-0AD3-4D70-88DD-5C627777D71D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.28 07:54:13 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe [2012.06.27 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Roaming\Malwarebytes [2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.27 19:24:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.27 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.27 09:44:54 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\Apps [2012.06.27 09:36:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.24 20:54:18 | 002,347,224 | ---- | C] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe [2012.06.24 20:52:43 | 005,837,544 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\HOLGER\Documents\speedupmypc.exe [2012.06.24 10:53:07 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2012.06.24 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012.06.19 06:13:22 | 000,989,584 | ---- | C] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe [2012.06.18 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.06.12 14:54:17 | 000,000,000 | --SD | C] -- C:\Users\HOLGER\Documents\Meine Datenquellen [2012.06.11 12:19:12 | 009,120,256 | ---- | C] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe [2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 08:30:24 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.28 08:30:24 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.28 08:30:24 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.28 08:30:24 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.28 08:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.28 08:23:58 | 2616,643,584 | -HS- | M] () -- C:\hiberfil.sys [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe [2012.06.28 07:52:06 | 000,000,000 | ---- | M] () -- C:\Users\HOLGER\defogger_reenable [2012.06.28 07:50:08 | 000,050,477 | ---- | M] () -- C:\Users\HOLGER\Desktop\Defogger.exe [2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job [2012.06.27 19:24:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job [2012.06.27 09:36:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.24 20:54:19 | 002,347,224 | ---- | M] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe [2012.06.24 20:52:56 | 005,837,544 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\HOLGER\Documents\speedupmypc.exe [2012.06.24 15:36:04 | 077,711,976 | ---- | M] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe [2012.06.21 16:59:05 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\BauFaktura.lnk [2012.06.20 07:57:47 | 000,989,584 | ---- | M] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe [2012.06.19 17:49:17 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.06.18 22:48:49 | 000,002,104 | ---- | M] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk [2012.06.18 22:43:04 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk [2012.06.18 22:39:40 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk [2012.06.14 06:45:15 | 000,506,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.11 21:56:30 | 000,074,340 | ---- | M] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf [2012.06.11 12:19:12 | 009,120,256 | ---- | M] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe [2012.06.04 07:05:46 | 000,061,523 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf [2012.05.31 18:11:56 | 000,077,829 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf [2012.05.31 17:42:50 | 000,005,556 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf [2012.05.30 14:02:48 | 000,048,016 | ---- | M] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf [2012.05.30 13:59:30 | 000,062,635 | ---- | M] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.28 07:52:06 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\defogger_reenable [2012.06.28 07:50:08 | 000,050,477 | ---- | C] () -- C:\Users\HOLGER\Desktop\Defogger.exe [2012.06.27 19:24:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 15:35:33 | 077,711,976 | ---- | C] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe [2012.06.18 22:54:24 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk [2012.06.18 22:48:49 | 000,002,104 | ---- | C] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk [2012.06.18 22:39:40 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk [2012.06.18 20:09:22 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.11 21:56:59 | 000,074,340 | ---- | C] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf [2012.06.04 07:06:06 | 000,061,523 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf [2012.05.31 18:12:19 | 000,077,829 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf [2012.05.31 17:44:09 | 000,005,556 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf [2012.05.30 14:03:11 | 000,048,016 | ---- | C] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf [2012.05.30 14:00:01 | 000,062,635 | ---- | C] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf [2012.01.05 09:46:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.01.05 09:35:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.08.23 16:29:05 | 000,455,254 | ---- | C] () -- C:\Users\HOLGER\Messung GC-Compagnie 22.08.2011.pdf [2011.06.28 18:33:28 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.18 22:21:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll [2011.02.02 09:36:25 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\AppData\Roaming\wklnhst.dat [2011.01.12 12:33:12 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeecoin.dll [2011.01.12 12:33:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeegcfg.dll [2011.01.12 12:33:06 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeecui.dll [2010.12.12 14:59:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeevs.dll [2010.12.12 14:58:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeecuir.dll [2010.12.12 14:48:22 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxeerwrd.ini [2010.12.12 14:47:57 