| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mail delivery failed Nachrichten ohne EndeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2012, 12:47
| #1 |
 |  Mail delivery failed Nachrichten ohne Ende Hallo, ich bekomme seit einigen Tagen täglich Nachrichten auf meine web.de Adresse mit o.g. Meldung. Das Alles sind mir völlig unbekannte Adresse die angeschrieben wurden. Scheint als hätte jmd meinen Account gehackt und versendet uns fleißig Mails. Heute habe ich sogar Antworten bekommen. Die habe angeblich Mahnungen ruasgeschickt ohne, dass die gezogene Adresse überhaupt jemals Ware bestellt hätte und ähnliches... Was ist da los? Was kann ich tun? |
|
13.07.2012, 12:38
| #2 |
| /// Helfer-Team  | Mail delivery failed Nachrichten ohne Ende 1. Schritt Neue Version! Bitte neu runterladen! Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
13.07.2012, 15:33
| #3 |
| | Mail delivery failed Nachrichten ohne Ende 1. keine Bedrohung gefunden
__________________2. Code:
ATTFilter OTL Extras logfile created on: 13.07.2012 16:22:37 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,79% Memory free
6,18 Gb Paging File | 3,98 Gb Available in Paging File | 64,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 80,06 Gb Free Space | 34,38% Space Free | Partition Type: NTFS
Drive E: | 761,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22979276-E0AF-4C80-A883-95571FA189C0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{3CCE7AEA-FC23-4CAE-8FCC-2A6988EEFD29}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085BEEFA-E5C2-4D53-917F-0B66FD67A33B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{142369D1-DAC8-4347-8880-5C50BB78A812}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{170D003C-7831-4622-8456-5B8209A9B4A7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1E4D475E-6F44-45D3-835C-5511FD90C0D2}" = protocol=17 | dir=in | app=c:\program files\xi\netxfer\nettransport.exe |
"{2AD247CE-4531-4199-B47A-649411B825F8}" = protocol=6 | dir=in | app=c:\program files\xi\netxfer\ftptransport.exe |
"{30C5205C-33A0-4A5F-A7B9-93E11C683DE5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{48DE12AA-13C9-4F44-B834-9E788F5B7F6F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{4FE51107-E841-4F51-BD7F-3199B25D91EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5566632B-B23A-4196-AAC3-54C436231627}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{58C4DAD2-AEDD-4F20-95FC-856EED6754CD}" = protocol=6 | dir=in | app=c:\program files\xi\netxfer\nettransport.exe |
"{60E10858-282C-4ECF-AD8F-E337C7B26EDB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{8BA6F3B3-70F1-42F8-8C62-CE13084332DD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A3FB5747-EC23-4757-AF8E-112CA85234E7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{A4D4523E-F0D4-4CC0-81DF-D2894B9413B3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{A7FC5A3D-5F7A-421A-A1C1-0C4CA8F8EE8E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A99D03A1-1BAB-435E-AFA3-9699FBBAFCC0}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{C8C948A1-9909-4561-A233-852DB90C1ACF}" = protocol=17 | dir=in | app=c:\program files\xi\netxfer\ftptransport.exe |
"{D3A453C4-23F6-4024-8928-CF06EB3E7549}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{2A9570D5-531B-48A1-90AE-A505BC6AAEDF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{69D513D5-A22D-42CA-AC47-7631F4814633}C:\program files\ultramixer4\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ultramixer4\jre\bin\javaw.exe |
"TCP Query User{8F410CA1-4A27-4D97-84CC-6FF315E6B753}C:\windows\system32\kms.exe" = protocol=6 | dir=in | app=c:\windows\system32\kms.exe |
"UDP Query User{637B7364-037A-466B-9EFF-06FC8E126C9B}C:\windows\system32\kms.exe" = protocol=17 | dir=in | app=c:\windows\system32\kms.exe |
"UDP Query User{AE7A5F7A-8084-4332-8A4F-89325AE6B164}C:\program files\ultramixer4\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ultramixer4\jre\bin\javaw.exe |
"UDP Query User{EDB77EB9-EF56-464B-A510-86AB2552F367}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{0320AB41-0926-4218-A8A6-68AC84E6BB93}" = Nero Recode 11
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{51865D9D-8F63-46F2-87AB-9E72F93B618C}" = welcome
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5CB79EE7-301F-4AE7-A76D-D27BF8942E0A}" = Nero 11
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Designer 2.0_is1" = Designer 2.0
"DivX Setup" = DivX-Setup
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Kinovea" = Kinovea
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mixxx (1.10.0)" = Mixxx 1.10.0
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProInst" = Intel(R) PROSet/Wireless Software
"Sandboxie" = Sandboxie 3.68 (32-bit)
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"winscp3_is1" = WinSCP 4.3.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.07.2012 06:38:34 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6178
Error - 13.07.2012 07:13:53 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.07.2012 07:13:53 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2125014
Error - 13.07.2012 07:13:53 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2125014
Error - 13.07.2012 07:13:54 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.07.2012 07:13:54 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2126138
Error - 13.07.2012 07:13:54 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2126138
Error - 13.07.2012 07:13:57 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.07.2012 07:13:57 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2128618
Error - 13.07.2012 07:13:57 | Computer Name = Lappi | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2128618
[ System Events ]
Error - 10.04.2012 04:52:06 | Computer Name = Lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 10.04.2012 04:53:49 | Computer Name = Lappi | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.04.2012 07:15:23 | Computer Name = Lappi | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 10.04.2012 07:16:24 | Computer Name = Lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 11.04.2012 01:27:54 | Computer Name = Lappi | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 11.04.2012 01:28:45 | Computer Name = Lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 11.04.2012 05:57:44 | Computer Name = Lappi | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 11.04.2012 05:58:37 | Computer Name = Lappi | Source = Service Control Manager | ID = 7000
