|
Log-Analyse und Auswertung: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.06.2012, 14:23 | #1 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! Hallo, auch ich scheine mir nun diesen Trojaner eingefangen zu haben. Allerdings erscheint bei mir der schwarze Bildschirm mit der Meldung "Achtung! Aus Sicherheitsgründen wurde ihr Windows System blockiert"... usw. nicht jedesmal, wenn ich online bin, sondern nur manchmal. Ich würde nun gerne mit eurer Hilfe den PC bereinigen und hoffe ihr könnt mir dabei helfen! |
01.07.2012, 05:50 | #2 | ||
/// Helfer-Team | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
01.07.2012, 15:11 | #3 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! Hi,
__________________hier ist das Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.01.02 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Andreas Schmid :: ARBEITS-PC [Administrator] 01.07.2012 11:59:26 mbam-log-2012-07-01 (11-59-26).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 356815 Laufzeit: 3 Stunde(n), 7 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypePM (Spyware.Zbot) -> Daten: C:\Users\Andreas Schmid\AppData\Local\Skype\SkypePM.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Andreas Schmid\AppData\Local\Skype\SkypePM.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Andreas Schmid\AppData\Local\Temp\~!#E217.tmp (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL Extras logfile created on: 01.07.2012 15:30:54 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andreas Schmid\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 269,00 Mb Available Physical Memory | 26,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99,70 Gb Total Space | 43,28 Gb Free Space | 43,41% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,21 Gb Free Space | 62,11% Space Free | Partition Type: NTFS Computer Name: ARBEITS-PC | User Name: Andreas Schmid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{21656A09-7606-4089-9137-331DDA0AD371}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4C239DA5-52AA-4700-A4D7-EBFB5CDCF943}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5F209E86-AB0F-4D0C-B888-C39E53727E69}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{84D3772C-8C00-4173-96DE-5F1ED06D53FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AC3681FA-99B1-4D12-936D-75AC53FB612B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C9E4B2D3-BF75-4CA3-8FE4-4F5E109195A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DB0D03C7-9C17-4895-8C51-D39476592509}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F10DB00B-D197-4783-A901-7524CA0522CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AE1F11-FCBB-4479-AFE1-9B799BA94039}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{0F8A352C-24F9-4218-8D98-8DAB6412FBAA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{74952B7E-A137-4ACE-AB6B-EFF576BF69C3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8BBEE743-98B2-4F5D-B7FB-84C016FF0FAD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{965E2AB5-D071-4776-80A3-2B2F382F7104}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9A45C70F-02D6-4643-A589-8B8686042A2B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C6658A5E-C8FC-43B4-B929-0EC160780CEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CE6E7D7D-D33E-4F96-8958-355316B52A2D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "TCP Query User{0431682F-2590-4201-BAAB-04324046E8D9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{66E9EF25-D4DA-4E69-84C5-F74A1993850F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{CB9A91C0-F998-4C13-A5EA-0E1BC1FE34EE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E51A398C-6292-4B9D-AD95-FA9747119B87}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19 "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{38B39865-D988-4945-9A22-6107B8B40953}" = C4200 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{493BAF04-DA99-9257-B343-E17BB5E687A3}" = ATI Catalyst Control Center Ex "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75C82071-B29F-4824-BD2E-0BEA71206DAF}" = Tradesignal Online Chart "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 2.5.3.0 "{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3 "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems "{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "DerivaGem_is1" = DerivaGem 1.53 "Foxit Reader" = Foxit Reader "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "pdfsam" = pdfsam "QIP2005" = QIP 2005 Uninstall "RarZilla Free Unrar" = RarZilla Free Unrar "Surf & E-Mail-Stick" = Surf & E-Mail-Stick "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOPSIM - Universal Banking Sim - Participant" = TOPSIM - Universal Banking Sim - Participant "TOPSIM_-_Runtime_1-0" = TOPSIM_-_Runtime_1-0 "VLC media player" = VideoLAN VLC media player 0.8.6d "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27.06.2012 18:56:39 | Computer Name = Arbeits-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2012/06/28 00:56:39.731]: [00003888]: lperrcode->api = 1 , lperrcode->code = 2 Error - 27.06.2012 18:56:41 | Computer Name = Arbeits-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2012/06/28 00:56:41.275]: [00003888]: lperrcode->api = 1 , lperrcode->code = 2 Error - 27.06.2012 18:56:42 | Computer Name = Arbeits-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2012/06/28 00:56:42.819]: [00003888]: lperrcode->api = 1 , lperrcode->code = 2 Error - 27.06.2012 18:56:44 | Computer Name = Arbeits-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2012/06/28 00:56:44.364]: [00003888]: lperrcode->api = 1 , lperrcode->code = 2 Error - 27.06.2012 18:56:45 | Computer Name = Arbeits-PC | Source = Brother BrLog | ID = 1001 Description = WDLMW BrtWDLMW: [2012/06/28 00:56:45.908]: [00003888]: lperrcode->api = 1 , lperrcode->code = 2 Error - 30.06.2012 08:25:57 | Computer Name = Arbeits-PC | Source = EventSystem | ID = 4609 Description = Error - 30.06.2012 09:38:54 | Computer Name = Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 30.06.2012 13:36:48 | Computer Name = Arbeits-PC | Source = MsiInstaller | ID = 1024 Description = Error - 01.07.2012 04:50:00 | Computer Name = Arbeits-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung SkypePM.exe, Version 4.63.0.0, Zeitstempel 0x4fc49cfe, fehlerhaftes Modul SkypePM.exe, Version 4.63.0.0, Zeitstempel 0x4fc49cfe, Ausnahmecode 0xc0000005, Fehleroffset 0x0000d04b, Prozess-ID 0xe6c, Anwendungsstartzeit 01cd57667ac50306. Error - 01.07.2012 04:56:00 | Computer Name = Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ ODiag Events ] Error - 14.12.2010 20:24:46 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Diagnostics | ID = 320 Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A [ OSession Events ] Error - 11.06.2009 12:35:56 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 515 seconds with 480 seconds of active time. This session ended with a crash. Error - 08.12.2010 17:03:34 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 988 seconds with 720 seconds of active time. This session ended with a crash. Error - 14.12.2010 20:24:35 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 347 seconds with 300 seconds of active time. This session ended with a crash. Error - 16.01.2011 16:34:22 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash. ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Code:
ATTFilter OTL logfile created on: 01.07.2012 15:30:54 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andreas Schmid\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 269,00 Mb Available Physical Memory | 26,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 45,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99,70 Gb Total Space | 43,28 Gb Free Space | 43,41% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,21 Gb Free Space | 62,11% Space Free | Partition Type: NTFS Computer Name: ARBEITS-PC | User Name: Andreas Schmid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10w_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Users\Andreas Schmid\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\ParetoLogic\FileCure\FileCure.exe (ParetoLogic) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 2.3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.) PRC - C:\Programme\DellSupport\DSAgnt.exe (Gteko Ltd.) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc) PRC - C:\Windows\sttray.exe (SigmaTel, Inc.) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) ========== Modules (SafeList) ========== MOD - C:\Users\Andreas Schmid\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (NvcRpcServer) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.) SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe () ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (Eacfilt) -- C:\Windows\System32\drivers\eacfilt.sys (Nortel Networks) DRV - (IPSECSHM) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.) DRV - (IPSECEXT) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (vsdatant) -- C:\Windows\System32\vsdatant.sys (Zone Labs, LLC) DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (DSproct) -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15561&l=dis" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BLT&o=15558&locale=de_DE&apn_uid=22D6F9AD-01DB-4743-8E4E-AFA79FF35DEF&apn_ptnrs=HG&apn_sauid=88159138-12D0-47F3-9003-BCEA52B9D81A&apn_dtid=YYYYYYYYDE&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.29 23:10:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 23:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Schmid\AppData\Roaming\mozilla\Extensions [2012.06.16 12:35:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Schmid\AppData\Roaming\mozilla\Firefox\Profiles\4dtcfhpb.default\extensions [2012.06.16 12:35:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Andreas Schmid\AppData\Roaming\mozilla\Firefox\Profiles\4dtcfhpb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.05.30 15:23:50 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Andreas Schmid\AppData\Roaming\mozilla\Firefox\Profiles\4dtcfhpb.default\extensions\toolbar@ask.com [2012.06.30 15:39:22 | 000,002,395 | ---- | M] () -- C:\Users\Andreas Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\4dtcfhpb.default\searchplugins\askcom.xml [2011.07.17 13:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.14 01:23:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.17 13:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.14 01:23:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.17 13:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2009.09.02 11:58:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.04 21:54:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [File Helper] C:\Program Files\File Helper\File Helper.lnk () O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Andreas Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Andreas Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab (TradeSignal 5 Web Edition) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.254 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.07.01 11:56:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.01 11:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.01 11:55:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 11:52:35 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andreas Schmid\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.17 11:09:59 | 000,000,000 | ---D | C] -- C:\b15adf59e62e6b19fc6a ========== Files - Modified Within 30 Days ========== [2012.07.01 15:19:07 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job [2012.07.01 15:19:05 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 15:19:05 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.01 15:18:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.01 15:18:49 | 1072,107,520 | -HS- | M] () -- C:\hiberfil.sys [2012.07.01 11:57:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.01 11:55:46 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.01 11:52:37 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andreas Schmid\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.30 15:37:40 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FF9ED17E-D50D-44E6-B914-C67E3BA12340}.job [2012.06.26 00:18:05 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2012.06.20 00:07:38 | 000,036,864 | ---- | M] () -- C:\Users\Andreas Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.17 18:00:10 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2012.06.10 01:50:48 | 000,002,633 | ---- | M] () -- C:\Users\Andreas Schmid\Desktop\Microsoft Office Excel 2007.lnk [2012.06.03 22:45:53 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.03 22:45:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.03 22:45:53 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.03 22:45:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat ========== Files Created - No Company Name ========== [2012.07.01 11:55:46 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.30 15:33:08 | 1072,107,520 | -HS- | C] () -- C:\hiberfil.sys [2011.05.13 23:43:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.05.13 23:43:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.05.04 21:43:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.04 21:43:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.04 21:43:05 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.04 21:43:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.04 21:43:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.30 14:53:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2011.01.30 14:53:05 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2011.01.04 21:40:01 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.04 21:37:14 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.01.04 21:28:16 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010.07.31 22:16:14 | 000,140,800 | ---- | C] () -- C:\Windows\System32\dg153.dll [2010.05.17 23:14:26 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2010.05.14 23:13:36 | 000,147,327 | ---- | C] () -- C:\Windows\hpoins13.dat [2010.05.14 23:13:36 | 000,000,811 | ---- | C] () -- C:\Windows\hpomdl13.dat [2010.03.16 13:27:05 | 000,147,229 | ---- | C] () -- C:\Windows\hpoins13.dat.temp [2010.03.16 13:27:05 | 000,000,811 | ---- | C] () -- C:\Windows\hpomdl13.dat.temp [2009.10.23 23:40:23 | 000,007,592 | ---- | C] () -- C:\Users\Andreas Schmid\AppData\Local\d3d9caps.dat [2007.10.02 19:47:59 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.06.13 21:51:27 | 000,023,888 | ---- | C] () -- C:\Users\Andreas Schmid\AppData\Roaming\UserTile.png [2007.06.12 13:10:53 | 000,001,056 | ---- | C] () -- C:\Users\Andreas Schmid\AppData\Roaming\wklnhst.dat [2007.06.12 12:42:29 | 000,036,864 | ---- | C] () -- C:\Users\Andreas Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.08 05:58:04 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.06.08 05:58:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.06.08 05:58:04 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.06.08 05:57:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.06.08 05:57:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,353,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\SmartArt Graphics:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\Praktika:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OTL Fix:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OTL (3):Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OpenOffice.org 2.3 Installation Files:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OneNote-Notizbücher:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\My PSP Files:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\Meine Scans:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\malwarebytes:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\Eigene Datenquellen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\Document Themes:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\DABbank:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\bvm:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Unternehmen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Trading:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Studium:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Stellenausschreibungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Sonstige Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\R2012a_Windows.iso:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\osam_autorun_manager_5_0_portable:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\music:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Excel:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Diagnose:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Deutsche Bank:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Bewerbungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Baader Bank:Roxio EMC Stream < End of report > Code:
ATTFilter Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 28.08.2011 10.3.183.7 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 30.04.2011 10.2.159.1 Ask Toolbar Ask.com 14.05.2011 4,13MB 1.12.1.0 Assistant zum Anpassen des Dell-Systems Dell Inc. 07.06.2007 1.00.0000 ATI Catalyst Control Center Ex Ihr Firmenname 07.06.2007 115MB 2.0.2488.36465 Avira Free Antivirus Avira 12.05.2012 155MB 12.0.0.1125 Benutzerhandbuch 07.06.2007 844KB Brother MFL-Pro Suite DCP-195C Brother Industries, Ltd. 03.01.2011 6,72MB 1.0.0.0 CCleaner Piriform 22.06.2012 3,63MB 3.20 Conexant HDA D110 MDC V.92 Modem 07.06.2007 680KB Corel Paint Shop Pro Photo XI Corel Inc 07.06.2007 11.003.0000 Corel Snapfire Plus Ihr Firmenname 07.06.2007 1.003.0000 DellSupport Dell 07.06.2007 6.0.3059 DerivaGem 1.53 A-J Financial Systems 31.07.2010 1,82MB Digital Line Detect BVRP Software, Inc 07.06.2007 272KB 1.21 File Helper 2.5.3.0 Blitware Technology Inc. 07.05.2011 13,5MB Foxit Reader Foxit Corporation 14.05.2011 11,5MB 4.3.1.323 Google Desktop Google 19.09.2010 8,78MB 5.9.1005.12335 Google Toolbar for Internet Explorer 07.06.2007 11,3MB HP Customer Participation Program 8.0 HP 14.05.2010 178MB 8.0 HP Imaging Device Functions 8.0 HP 14.05.2010 2,44MB 8.0 HP OCR Software 8.0 HP 14.05.2010 2,43MB 8.0 HP Photosmart All-In-One Software 8.0 HP 14.05.2010 15,6MB 8.0 HP Photosmart Essential HP 27.09.2007 10,1MB 1.12.0.46 HP Solution Center 8.0 HP 14.05.2010 2,43MB 8.0 HP Update Hewlett-Packard 27.09.2007 3,56MB 4.000.005.006 HPSSupply Ihr Firmenname 27.09.2007 987KB 2.1.3.0000 IBM SPSS Statistics 19 SPSS Inc., an IBM Company 29.01.2011 776MB 19.0.0 Java(TM) 6 Update 26 Oracle 17.07.2011 97,0MB 6.0.260 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 01.07.2012 11,6MB 1.61.0.1400 MediaDirect Dell 07.06.2007 119MB 4.7 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 19.08.2009 36,9MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 10.08.2009 36,9MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.05.2011 120MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 16.05.2011 24,5MB 4.0.30319 Microsoft Office Home and Student 2007 Microsoft Corporation 18.02.2012 320MB 12.0.6612.1000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 05.01.2011 251KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.06.2011 294KB 8.0.61001 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 17.08.2009 199KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 29.01.2011 1,41MB 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 13.08.2009 590KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.06.2011 594KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.03.2012 11,1MB 10.0.40219 Microsoft Works Microsoft Corporation 12.12.2009 08.05.0822 Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme Microsoft Corporation 12.05.2009 132KB 12.0.4518.1014 Modem-Diagnose-Tool Dell 07.06.2007 1.0.17.8 Mozilla Firefox 4.0.1 (x86 de) Mozilla 29.04.2011 29,9MB 4.0.1 MSXML 4.0 SP2 (KB927978) Microsoft Corporation 07.06.2007 1,25MB 4.20.9841.0 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 15.08.2007 1,26MB 4.20.9848.0 MSXML 4.0 SP2 (KB941833) Microsoft Corporation 11.10.2007 1,26MB 4.20.9849.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.01.2009 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,33MB 4.20.9876.0 NetWaiting BVRP Software, Inc 07.06.2007 4,90MB 2.5.41 Nortel Networks Contivity VPN Client 21.03.2008 3,41MB OpenOffice.org 2.3 OpenOffice.org 28.09.2007 298MB 2.3.9221 OutlookAddinSetup CyberLink 07.06.2007 981KB 1.0.0 PaperPort Image Printer Nuance Communications, Inc. 03.01.2011 521KB 1.00.0000 ParetoLogic FileCure ParetoLogic, Inc. 07.05.2011 4,28MB 2.0.0.0 pdfsam 17.07.2011 29,2MB 2.2.1 QIP 2005 Uninstall 12.11.2007 4,66MB QuickSet Dell Inc. 07.06.2007 8.0.11 RarZilla Free Unrar Philipp Winterberg 07.05.2011 1,87MB 3.30 Roxio Creator Audio Roxio 07.06.2007 3.3.0 Roxio Creator BDAV Plugin Roxio 07.06.2007 3.3.0 Roxio Creator Copy Roxio 07.06.2007 3.3.0 Roxio Creator Data Roxio 07.06.2007 3.3.0 Roxio Creator DE Roxio 07.06.2007 3.3.0 Roxio Creator Tools Roxio 07.06.2007 3.3.0 Roxio Express Labeler Roxio 07.06.2007 2.1.0 Roxio MyDVD DE Roxio, Inc. 07.06.2007 9.0.116 Roxio Update Manager Roxio 07.06.2007 3.0.0 ScanSoft PaperPort 11 Nuance Communications, Inc. 03.01.2011 147MB 11.2.0000 SigmaTel Audio SigmaTel 07.06.2007 22,1MB 5.10.5102.0 SUPERAntiSpyware SUPERAntiSpyware.com 08.05.2011 54,1MB 4.52.1000 Surf & E-Mail-Stick Huawei Technologies Co.,Ltd 05.07.2010 40,1MB 11.301.08.00.35 Synaptics Pointing Device Driver Synaptics 07.06.2007 12,9MB 9.0.1.3 TOPSIM - Universal Banking Sim - Participant TATA Interactive Systems GmbH 17.05.2010 58,1MB 1.0 TOPSIM_-_Runtime_1-0 TATA Interactive Systems GmbH 17.05.2010 66,8MB 1.0 Tradesignal Online Chart Tradesignal GmbH 18.03.2011 10,9MB 5.6.703 URL Assistant 07.06.2007 VideoLAN VLC media player 0.8.6d VideoLAN Team 07.10.2011 32,7MB 0.8.6d Yahoo! BrowserPlus 2.9.8 Yahoo! Inc. 22.01.2011 26,0MB Yahoo! Messenger Yahoo! Inc. 14.05.2011 32,3MB Yahoo! Software Update 14.05.2011 692KB Yahoo! Toolbar 14.05.2011 37,3MB |
02.07.2012, 08:23 | #4 |