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEEinst.dll [2010.12.12 14:47:55 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEEhcp.dll [2010.12.12 14:47:54 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeeinpa.dll [2010.12.12 14:47:54 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeeiesc.dll [2010.12.12 14:47:53 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeeusb1.dll [2010.12.12 14:47:50 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeeserv.dll [2010.12.12 14:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeepmui.dll [2010.12.12 14:47:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeelmpm.dll [2010.12.12 14:47:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeejswr.dll [2010.12.12 14:47:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeeinsb.dll [2010.12.12 14:47:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeeinsr.dll [2010.12.12 14:47:47 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeeins.dll [2010.12.12 14:47:46 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeeih.exe [2010.12.12 14:47:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeehbn3.dll [2010.12.12 14:47:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeegrd.dll [2010.12.12 14:47:41 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeecu.dll [2010.12.12 14:47:41 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeecub.dll [2010.12.12 14:47:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeecur.dll [2010.12.12 14:47:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeecoms.exe [2010.12.12 14:47:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeecomm.dll [2010.12.12 14:47:39 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeecomc.dll [2010.12.12 14:47:39 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeecfg.exe [2010.12.12 14:45:15 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEEsm.dll [2010.12.12 14:45:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEEsmr.dll ========== LOP Check ========== [2012.06.15 06:40:15 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\DVDVideoSoft [2012.04.11 11:56:03 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\loadtbs [2011.02.12 09:05:42 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\MAGIX [2012.05.24 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenCandy [2010.12.22 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenOffice.org [2012.01.23 21:01:27 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Opera [2012.01.18 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\PowerCinema [2012.01.05 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Samsung [2011.01.22 09:50:18 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Software Inspection Library [2011.01.12 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\T-Online [2012.05.24 21:26:04 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\TuneUp Software [2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job [2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job [2012.05.01 18:42:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2012 08:28:13 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\HOLGER\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,86% Memory free 6,50 Gb Paging File | 5,46 Gb Available in Paging File | 83,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 823,28 Gb Free Space | 90,43% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe PRC - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 06:16:53 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeecoms.exe PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.09 06:16:53 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 06:16:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.04.14 16:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxeecoms.exe -- (lxee_device) SRV - [2010.04.14 16:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - [2012.05.09 06:16:53 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 06:16:53 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2009.06.30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = t-online.de - IE 8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Nachrichten - Service - Shopping bei t-online.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Nachrichten - Service - Shopping bei t-online.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{8B1196D5-0608-4457-99D6-954CD28EA96A}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi IE - HKCU\..\SearchScopes\{908FAB45-330E-4808-875D-8B7EA2DFD6F5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{924FA814-6FC3-40E2-8355-8E8E93F200B5}: "URL" = hxxp://suche.t-online.de/fastcgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&d ia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wikitab_internet_std&q={searchTerms}&br=ie7-toi IE - HKCU\..\SearchScopes\{984A2770-6C96-44C8-B170-A4DDEF742AD9}: "URL" = hxxp://rover.ebay.com/rover/1/707-1403-276402/4?mpre=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={sear chTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=303&systemid=406&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AD2BDD94-CEBA-493B-9B79-99C956660F09}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag= interactivemesuche21&index=blended&linkCode=ur2&camp=1638&creative=6742 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Plasmoo" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Plasmoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\HOLGER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 20:09:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 06:05:46 | 000,000,000 | ---D | M] [2012.04.11 11:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Extensions [2012.06.04 06:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions [2012.05.24 21:25:35 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.04.11 11:52:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.06.06 20:38:22 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011.06.06 20:38:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\engine@plasmoo.com [2012.04.11 11:56:03 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\HOLGER\AppData\Roaming\mozilla\Firefox\Profiles\3u9oss91.default\extensions\software@loadtubes.com [2011.10.05 11:35:46 | 000,000,931 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\conduit.