Description =
Error - 11.04.2012 10:07:25 | Computer Name = Lappi | Source = DCOM | ID = 10010
Description =
Error - 11.04.2012 14:20:47 | Computer Name = Lappi | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Code:
ATTFilter OTL logfile created on: 13.07.2012 16:22:37 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\admin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 33,79% Memory free 6,18 Gb Paging File | 3,98 Gb Available in Paging File | 64,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,88 Gb Total Space | 80,06 Gb Free Space | 34,38% Space Free | Partition Type: NTFS Drive E: | 761,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\admin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.) PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () PRC - C:\Programme\AVG Secure Search\vprot.exe () PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\Programme\FileHippo.com\UpdateChecker.exe (FileHippo.com) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Pinnacle Systems) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Programme\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll () MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll () MOD - C:\Programme\AVG Secure Search\vprot.exe () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Pinnacle\Shared Files\Programs\StrmServer\UPnPStreamingDevice.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (vToolbarUpdater11.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe () SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG) DRV - (Uim_IM) -- C:\Windows\System32\drivers\Uim_IM.sys (Paragon) DRV - (Uim_Vim) -- C:\Windows\System32\drivers\Uim_Vim.sys (Paragon) DRV - (UimBus) -- C:\Windows\System32\drivers\UimBus.sys (Windows (R) 2000 DDK provider) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON) DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON) DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10005’ IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={645EC409-8B58-4B38-90C7-1C980FE2B617}&mid=341005eeee6a47d0b533d156a71633c1-9d1c6937c3c0b51fdad163c70aa3c50056532445&lang=de&ds=od011&pr=sa&d=2012-06-17 10:39:27&v=11.1.0.7&sap=hp IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109989&babsrc=SP_ss&mntrId=8c1492c9000000000000001d09591750 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={645EC409-8B58-4B38-90C7-1C980FE2B617}&mid=341005eeee6a47d0b533d156a71633c1-9d1c6937c3c0b51fdad163c70aa3c50056532445&lang=de&ds=od011&pr=sa&d=2012-06-17 10:39:27&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B02f9d947-4aa1-483a-abc7-fc7ad84931a6%7D&mid=341005eeee6a47d0b533d156a71633c1-9d1c6937c3c0b51fdad163c70aa3c50056532445&ds=od011&v=11.1.0.7&lang=de&pr=sa&d=2012-06-17%2010%3A39%3A27&sap=ku&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.10 09:39:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 08:27:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 21:42:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 19:08:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.22 10:35:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.17 19:08:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.22 10:35:48 | 000,000,000 | ---D | M] [2012.03.28 16:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions [2012.07.10 09:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\fmmahgfc.default\extensions [2012.07.10 09:39:22 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\fmmahgfc.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012.07.10 09:39:24 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\fmmahgfc.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.05.11 10:12:41 | 000,000,000 | ---D | M] ("Fox Splitter") -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\fmmahgfc.default\extensions\foxsplitter@piro.sakura.ne.jp [2012.05.05 14:05:03 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\fmmahgfc.default\extensions\ietab@ip.cn [2012.04.01 12:11:11 | 000,003,941 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fmmahgfc.default\searchplugins\sweetim.xml [2012.06.17 08:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.10 09:39:26 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.06.17 08:27:59 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.07.09 21:42:58 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12 [2012.06.26 13:03:00 | 000,339,843 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FMMAHGFC.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI [2012.03.31 18:54:11 | 000,164,858 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FMMAHGFC.DEFAULT\EXTENSIONS\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.XPI [2012.06.26 16:12:17 | 000,289,256 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FMMAHGFC.DEFAULT\EXTENSIONS\LANGPACK-DE@FIREFOX.MOZILLA.ORG.XPI [2012.06.17 19:08:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.09 21:42:52 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.04.02 17:58:30 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.06.01 17:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.01 17:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\ CHR - Extension: avast! WebRep = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4 - HKCU..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH) O4 - HKCU..