/// Helfer-Team | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! ► Frage dich, wieso dein Vista noch immer ohne SP2 läuft?: Code:
ATTFilter Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) das SP2 umfasst die neuesten Aktualisierungen, wie z.B wichtige Sicherheits-, Stabilitäts- und Leistungsverbesserungen. - Der Internet Explorer auch veraltet, aktuell ist IE 9! Allerdings in diesem Zustand (der Rechner aktuell durch Malware befallen ist), der alten Version eine Aufrüstung auf die nächste NICHT erfolgen darf, sonst schadet es mehr als es nutzt! Soll nun die Festplatte erst bereinigt werden, also absolut malwarefrei sein! Um eine genaue Diagnose zu erstellen, müssen möglicherweise zusätzliche Untersuchungen durchgeführt werden. Erst danach kann ich Dir mit Sicherheit sagen, ob eine Systembereinigung möglich ist, oder Du dein System neu aufsetzen musst: 1. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 2. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
02.07.2012, 10:41 | #5 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! Also, GMER hat leider nicht funktioniert. Hier ist nun das Log von MBR: Code:
ATTFilter Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.0.6001 Disk: Hitachi_HTS541612J9SA00 rev.SBDOC74P -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys 1 ntkrnlpa!IofCallDriver[0x824C4FEF] -> \Device\Harddisk0\DR0[0x84F056B0] 3 CLASSPNP[0x833A1745] -> ntkrnlpa!IofCallDriver[0x824C4FEF] -> [0x84CF4C48] 5 acpi[0x806926A0] -> ntkrnlpa!IofCallDriver[0x824C4FEF] -> \Device\Ide\IdeDeviceP0T0L0-0[0x84379830] kernel: MBR read successfully user & kernel MBR OK |
02.07.2012, 15:00 | #6 | |||
/// Helfer-Team | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! 1. wofür benötigst?: Zitat:
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert: Code:
ATTFilter Ask Toolbar <- Adware Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Zitat:
Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "http://de.ask.com?o=15561&l=dis" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BLT&o=15558&locale=de_DE&apn_uid=22D6F9AD-01DB-4743-8E4E-AFA79FF35DEF&apn_ptnrs=HG&apn_sauid=88159138-12D0-47F3-9003-BCEA52B9D81A&apn_dtid=YYYYYYYYDE&q=" [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O4 - HKLM..\Run: [] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\SmartArt Graphics:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\Praktika:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OTL Fix:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OTL (3):Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OpenOffice.org 2.3 Installation Files:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OneNote-Notizbücher:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\My PSP Files:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\Meine Scans:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\malwarebytes:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\Eigene Datenquellen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\Document Themes:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\DABbank:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\bvm:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Unternehmen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Trading:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Studium:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Stellenausschreibungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Sonstige Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\R2012a_Windows.iso:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\osam_autorun_manager_5_0_portable:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\music:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Excel:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Diagnose:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Deutsche Bank:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Bewerbungen:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Desktop\Baader Bank:Roxio EMC Stream :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
4. Java aktualisieren- über Systemsteuerung-> Nach Update suchen... oder: Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. 5. Aktualisieren: -> Mozilla Firefox Hilfe -> über Menü Hilfe -> "Über Fitefox" 6. Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!): -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Wie kann ich den Cache im Internet Explorer leeren? 7. reinige dein System mit CCleaner:
8. [b]SUPERAntiSpyware updaten-> einen Vollscan machen-> Ergebnis posten 9. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung 10. -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 11. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! Geändert von kira (02.07.2012 um 15:09 Uhr) |
05.07.2012, 17:47 | #7 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! OK, hier ist nun der Inhalt des Textdokuments nach dem Fixen mit OTL: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found. File C:\Programme\Ask.com\GenericAskToolbar.dll not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "Ask.com" removed from browser.search.selectedEngine Prefs.js: "hxxp://de.ask.com?o=15561&l=dis" removed from browser.startup.homepage Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BLT&o=15558&locale=de_DE&apn_uid=22D6F9AD-01DB-4743-8E4E-AFA79FF35DEF&apn_ptnrs=HG&apn_sauid=88159138-12D0-47F3-9003-BCEA52B9D81A&apn_dtid=YYYYYYYYDE&q=" removed from keyword.URL C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully. ADS C:\Users\Andreas Schmid\Documents\SmartArt Graphics:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\Praktika:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\OTL Fix:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\OTL (3):Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\OpenOffice.org 2.3 Installation Files:Roxio EMC Stream deleted successfully. Unable to delete ADS C:\Users\Andreas Schmid\Documents\OneNote-Notizbücher:Roxio EMC Stream . ADS C:\Users\Andreas Schmid\Documents\My PSP Files:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\Meine Scans:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\malwarebytes:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\Eigene Datenquellen:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\Document Themes:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\DABbank:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Documents\bvm:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Unternehmen:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Trading:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Studium:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Stellenausschreibungen:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Sonstige Dateien:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\R2012a_Windows.iso:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\osam_autorun_manager_5_0_portable:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\music:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Excel:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Diagnose:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Deutsche Bank:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Bewerbungen:Roxio EMC Stream deleted successfully. ADS C:\Users\Andreas Schmid\Desktop\Baader Bank:Roxio EMC Stream deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Andreas Schmid\Desktop\cmd.bat deleted successfully. C:\Users\Andreas Schmid\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Andreas Schmid ->Temp folder emptied: 261690010 bytes ->Temporary Internet Files folder emptied: 135422762 bytes ->Java cache emptied: 10492 bytes ->FireFox cache emptied: 66911304 bytes ->Flash cache emptied: 32609 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 65333006 bytes RecycleBin emptied: 258103792 bytes Total Files Cleaned = 751,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 07042012_112559 Files\Folders moved on Reboot... File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QRMO52O4\4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=2;s5=2;s7=0;s8=0;s11=1;s12=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=120x600;ord=862980337115[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QRMO52O4\4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=2;s5=2;s7=0;s8=0;s11=1;s12=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=300x250;ord=862980337115[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QRMO52O4\6DmHf4v6aOTvJzC1Qu96lpmd-W-81QpphSwht86XXR1lgTOc6_YGN8ZH0ldqrwGWPCpMXprz4bLzgfiIGTZK4Nl1yfyJGab-dKfTa7x7OGweV9cIXuoz9ARqLIIujKEQ&callback=google.LU[1].loadFeaturemap_851_0 not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QRMO52O4\WIPLDYoIWcfVXxvZu9XwJ55OX7Ag,DjjDse0JOG9G8fShysgb-kHPN2c6wR6LpC8I5KRvNG0kFCxDIo34zHBv1Krxh1nJ0qy5Y8Wm9GRHH8e4BPyyglEOSjBeF80ZpbEzi_hpuyQKmKI8HE-K_xsfZYSRYJE_mW2AHgM[1].gif not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L3HT81D4\36ohk6dgmcd1n.ver.11.app.3ae1mc4rm4e9l.ver.13.app.3cp9lcoq32dpn.ver.77.app.3ie33cpgj6dhi.ver.46.app.66c9i6pj32d33.ver.18.app.68ohh6com6c1h.ver.8.app.6cdj26sq3cdb6.ver[1].8 not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L3HT81D4\4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=2;s5=2;s7=0;s8=0;s11=1;s12=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=300x100;ord=862980337115[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L3HT81D4\4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=2;s5=2;s7=0;s8=0;s11=1;s12=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=300x250;ord=862980337115[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L3HT81D4\4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=2;s5=2;s7=0;s8=0;s11=1;s12=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=300x300;ord=862980337115[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L3HT81D4\=4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=2;s5=2;s7=0;s8=0;s11=1;s12=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=728x90;ord=862980337115[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L3HT81D4\=5;i1=4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=1;s5=1;s7=0;s8=0;s11=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=120x600;ord=248606909509[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L3HT81D4\=5;i1=4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=1;s5=1;s7=0;s8=0;s11=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=500x220;ord=248606909509[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\L3HT81D4\rame=0&screen_res=10&ac=0&tz=2&tagid=ambient&owner=&specialtype=&adsize=¶ms[1].styles=&tile=314534916785846801056316277842&transactionID=314534916785846801056316277842 not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1PLREM03\2=5;i1=4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=1;s5=1;s7=0;s8=0;s11=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=728x90;ord=248606909509[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1PLREM03\=5;i1=4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=1;s5=1;s7=0;s8=0;s11=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=300x250;ord=248606909509[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1PLREM03\WIPLDYoIWcfVXxvZu9XwJ55OX7Ag,YPzO8RCBHuskelft_jBTKbtV7eaBOjpygZOjAL3TKwv18plP01WiM9Nxuot-gwOcAV9z9XMgWW0auxxS9Fl9V1MjnHC2-vCwn-7khueLyulCz4PaaIeW_IQcCdZ_jP3o97MDX3k[1].gif not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1PLREM03\_WIPLDYoIWcfVXxvZu9XwJ55OX7Ag,bAPywJ6DmHf4v6aOTvJzC1Qu96lpmd-W-81QpphSwht86XXR1lgTOc6_YGN8ZH0ldqrwGWPCpMXprz4bLzgfiIGTZK4Nl1yfyJGab-dKfTa7x7OGweV9cIXuoz9ARqLIIujKEQ[1].gif not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1DTN0E3P\.3ae1mc4rm4e9l.ver.10.app.3cp9lcoq32dpn.ver.65.app.3ie33cpgj6dhi.ver.36.app.66c9i6pj32d33.ver.12.app.68c34chgjadj1.ver.6.app.68ohh6com6c1h.ver.7.app.6cdj26sq3cdb6.ver[1].8 not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1DTN0E3P\=5;i1=4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=1;s5=1;s7=0;s8=0;s11=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=300x100;ord=248606909509[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1DTN0E3P\=5;i1=4;i2=4;i3=4;i5=4;i8=4;i9=4;i10=4;i12=4;i13=4;i14=4;i18=4;i23=4;i39=4;i42=4;i44=4;s1=1;s5=1;s7=0;s8=0;s11=1;s17=0;s18=0;zt=4;w1=2;w2=5;;sz=300x250;ord=248606909509[1] not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1DTN0E3P\ldg7Fxk_cMDN21emWr4A9FUYCzmd1esnls4XqYd6bLa2yjhAhiuOOlhms6tC_J_VsPYnzdnKaoKCA_8-U4UeEdBFZVNu_PKMgyZkSdQl-FE2ZK9nJmyXgH405lWsZ1ht43yR0kEr8UQ3oLMbfPAbbE-Lzu_NyW1uE231[1].gif not found! File\Folder C:\Users\Andreas Schmid\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\1DTN0E3P\_WIPLDYoIWcfVXxvZu9XwJ55OX7Ag,CwRlVv0c-9FyXRVXu5xFD8gQJaNbHUMvDSFy_VdCgeedOyNJXb6Cyex6_oLrKj8yc3f0b9M358rm3l6qErtuEvy4B15yK_vtk8YBxV4LiKE6G5WmzTvLrNqmhAw5CyuR8-JPbQ[1].gif not found! C:\Windows\temp\JETDAC4.tmp moved successfully. Registry entries deleted on Reboot... Die Ergebnisse nach den Scans mit SUPERAntiSpyware und Eset Online Scanner lauten: Jeweils keine Funde! Und hier sind schließlich die Logfiles nach dem Scan mit OTL: Code:
ATTFilter OTL logfile created on: 05.07.2012 18:30:42 - Run 4 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andreas Schmid\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 227,00 Mb Available Physical Memory | 22,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 28,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99,70 Gb Total Space | 43,16 Gb Free Space | 43,29% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,21 Gb Free Space | 62,11% Space Free | Partition Type: NTFS Computer Name: ARBEITS-PC | User Name: Andreas Schmid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.05 18:27:15 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.05.12 12:10:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.12 12:09:58 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.12 12:09:57 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.12 12:09:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.02.05 16:00:42 | 001,609,536 | ---- | M] () -- C:\Programme\File Helper\2.5.4.1\FileHelper.exe PRC - [2011.05.04 19:42:04 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011.04.24 11:28:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Schmid\Desktop\OTL.exe PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.11.26 11:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 09:33:35 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007.09.10 21:30:02 | 002,510,848 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.3\program\soffice.bin PRC - [2007.09.10 21:30:00 | 002,359,296 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.3\program\soffice.exe PRC - [2007.04.09 15:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Programme\Nortel Networks\NvcRpcSvr.exe PRC - [2007.03.15 12:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Programme\DellSupport\DSAgnt.exe PRC - [2007.02.20 14:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2007.02.08 07:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe PRC - [2006.11.05 12:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2006.11.05 11:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe PRC - [2006.10.13 12:31:34 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe ========== Modules (SafeList) ========== MOD - [2011.04.24 11:28:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreas Schmid\Desktop\OTL.exe MOD - [2010.09.17 21:34:57 | 000,123,392 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.05 18:27:15 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.12 12:10:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.12 12:09:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.04.09 15:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe -- (NvcRpcServer) SRV - [2007.03.07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService) ========== Driver Services (SafeList) ========== DRV - [2012.07.01 11:57:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.05.12 12:10:05 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.12 12:10:05 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.04.09 15:27:50 | 000,031,784 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eacfilt.sys -- (Eacfilt) DRV - [2007.04.09 15:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECSHM) DRV - [2007.04.09 15:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECEXT) DRV - [2007.03.12 06:49:54 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2007.03.09 00:02:10 | 000,394,192 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\vsdatant.sys -- (vsdatant) DRV - [2007.02.25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv) DRV - [2007.02.08 07:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2006.11.20 21:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.20 21:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.20 21:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.12 01:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.11.02 09:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2006.10.30 19:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.10.25 06:53:08 | 002,068,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.05 18:27:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 23:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Schmid\AppData\Roaming\mozilla\Extensions [2012.07.04 12:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas Schmid\AppData\Roaming\mozilla\Firefox\Profiles\4dtcfhpb.default\extensions [2012.06.16 12:35:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Andreas Schmid\AppData\Roaming\mozilla\Firefox\Profiles\4dtcfhpb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.07.01 15:50:35 | 000,002,395 | ---- | M] () -- C:\Users\Andreas Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\4dtcfhpb.default\searchplugins\askcom.xml [2012.07.04 12:02:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.04 11:55:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} File not found (No name found) -- [2012.07.05 18:27:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2012.07.04 12:02:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2012.07.04 12:02:23 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2012.07.04 12:02:23 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2012.07.04 12:02:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2012.07.04 12:02:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2012.07.04 12:02:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.04 21:54:21 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [File Helper] C:\Program Files\File Helper\File Helper.lnk () O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.) O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Andreas Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\Andreas Schmid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Programme\OpenOffice.org 2.3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab (TradeSignal 5 Web Edition) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 132.252.1.7 132.252.3.10 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 16:12:22 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.07.04 12:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.04 12:02:35 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.07.04 11:56:17 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2012.07.04 11:55:20 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.07.04 11:55:19 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.07.04 11:55:19 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.07.04 11:55:19 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.07.01 16:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.07.01 15:52:51 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Andreas Schmid\Desktop\ccsetup320.exe [2012.07.01 11:56:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.01 11:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.01 11:55:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.01 11:52:35 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andreas Schmid\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.17 11:09:59 | 000,000,000 | ---D | C] -- C:\b15adf59e62e6b19fc6a ========== Files - Modified Within 30 Days ========== [2012.07.05 18:25:45 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job [2012.07.05 18:08:14 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.05 18:00:18 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2012.07.05 17:52:32 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 17:52:31 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 16:45:32 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FF9ED17E-D50D-44E6-B914-C67E3BA12340}.job [2012.07.05 16:09:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.05 15:53:06 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk [2012.07.05 15:52:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.05 15:52:19 | 1072,107,520 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 00:08:53 | 000,036,864 | ---- | M] () -- C:\Users\Andreas Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.04 22:03:40 | 000,002,631 | ---- | M] () -- C:\Users\Andreas Schmid\Desktop\Microsoft Office Word 2007.lnk [2012.07.04 12:11:48 | 000,004,032 | ---- | M] () -- C:\Users\Andreas Schmid\Documents\cc_20120704_121128.reg [2012.07.04 11:54:24 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.07.04 11:54:24 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.07.04 11:54:24 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.07.04 11:54:23 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.07.04 11:54:22 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.07.02 11:33:22 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe [2012.07.02 10:46:54 | 000,302,592 | ---- | M] () -- C:\Users\Andreas Schmid\Desktop\23twtfdk.exe [2012.07.01 16:01:53 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.01 15:58:32 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.01 15:52:52 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Andreas