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\plasmoo.xml [2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\Search_Results.xml [2012.06.04 06:43:20 | 000,003,915 | ---- | M] () -- C:\Users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\searchplugins\sweetim.xml [2012.06.18 20:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.04 06:43:18 | 000,172,310 | ---- | M] () (No name found) -- C:\USERS\HOLGER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3U9OSS91.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.04 22:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 16:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.11 11:52:34 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\HOLGER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\HOLGER\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro700 Series\ezprint.exe () O4 - HKLM..\Run: [lxeemon.exe] C:\Program Files\Lexmark Pro700 Series\lxeemon.exe () O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [Facebook Update] C:\Users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3752C415-0AD3-4D70-88DD-5C627777D71D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.28 07:54:13 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe [2012.06.27 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Roaming\Malwarebytes [2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.27 19:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.27 19:24:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.27 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.27 09:44:54 | 000,000,000 | ---D | C] -- C:\Users\HOLGER\AppData\Local\Apps [2012.06.27 09:36:15 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.24 20:54:18 | 002,347,224 | ---- | C] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe [2012.06.24 20:52:43 | 005,837,544 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\HOLGER\Documents\speedupmypc.exe [2012.06.24 10:53:07 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2012.06.24 10:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security [2012.06.19 06:13:22 | 000,989,584 | ---- | C] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe [2012.06.18 20:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.06.12 14:54:17 | 000,000,000 | --SD | C] -- C:\Users\HOLGER\Documents\Meine Datenquellen [2012.06.11 12:19:12 | 009,120,256 | ---- | C] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe [2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012.06.04 06:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 08:31:30 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.28 08:30:24 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.28 08:30:24 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.28 08:30:24 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.28 08:30:24 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.28 08:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.28 08:23:58 | 2616,643,584 | -HS- | M] () -- C:\hiberfil.sys [2012.06.28 07:54:17 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\HOLGER\Desktop\OTL.exe [2012.06.28 07:52:06 | 000,000,000 | ---- | M] () -- C:\Users\HOLGER\defogger_reenable [2012.06.28 07:50:08 | 000,050,477 | ---- | M] () -- C:\Users\HOLGER\Desktop\Defogger.exe [2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job [2012.06.27 19:24:51 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job [2012.06.27 09:36:25 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\HOLGER\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.24 20:54:19 | 002,347,224 | ---- | M] (SPAMfighter ApS) -- C:\Users\HOLGER\Documents\spywarefighter.exe [2012.06.24 20:52:56 | 005,837,544 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\HOLGER\Documents\speedupmypc.exe [2012.06.24 15:36:04 | 077,711,976 | ---- | M] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe [2012.06.21 16:59:05 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\BauFaktura.lnk [2012.06.20 07:57:47 | 000,989,584 | ---- | M] (Solid State Networks) -- C:\Users\HOLGER\Documents\install_flashplayer11x32ax_gtba_aih.exe [2012.06.19 17:49:17 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.06.18 22:48:49 | 000,002,104 | ---- | M] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk [2012.06.18 22:43:04 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk [2012.06.18 22:39:40 | 000,002,543 | ---- | M] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk [2012.06.14 06:45:15 | 000,506,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.11 21:56:30 | 000,074,340 | ---- | M] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf [2012.06.11 12:19:12 | 009,120,256 | ---- | M] (Georg Huonker, Leidringen) -- C:\Users\HOLGER\Desktop\StartBau.exe [2012.06.04 07:05:46 | 000,061,523 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf [2012.05.31 18:11:56 | 000,077,829 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf [2012.05.31 17:42:50 | 000,005,556 | ---- | M] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf [2012.05.30 14:02:48 | 000,048,016 | ---- | M] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf [2012.05.30 13:59:30 | 000,062,635 | ---- | M] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.28 07:52:06 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\defogger_reenable [2012.06.28 07:50:08 | 000,050,477 | ---- | C] () -- C:\Users\HOLGER\Desktop\Defogger.exe [2012.06.27 19:24:51 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.24 15:35:33 | 077,711,976 | ---- | C] () -- C:\Users\HOLGER\Documents\PANDAGP12.exe [2012.06.18 22:54:24 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Documents\BauFaktura.lnk [2012.06.18 22:48:49 | 000,002,104 | ---- | C] () -- C:\Users\HOLGER\Desktop\T-Online Browser.lnk [2012.06.18 22:39:40 | 000,002,543 | ---- | C] () -- C:\Users\HOLGER\Desktop\BauFaktura.lnk [2012.06.18 20:09:22 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.11 21:56:59 | 000,074,340 | ---- | C] () -- C:\Users\HOLGER\Documents\Angebot Uhlmann Küchengeräte.pdf [2012.06.04 07:06:06 | 000,061,523 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann 2.pdf [2012.05.31 18:12:19 | 000,077,829 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Kirwald 31.05.2012.pdf [2012.05.31 17:44:09 | 000,005,556 | ---- | C] () -- C:\Users\HOLGER\Documents\Abschlagsrechnung Uhlmann Patrick.pdf [2012.05.30 14:03:11 | 000,048,016 | ---- | C] () -- C:\Users\HOLGER\Documents\Datenblatt Solarword SW 80.pdf [2012.05.30 14:00:01 | 000,062,635 | ---- | C] () -- C:\Users\HOLGER\Documents\Rechnung Dittrich.pdf [2012.01.05 09:46:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.01.05 09:35:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.08.23 16:29:05 | 000,455,254 | ---- | C] () -- C:\Users\HOLGER\Messung GC-Compagnie 22.08.2011.pdf [2011.06.28 18:33:28 | 000,000,137 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.06.10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.04.18 22:21:57 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll [2011.02.02 09:36:25 | 000,000,000 | ---- | C] () -- C:\Users\HOLGER\AppData\Roaming\wklnhst.dat [2011.01.12 12:33:12 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxeecoin.dll [2011.01.12 12:33:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeegcfg.dll [2011.01.12 12:33:06 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeecui.dll [2010.12.12 14:59:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeevs.dll [2010.12.12 14:58:23 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeecuir.dll [2010.12.12 14:48:22 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxeerwrd.ini [2010.12.12 14:47:57 | 000,385,024 | ---- | C] () -- C:\Windows\System32\LXEEinst.dll [2010.12.12 14:47:55 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEEhcp.dll [2010.12.12 14:47:54 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeeinpa.dll [2010.12.12 14:47:54 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeeiesc.dll [2010.12.12 14:47:53 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeeusb1.dll [2010.12.12 14:47:50 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeeserv.dll [2010.12.12 14:47:50 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeepmui.dll [2010.12.12 14:47:50 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeelmpm.dll [2010.12.12 14:47:49 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeejswr.dll [2010.12.12 14:47:48 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeeinsb.dll [2010.12.12 14:47:48 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeeinsr.dll [2010.12.12 14:47:47 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeeins.dll [2010.12.12 14:47:46 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeeih.exe [2010.12.12 14:47:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeehbn3.dll [2010.12.12 14:47:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeegrd.dll [2010.12.12 14:47:41 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeecu.dll [2010.12.12 14:47:41 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeecub.dll [2010.12.12 14:47:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeecur.dll [2010.12.12 14:47:40 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeecoms.exe [2010.12.12 14:47:40 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeecomm.dll [2010.12.12 14:47:39 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeecomc.dll [2010.12.12 14:47:39 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeecfg.exe [2010.12.12 14:45:15 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEEsm.dll [2010.12.12 14:45:15 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEEsmr.dll ========== LOP Check ========== [2012.06.15 06:40:15 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\DVDVideoSoft [2012.04.11 11:56:03 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\loadtbs [2011.02.12 09:05:42 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\MAGIX [2012.05.24 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenCandy [2010.12.22 10:19:37 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\OpenOffice.org [2012.01.23 21:01:27 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Opera [2012.01.18 19:25:29 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\PowerCinema [2012.01.05 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Samsung [2011.01.22 09:50:18 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\Software Inspection Library [2011.01.12 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\T-Online [2012.05.24 21:26:04 | 000,000,000 | ---D | M] -- C:\Users\HOLGER\AppData\Roaming\TuneUp Software [2012.06.27 10:45:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job [2012.06.28 07:45:01 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job [2012.05.01 18:42:04 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.06.2012 07:58:17 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\HOLGER\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 60,99% Memory free 6,50 Gb Paging File | 5,16 Gb Available in Paging File | 79,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 823,25 Gb Free Space | 90,43% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,00 Gb Free Space | 50,01% Space Free | Partition Type: NTFS Drive F: | 3,73 Gb Total Space | 3,73 Gb Free Space | 99,96% Space Free | Partition Type: FAT32 Computer Name: HOLGER-PC | User Name: HOLGER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{102AD012-B5FB-4B58-9DBA-55455FC62C83}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{1312A125-55F0-48CF-BFEA-98ECE6B4E1F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1B5EFB86-D2B6-472D-BFDE-0AA47E6DBB3D}" = lport=445 | protocol=6 | dir=in | app=system | "{2181C64B-0E29-4227-BAC3-6CDE6AA8CE7A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{277F9405-78C4-4A59-989D-6C9E38253257}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2C03E55E-C2C3-4AF9-96CF-0530E2ACA8B3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{37E3CCB5-FA68-442A-95B1-35E3FAE0B740}" = rport=10243 | protocol=6 | dir=out | app=system | "{3BB68256-C138-48B9-B1AF-351E28EE8F29}" = lport=137 | protocol=17 | dir=in | app=system | "{58B1CD6A-92A1-499A-B720-20DCE2E0E56F}" = rport=138 | protocol=17 | dir=out | app=system | "{66A25583-1418-4605-9866-5B6E82710D5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{68D39BC1-077C-4C66-BFFE-3C19311150D6}" = lport=10243 | protocol=6 | dir=in | app=system | "{7DDDE052-B8C4-49AF-BC82-44E896C3D1DC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8347939E-DB13-41EF-89D8-37147128C7AD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{89E67ECE-88AA-4672-AA45-9F0199CB1CD9}" = lport=138 | protocol=17 | dir=in | app=system | "{90428154-8343-44C9-AA99-EF250DCCD7AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{93E36C12-F05E-426B-A79C-020AD991589D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9F39FD63-D4FB-40C1-AFEA-62531F756111}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A30B3F2D-EAA0-455A-B34C-FCAC7B2A3C80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AD69A03C-0600-4378-83FD-9A282774207A}" = lport=2869 | protocol=6 | dir=in | app=system | "{B65ECDE3-E39C-4EF8-B8F7-6BA0EE46A6B9}" = rport=137 | protocol=17 | dir=out | app=system | "{B6AD25A5-F960-4496-B100-D37847F7A584}" = lport=139 | protocol=6 | dir=in | app=system | "{B9C64E12-185B-4D1B-B7BA-32A080055677}" = rport=139 | protocol=6 | dir=out | app=system | "{C72FD472-19E1-4C24-A551-458278B16023}" = rport=445 | protocol=6 | dir=out | app=system | "{C97D7619-F625-41F7-AAF7-3D233BBB90D2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FB90E485-319E-4AD1-9332-F96AD59FF1F5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01441A78-B876-420F-9B7B-F856A0201DCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{05A00F36-982A-4FCF-98F9-07AB46B5A27D}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dmp\clbrowserengine.exe | "{07B78EA8-79B2-4D13-B47A-2D52F4E75774}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe | "{090AF306-AB92-4519-8D53-726A3618AF38}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe | "{0C7DD1B5-43F2-435B-8182-A2D93E54E7A0}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe | "{0CD1D211-E2C1-455C-BDB9-CFA438F58C50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0F392924-9C41-470E-88B8-18AD04BDD189}" = dir=in | app=c:\program files\cyberlink\youmemo\kernel\dms\clmsservice.exe | "{12B6E503-0365-4DE5-A5ED-161B82428641}" = dir=in | app=c:\windows\system32\lxeecoms.exe | "{15B07B33-2820-47E5-B9ED-5C9E93E7E2D0}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{18638D94-DFCD-4F34-880A-34DEE891BB32}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{1AC12CD9-C5B8-46E0-BE4B-8D942A975FC3}" = protocol=6 | dir=out | app=system | "{1DA86511-FF4F-42B6-91B1-9D9E222BDD34}" = dir=in | app=c:\windows\system32\lxeecoms.exe | "{1E949A2D-5259-4B3A-8840-BC9BCAC5CC91}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | "{25DBB59F-4793-4AE6-BEAB-734DE1390702}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{268B6A10-83E6-431A-BA93-6314C6809C0D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{287757B7-7E22-46BF-AC5B-6B4DD4C55EF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{2E50F481-F078-4242-A875-612E8D3B1021}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{304E2BB2-53E3-48AD-B674-A6FAE0A2D931}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3266F8C0-F91D-4C64-883B-D7F10359472D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{3561E84E-165E-46A6-96D1-1BC5D01E5F52}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{493844B1-16C9-4864-B0AC-D76967A88412}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5FF762CF-2E1B-4B06-B92C-FC556354FE9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{620A0425-E7E9-4392-BC6D-94E37862EB50}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{6F5CFFAF-ED12-4A0C-8A98-8395302553FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{907E5DF1-814B-436E-B3F7-7670A4FA3356}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe | "{935B86C9-FB1F-4995-BFA3-557FB0789EA6}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | "{94EE57A7-B6DC-48CE-BAAA-3373D98DAD1B}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | "{A73CB69C-E102-4051-B559-D309C915F701}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A744F1DA-F521-4A9D-9AEA-A6399BB08396}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AB188F35-3027-4179-9A0B-A36154F89B93}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{ADFF21C4-C19B-4324-A623-A85F77963FD1}" = dir=in | app=c:\windows\system32\lxeecoms.exe | "{BA8C6F70-523F-44EA-B062-9D2EB5AA12CC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C900648D-04A6-4E35-82FC-070B243B49D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CC9610FF-D89A-43CA-B5B0-99AA3618D79B}" = dir=in | app=c:\windows\system32\lxeecoms.exe | "{CD073175-34F2-4EB1-8A20-6BCD0BDF8B1C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CE005EFF-F84F-4E28-B2B6-5A119271C88D}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{D5B48266-8067-41F0-9B49-AD1EC3F58014}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{DA451386-4FA8-4BA0-913B-F5A36F6C6A40}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe | "{DE4CA033-6A41-4D93-B985-C17CCA2222B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E05EB876-AE0C-4CED-A332-A8EEDB6FD06C}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{E0FB310B-1593-4CAC-BCEF-F6F4F837E6B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{E24B4645-1CBE-4E4D-94B1-994A2ED11C11}" = dir=in | app=c:\program files\cyberlink\youmemo\pcmservice.exe | "{E4AB10A9-ED2D-46FB-A658-0EBD3BB797DB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{EE095D71-4E6E-4001-B394-E085CDCCE8E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EFAFF7EE-80CF-47D5-9CA5-77F04131F652}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | "{FA5E9BF7-86FB-403C-A3E9-A09AB75B1B9B}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | "{FDBD2DFF-AE66-46BB-A7AF-E102379B7570}" = dir=in | app=c:\users\holger\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{FE440254-188F-4EDE-A514-552ED46BADA9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{82443CBA-A96C-454A-865D-23CAF5B30118}C:\baufaktura\huonkeraktualisierung.exe" = protocol=6 | dir=in | app=c:\baufaktura\huonkeraktualisierung.exe | "TCP Query User{D3276AC9-37C1-425C-8F6C-B39A8290B438}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{FC5EF1D3-9843-4C07-B7E2-EC73F7F412E8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{05D0C0AD-2096-4455-986D-945EFBDE2CB6}C:\baufaktura\huonkeraktualisierung.exe" = protocol=17 | dir=in | app=c:\baufaktura\huonkeraktualisierung.exe | "UDP Query User{BA532E81-41FB-4EBC-8D51-D018582C3267}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{CAB024C3-6887-4C12-9356-25F6624018EF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0BF500AE-1A18-4FAB-98BB-9B2038ED528C}" = BauFaktura "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4183178B-4D4E-48A7-9257-454BA90A760E}" = SweetPacks Toolbar for Internet Explorer 4.6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center "{A0250B44-DF91-4B66-85AF-45FA5B5512FC}" = Internet Explorer "{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FA72867B-3964-4133-A8AE-D5EF9AC014DE}" = Anmeldevordruck 4.0 "{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0 "{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6 "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "ALDI Süd Foto Service D" = ALDI Süd Foto Service "Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice "ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong "ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service "Avira AntiVir Desktop" = Avira Free Antivirus "doPDF 6 printer_is1" = doPDF 6.2 printer "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ElcomPDF" = ElcomPDF "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo "InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0 "KONICA MINOLTA magicolor 2530DL" = KONICA MINOLTA magicolor 2530DL "Lexmark Pro700 Series" = Lexmark Pro700 Series "loadtbs-2.1" = loadtbs-2.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MEDION Fotos auf CD & DVD SE Sued D" = MEDION Fotos auf CD & DVD SE Sued "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Searchqu Toolbar" = Searchqu Toolbar "Uninstall_is1" = Uninstall 1.0.0.1 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.10.2011 13:22:12 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103 Description = Error - 05.10.2011 12:46:38 | Computer Name = HOLGER-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: lxeecoms.exe, Version: 9.2.33.0, Zeitstempel: 0x4b1ffc19 Name des fehlerhaften Moduls: lxeeserv.dll, Version: 9.2.33.0, Zeitstempel: 0x4b1ffdcd Ausnahmecode: 0xc0000005 Fehleroffset: 0x0006bcd7 ID des fehlerhaften Prozesses: 0x928 Startzeit der fehlerhaften Anwendung: 0x01cc837e529eb340 Pfad der fehlerhaften Anwendung: C:\Windows\system32\lxeecoms.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\lxeeserv.dll Berichtskennung: 9755bba0-ef71-11e0-bf81-406186c4de20 Error - 09.10.2011 13:00:02 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103 Description = Error - 16.10.2011 13:00:01 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103 Description = Error - 23.10.2011 13:00:01 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103 Description = Error - 01.11.2011 13:30:35 | Computer Name = HOLGER-PC | Source = Windows Backup | ID = 4103 Description = Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 13 Description = Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 8193 Description = Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 13 Description = Error - 01.11.2011 18:07:23 | Computer Name = HOLGER-PC | Source = VSS | ID = 8193 Description = [ Media Center Events ] Error - 07.05.2012 11:46:19 | Computer Name = HOLGER-PC | Source = MCUpdate | ID = 0 Description = 17:46:01 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status 404: Die angeforderte URL ist auf diesem Server nicht vorhanden. ) [ System Events ] Error - 27.06.2012 13:23:54 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 27.06.2012 13:23:54 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 27.06.2012 13:23:54 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 27.06.2012 13:25:40 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 27.06.2012 13:30:08 | Computer Name = HOLGER-PC | Source = DCOM | ID = 10005 Description = Error - 27.06.2012 13:30:08 | Computer Name = HOLGER-PC | Source = DCOM | ID = 10005 Description = Error - 27.06.2012 13:30:08 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 27.06.2012 13:31:33 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxeeCATSCustConnectService erreicht. Error - 27.06.2012 13:31:33 | Computer Name = HOLGER-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxeeCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 27.06.2012 13:32:40 | Computer Name = HOLGER-PC | Source = DCOM | ID = 10016 Description = < End of report > ich kann meinen Beitrag leider nicht editieren sonst würd ich den doppelpost rausnehmen und aufgrund dieser exe auswahlgeschichte weiss ich auch nicht wie ich die programme als admin starten kann |
30.06.2012, 03:54 | #2 |
/// Selecta Jahrusso | TR/ Agent.GenMein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
30.06.2012, 21:40 | #3 |
| TR/ Agent.Gen hallo daniel