Schmid\Desktop\ccsetup320.exe [2012.07.01 11:57:58 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.01 11:55:46 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.01 11:52:37 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andreas Schmid\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.26 00:18:05 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job [2012.06.10 01:50:48 | 000,002,633 | ---- | M] () -- C:\Users\Andreas Schmid\Desktop\Microsoft Office Excel 2007.lnk ========== Files Created - No Company Name ========== [2012.07.04 12:11:38 | 000,004,032 | ---- | C] () -- C:\Users\Andreas Schmid\Documents\cc_20120704_121128.reg [2012.07.02 11:33:18 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe [2012.07.02 10:46:24 | 000,302,592 | ---- | C] () -- C:\Users\Andreas Schmid\Desktop\23twtfdk.exe [2012.07.01 16:01:53 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.01 15:58:32 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.01 15:55:53 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.01 15:55:45 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.01 11:55:46 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.30 15:33:08 | 1072,107,520 | -HS- | C] () -- C:\hiberfil.sys [2011.05.13 23:43:46 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.05.13 23:43:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.05.04 21:43:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.04 21:43:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.04 21:43:05 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.04 21:43:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.04 21:43:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.01.30 14:53:05 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2011.01.30 14:53:05 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2011.01.04 21:40:01 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.01.04 21:37:14 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2011.01.04 21:28:16 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010.07.31 22:16:14 | 000,140,800 | ---- | C] () -- C:\Windows\System32\dg153.dll [2010.05.17 23:14:26 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2010.05.14 23:13:36 | 000,147,327 | ---- | C] () -- C:\Windows\hpoins13.dat [2010.05.14 23:13:36 | 000,000,811 | ---- | C] () -- C:\Windows\hpomdl13.dat [2010.03.16 13:27:05 | 000,147,229 | ---- | C] () -- C:\Windows\hpoins13.dat.temp [2010.03.16 13:27:05 | 000,000,811 | ---- | C] () -- C:\Windows\hpomdl13.dat.temp [2009.10.23 23:40:23 | 000,007,592 | ---- | C] () -- C:\Users\Andreas Schmid\AppData\Local\d3d9caps.dat [2007.10.02 19:47:59 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.06.13 21:51:27 | 000,023,888 | ---- | C] () -- C:\Users\Andreas Schmid\AppData\Roaming\UserTile.png [2007.06.12 13:10:53 | 000,001,056 | ---- | C] () -- C:\Users\Andreas Schmid\AppData\Roaming\wklnhst.dat [2007.06.12 12:42:29 | 000,036,864 | ---- | C] () -- C:\Users\Andreas Schmid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.06.08 05:58:04 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.06.08 05:58:04 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.06.08 05:58:04 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.06.08 05:57:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.06.08 05:57:41 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2006.11.07 21:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini [2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,353,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.09.17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll [2006.09.17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll ========== LOP Check ========== [2011.05.07 15:01:37 | 000,000,000 | ---D | M] -- C:\Users\Andreas Schmid\AppData\Roaming\Blitware [2011.05.14 01:07:11 | 000,000,000 | ---D | M] -- C:\Users\Andreas Schmid\AppData\Roaming\Foxit Software [2010.10.22 13:29:12 | 000,000,000 | ---D | M] -- C:\Users\Andreas Schmid\AppData\Roaming\Image Zone Express [2007.06.13 21:51:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas Schmid\AppData\Roaming\PeerNetworking [2011.05.07 15:32:42 | 000,000,000 | ---D | M] -- C:\Users\Andreas Schmid\AppData\Roaming\Philipp Winterberg [2009.05.02 21:33:10 | 000,000,000 | ---D | M] -- C:\Users\Andreas Schmid\AppData\Roaming\Printer Info Cache [2007.06.12 13:11:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas Schmid\AppData\Roaming\Template [2008.11.08 15:24:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas Schmid\AppData\Roaming\zweitgeist [2011.05.08 12:02:21 | 000,000,334 | ---- | M] () -- C:\Windows\Tasks\File Helper.job [2011.05.08 12:02:21 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\FileCure Default.job [2012.07.05 18:25:45 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job [2012.07.05 18:00:18 | 000,000,462 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job [2012.06.26 00:18:05 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job [2012.07.05 01:12:52 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.05 16:45:32 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FF9ED17E-D50D-44E6-B914-C67E3BA12340}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OneNote-Notizbücher:Roxio EMC Stream < End of report > Code:
ATTFilter OTL Extras logfile created on: 05.07.2012 18:30:42 - Run 4 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andreas Schmid\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 227,00 Mb Available Physical Memory | 22,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 28,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 99,70 Gb Total Space | 43,16 Gb Free Space | 43,29% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,21 Gb Free Space | 62,11% Space Free | Partition Type: NTFS Computer Name: ARBEITS-PC | User Name: Andreas Schmid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{21656A09-7606-4089-9137-331DDA0AD371}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4C239DA5-52AA-4700-A4D7-EBFB5CDCF943}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5F209E86-AB0F-4D0C-B888-C39E53727E69}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{84D3772C-8C00-4173-96DE-5F1ED06D53FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AC3681FA-99B1-4D12-936D-75AC53FB612B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C9E4B2D3-BF75-4CA3-8FE4-4F5E109195A2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DB0D03C7-9C17-4895-8C51-D39476592509}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F10DB00B-D197-4783-A901-7524CA0522CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00AE1F11-FCBB-4479-AFE1-9B799BA94039}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{0F8A352C-24F9-4218-8D98-8DAB6412FBAA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{74952B7E-A137-4ACE-AB6B-EFF576BF69C3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8BBEE743-98B2-4F5D-B7FB-84C016FF0FAD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{965E2AB5-D071-4776-80A3-2B2F382F7104}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{9A45C70F-02D6-4643-A589-8B8686042A2B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C6658A5E-C8FC-43B4-B929-0EC160780CEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CE6E7D7D-D33E-4F96-8958-355316B52A2D}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "TCP Query