__________________danke das du mir helfen möchtest ich habe den tdss killer auf den desktop geladen kann ihn dann über die funktion öffnen mit ( und dann wieder auf die desktop datei zugreifend) starten aber er bringt mir sofort die fehlermeldung Error valid command line parameters: und an dieser stelle kommen 16 fehlende pfade bzw. ordner ich habe versucht einen bildschirmandruck zu machen kann aber ja das paint oder so nicht öffnen um die fehlermeldung zu speichern, da man den text nicht kopieren kann |
01.07.2012, 17:46 | #4 |
/// Selecta Jahrusso | TR/ Agent.Gen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
01.07.2012, 21:22 | #5 |
| TR/ Agent.Gen Hallo Daniel folgendes Problem entweder der scan geht los und dann hängt sich irgendwann nach nicht allzulanger zeit das programm auf und es kommt der blaue Bildschirm mit a problem has been detected and windows has been shut down.... Bad_Pool.Header oder aber das Programm läuft bis zum scanpunkt C/windows/assembly/GAL-MSIL/Micorsoft.Visualstudio.tools.applications und dann hängt es sich auf und es kommt programm reagiert nicht programm beenden nachdem ich es mehrmals versucht habe, habe ich einfach kurz vor dem Punkt wo es sich aufhängt mal das log gespeichert aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-07-01 22:01:30 ----------------------------- 22:01:30.943 OS Version: Windows 6.1.7601 Service Pack 1 22:01:30.943 Number of processors: 2 586 0x170A 22:01:30.959 ComputerName: HOLGER-PC UserName: HOLGER 22:01:32.893 Initialize success 22:01:37.573 AVAST engine defs: 12070100 22:01:40.163 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c 22:01:40.163 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3 22:01:40.194 Disk 0 MBR read successfully 22:01:40.194 Disk 0 MBR scan 22:01:40.210 Disk 0 unknown MBR code 22:01:40.210 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 22:01:40.225 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 932262 MB offset 206848 22:01:40.256 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 20480 MB offset 1909479424 22:01:40.272 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464 22:01:40.288 Disk 0 scanning sectors +1953521664 22:01:40.334 Disk 0 scanning C:\Windows\system32\drivers 22:01:51.176 Service scanning 22:02:08.321 Modules scanning 22:02:14.842 Disk 0 trace - called modules: 22:02:14.873 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor32.sys 22:02:14.888 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8599c6a8] 22:02:14.888 3 CLASSPNP.SYS[837bf59e] -> nt!IofCallDriver -> [0x862bc890] 22:02:14.904 5 ACPI.sys[8bcc73d4] -> nt!IofCallDriver -> \Device\0000005c[0x8678c030] 22:02:17.057 AVAST engine scan C:\Windows 22:02:20.692 AVAST engine scan C:\Windows\system32 22:04:15.476 Disk 0 MBR has been saved successfully to "C:\Users\HOLGER\Desktop\MBR.dat" 22:04:15.476 The log file has been saved successfully to "C:\Users\HOLGER\Desktop\aswMBR.txt" ich habe das ganze auch nach den Abstürzen mal im abgesicherten Modus versucht aber das hat leider trotzdem nicht geklappt |
02.07.2012, 10:22 | #6 | |
/// Selecta Jahrusso | TR/ Agent.GenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> TR/ Agent.Gen |
02.07.2012, 13:30 | #7 |
| TR/ Agent.Gen hallo daniel nach dem start der combofix.exe ( wie immer über umwege) kommt ein blaues fenster worin steht bitte warten combofix wird vorbereitet um ausgeführt zu werden dann geht sofort ein fenster auf CF script namensfehler : Hast du versucht CF Script auszuführen? der name CF Script scheint nicht korrekt buchstabiert zu sein bestätigen kann ich das dann nur mit OK |
03.07.2012, 07:03 | #8 |
/// Selecta Jahrusso | TR/ Agent.Gen Wenn du einen Rechtsklick auf die Combofix.exe machst, ist da Öffnen mit an erster Stelle und Fett geschrieben ? Deaktiviere deine Anti Viren Software. Drücke mal bitte die Windows + R Taste, kopiere folgendes in die Zeile und klicke auf OK. "%userprofile%\desktop\Combofix.exe" /killall Dies sollte Combofix starten.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
03.07.2012, 07:10 | #9 |
| TR/ Agent.Gen wenn ich die rechte maustaste drücke dann kommt nur "öffne" das öffne mit, bzw auch bei den anderen anwendungen öffne als admin gibt es da nicht und bei der eingabe kommt anwendung nicht gefunden |
03.07.2012, 07:13 | #10 |
/// Selecta Jahrusso | TR/ Agent.Gen Combofix auf dem Desktop gespeichert ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
03.07.2012, 07:18 | #11 |
| TR/ Agent.Gen das problem ist da wie schon oben beschrieben, ich muss bei allen exe dateien auf öffne gehen, dann geht das öffne mit fenster auf dann muss ich die exe nocheinmal suchen und darauf klicken erst dann gehen die programme auf, in diesem fall also nochmal über das öffne - öffne mit- durchsuchen, dann im menü wieder auf dem desktop auf die exe, erst dann läuft das programm .... aber eben leider nicht richtig |
03.07.2012, 14:59 | #12 |
/// Selecta Jahrusso | TR/ Agent.Gen Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"
Benenne die Combofix.exe in Combofix.com um und versuch sie mal zu starten.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
04.07.2012, 09:15 | #13 |
| TR/ Agent.Gen juhu es hat geklappt :-) Combofix Logfile: Code:
ATTFilter ComboFix 12-07-02.01 - HOLGER 04.07.2012 9:42.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3327.2211 [GMT 2:00] ausgeführt von:: c:\users\HOLGER\Desktop\ComboFix.com AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SPL5293.tmp c:\users\HOLGER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Silverlight.exe c:\windows\IsUn0407.exe c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-04 bis 2012-07-04 )))))))))))))))))))))))))))))) . . 2012-07-04 07:50 . 2012-07-04 07:51 -------- d-----w- c:\users\HOLGER\AppData\Local\temp 2012-07-04 07:50 . 2012-07-04 07:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-04 06:37 . 2012-07-04 06:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71CD26B0-6163-491D-84CC-A902EE13FB18}\offreg.dll 2012-07-03 09:14 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71CD26B0-6163-491D-84CC-A902EE13FB18}\mpengine.dll 2012-06-27 17:24 . 2012-06-27 17:24 -------- d-----w- c:\users\HOLGER\AppData\Roaming\Malwarebytes 2012-06-27 17:24 . 2012-06-27 17:24 -------- d-----w- c:\programdata\Malwarebytes 2012-06-27 17:24 . 2012-06-27 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-27 17:24 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-27 07:44 . 2012-06-27 07:44 -------- d-----w- c:\users\HOLGER\AppData\Local\Apps 2012-06-24 08:53 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2012-06-24 08:53 . 2012-06-24 08:53 -------- d-----w- c:\program files\Panda Security 2012-06-22 04:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-22 04:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-22 04:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-22 04:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-22 04:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-22 04:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-22 04:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-22 04:09 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-22 04:09 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-13 17:48 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-06-13 17:48 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-13 17:48 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2012-06-13 17:48 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-06-13 17:48 . 2012-05-17 22:35 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-13 17:48 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-13 17:47 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2012-06-13 17:47 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-13 17:47 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2012-06-13 17:47 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-06-13 17:47 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-13 15:48 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 15:48 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 15:48 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 15:48 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 15:48 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 15:48 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 15:48 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 15:47 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 15:47 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 15:47 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-09 04:16 . 2012-03-13 06:30 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-05-09 04:16 . 2012-03-13 06:30 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-04-19 18:05 . 2010-12-21 18:40 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-14 22:19 . 2012-06-18 18:09 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-05-09 08:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2012-04-24 12:24 1310000 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936] "{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\HOLGER\AppData\Roaming\loadtbs\toolbar.dll" [2012-02-15 640000] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-04-24 1310000] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Facebook Update"="c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-23 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-10 7866912] "lxeemon.exe"="c:\program files\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728] "EzPrint"="c:\program files\Lexmark Pro700 Series\ezprint.exe" [2009-10-01 139944] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992] "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . R2 lxeeCATSCustConnectService;lxeeCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [x] S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x] S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] BullGuard_Backup REG_MULTI_SZ BsBackup . Inhalt des "geplante Tasks" Ordners . 2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000Core.job - c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 08:40] . 2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3655861120-308642264-2925887876-1000UA.job - c:\users\HOLGER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 08:40] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} uInternet Settings,ProxyOverride = <local> IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\ FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Plasmoo FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q= FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-10 - (no file) SafeBoot-BsScanner AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-07-04 10:09:38 ComboFix-quarantined-files.txt 2012-07-04 08:09 . Vor Suchlauf: 11 Verzeichnis(se), 880.867.274.752 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 881.017.188.352 Bytes frei . - - End Of File - - F77EA70F0E50383F38393ABF5B4173D7 |
04.07.2012, 16:30 | #14 |
/// Selecta Jahrusso | TR/ Agent.Gen Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FireFox:: FF - ProfilePath - c:\users\HOLGER\AppData\Roaming\Mozilla\Firefox\Profiles\3u9oss91.default\ FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Plasmoo FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q= DDS:: uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={5174B1E9-9579-4F9F-A0AD-8839EB61EFB0} ClearJavaCache:: Wichtig:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
04.07.2012, 17:13 | #15 |
| TR/ Agent.Gen auf diese art kann ich notepad nicht öffnen da kommt anwendung nicht gefunden kann ich das über den editor auf dem weg öffne mit.... machen oder ist das dann ein falsches format? ok blödsinn ist ja die selbe anwendung ok nächstes problem ich kann den text nicht IN die exe. ziehen die beiden tauschen nur den platz, kann das daran liegen dass ich die exe ja wieder über das öffnen mit.. fenster aktivieren muss? muss/kann ich die combofix exe. wieder in com umbenennen? |