User{0431682F-2590-4201-BAAB-04324046E8D9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{66E9EF25-D4DA-4E69-84C5-F74A1993850F}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{CB9A91C0-F998-4C13-A5EA-0E1BC1FE34EE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{E51A398C-6292-4B9D-AD95-FA9747119B87}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19 "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{38B39865-D988-4945-9A22-6107B8B40953}" = C4200 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{493BAF04-DA99-9257-B343-E17BB5E687A3}" = ATI Catalyst Control Center Ex "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}" = PS_AIO_Software "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75C82071-B29F-4824-BD2E-0BEA71206DAF}" = Tradesignal Online Chart "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7760A193-8668-4FAB-B1B1-525C259F84DC}_is1" = File Helper 2.5.4.1 "{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport "{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}" = HP Photosmart All-In-One Software 8.0 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" = OpenOffice.org 2.3 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{B668B2B8-70D4-4754-A890-17C1DDDA9418}" = PS_AIO_Software_min "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems "{FE0C305A-37EE-4499-B4CF-0182E37B20C4}" = PS_AIO_ProductContext "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem "DerivaGem_is1" = DerivaGem 1.53 "Foxit Reader" = Foxit Reader "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "pdfsam" = pdfsam "QIP2005" = QIP 2005 Uninstall "RarZilla Free Unrar" = RarZilla Free Unrar "Surf & E-Mail-Stick" = Surf & E-Mail-Stick "SynTPDeinstKey" = Synaptics Pointing Device Driver "TOPSIM - Universal Banking Sim - Participant" = TOPSIM - Universal Banking Sim - Participant "TOPSIM_-_Runtime_1-0" = TOPSIM_-_Runtime_1-0 "VLC media player" = VideoLAN VLC media player 0.8.6d "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 04.07.2012 06:34:30 | Computer Name = Arbeits-PC | Source = Windows Search Service | ID = 3013 Description = Error - 04.07.2012 06:34:31 | Computer Name = Arbeits-PC | Source = Windows Search Service | ID = 3013 Description = Error - 04.07.2012 06:34:31 | Computer Name = Arbeits-PC | Source = Windows Search Service | ID = 3013 Description = Error - 04.07.2012 06:34:32 | Computer Name = Arbeits-PC | Source = Windows Search Service | ID = 3013 Description = Error - 04.07.2012 06:34:32 | Computer Name = Arbeits-PC | Source = Windows Search Service | ID = 3013 Description = Error - 04.07.2012 06:34:32 | Computer Name = Arbeits-PC | Source = Windows Search Service | ID = 3013 Description = Error - 04.07.2012 06:34:32 | Computer Name = Arbeits-PC | Source = Windows Search Service | ID = 3013 Description = Error - 04.07.2012 06:34:33 | Computer Name = Arbeits-PC | Source = Windows Search Service | ID = 3013 Description = Error - 04.07.2012 06:34:33 | Computer Name = Arbeits-PC | Source = Windows Search Service | ID = 3013 Description = Error - 05.07.2012 09:58:39 | Computer Name = Arbeits-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = [ ODiag Events ] Error - 14.12.2010 20:24:46 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Diagnostics | ID = 320 Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A [ OSession Events ] Error - 11.06.2009 12:35:56 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 515 seconds with 480 seconds of active time. This session ended with a crash. Error - 08.12.2010 17:03:34 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 988 seconds with 720 seconds of active time. This session ended with a crash. Error - 14.12.2010 20:24:35 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 347 seconds with 300 seconds of active time. This session ended with a crash. Error - 16.01.2011 16:34:22 | Computer Name = Arbeits-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash. ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
06.07.2012, 06:05 | #8 | |||
/// Helfer-Team | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! ► Somit kann ich Dein Problem als erledigt ansehen? 1. Zitat:
Code:
ATTFilter :OTL [2012.07.01 15:50:35 | 000,002,395 | ---- | M] () -- C:\Users\Andreas Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\4dtcfhpb.default\searchplugins\askcom.xml [2012.07.04 12:02:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2012.07.04 12:02:23 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2012.07.04 12:02:23 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2012.07.04 12:02:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2012.07.05 18:08:14 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.05 16:09:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.01 15:55:53 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.01 15:55:45 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job @Alternate Data Stream - 76 bytes -> C:\Users\Andreas Schmid\Documents\OneNote-Notizbücher:Roxio EMC Stream :Files ipconfig /flushdns /c :Commands [purity] [emptytemp]
** Lass dein System in der nächste Zeit noch unter Beobachtung! 2. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner 3. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
4. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
5. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 6. ► für Vista das Service Pack 2 bitte aufspielen!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! ► Internet Explorer aktualisieren: - Version 9 ist aktuell! Du kannst gleich Windows Internet Explorer 9 installieren, um die vorhandene Version von Internet Explorer zu ersetzen:-> Internet Explorer 9 Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann. Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
07.07.2012, 14:39 | #9 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! So, hier ist nun der Inhalt des Textdokuments nach dem Fixen mit OTL: Code:
ATTFilter All processes killed ========== OTL ========== C:\Users\Andreas Schmid\AppData\Roaming\Mozilla\Firefox\Profiles\4dtcfhpb.default\searchplugins\askcom.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found. File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found. Unable to delete ADS C:\Users\Andreas Schmid\Documents\OneNote-Notizbücher:Roxio EMC Stream . ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Andreas Schmid\Desktop\cmd.bat deleted successfully. C:\Users\Andreas Schmid\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Andreas Schmid ->Temp folder emptied: 2625032 bytes ->Temporary Internet Files folder emptied: 45815107 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 123128222 bytes ->Flash cache emptied: 1036 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1084421 bytes RecycleBin emptied: 63276755 bytes Total Files Cleaned = 225,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 07072012_111151 Files\Folders moved on Reboot... C:\Windows\temp\JETA90A.tmp moved successfully. C:\Windows\temp\MpSigStub.log moved successfully. Registry entries deleted on Reboot... Vielen Dank für deine Hilfe! |
Themen zu Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert...! |
achtung, aus sicherheitsgründen, bereinige, bereinigen, bildschirm, blockiert, eingefangen, erschein, erscheint, eurer, gefangen, gen, hoffe, jedesmal, meldung, online, schei, schwarze, schwarze bildschirm, sicherheitsgründen, system, troja, trojaner, windows, würde |