\Run: [PMCRemote] File not found O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11559FD1-DD76-4DA6-BF63-C12BED417E55}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE27A848-7AA8-4027-A121-608441E240EA}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.03.12 14:48:15 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{017b65a0-8a0f-11e1-8d7f-001fe1f2da32}\Shell - "" = AutoRun O33 - MountPoints2\{017b65a0-8a0f-11e1-8d7f-001fe1f2da32}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.03.12 04:28:59 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{017b65a0-8a0f-11e1-8d7f-001fe1f2da32}\Shell\configure\command - "" = E:\setup.exe -- [2010.03.12 04:28:59 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{017b65a0-8a0f-11e1-8d7f-001fe1f2da32}\Shell\install\command - "" = E:\setup.exe -- [2010.03.12 04:28:59 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{865a851f-89f7-11e1-93f0-001fe1f2da32}\Shell - "" = AutoRun O33 - MountPoints2\{865a851f-89f7-11e1-93f0-001fe1f2da32}\Shell\AutoRun\command - "" = E:\setup.exe -- [2010.03.12 04:28:59 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{865a851f-89f7-11e1-93f0-001fe1f2da32}\Shell\configure\command - "" = E:\setup.exe -- [2010.03.12 04:28:59 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{865a851f-89f7-11e1-93f0-001fe1f2da32}\Shell\install\command - "" = E:\setup.exe -- [2010.03.12 04:28:59 | 001,100,664 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.13 13:48:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.12 13:54:18 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes [2012.07.12 13:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.12 13:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.12 13:54:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.12 13:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.11 13:55:11 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.11 13:52:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.11 13:52:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.11 13:52:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.11 13:52:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.11 13:52:25 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.11 13:52:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.11 13:52:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 11:50:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.06 13:25:39 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Judiths 30 [2012.07.06 11:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\fotobuch.de AG [2012.07.06 11:33:13 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Designer Files [2012.07.06 11:33:11 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\fotobuch.de AG [2012.07.06 11:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fotobuch.de [2012.07.06 11:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\fotobuch.de [2012.07.06 11:30:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\artworks [2012.07.01 11:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.06.21 10:51:28 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.21 10:51:27 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.21 07:28:09 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.21 07:28:09 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.21 07:28:09 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.21 07:27:37 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.21 07:27:37 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.18 21:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2012.06.18 21:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP [2012.06.17 10:39:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\AVG Secure Search [2012.06.17 10:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012.06.17 10:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012.06.17 10:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012.06.17 10:38:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.06.17 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.06.17 09:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.06.17 09:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.06.17 09:30:07 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\pdfforge [2012.06.17 09:30:03 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX [2012.06.17 09:30:03 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2012.06.17 09:30:02 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2012.06.17 09:30:02 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\OpenCandy [2012.06.17 09:30:01 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2012.06.17 09:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.06.17 08:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.17 08:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.06.17 08:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.17 08:37:04 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.06.17 08:35:54 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.06.17 08:35:54 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.06.17 08:33:17 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.13 16:14:45 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 16:14:45 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.13 15:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.13 15:45:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.13 13:48:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.13 13:13:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.13 12:17:09 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012.07.13 12:16:26 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.13 12:14:29 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys [2012.07.13 09:15:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.07.12 22:39:32 | 000,013,000 | ---- | M] () -- C:\Users\admin\Documents\meineSchufa.de _ Registrierung online.pdf [2012.07.12 14:57:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.12 14:57:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.12 09:09:11 | 000,631,358 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.12 09:09:11 | 000,598,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.12 09:09:11 | 000,127,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.12 09:09:11 | 000,105,284 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.11 20:43:52 | 000,417,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.10 14:00:43 | 000,041,113 | ---- | M] () -- C:\Users\admin\Documents\meineimmobilie.de - Immobilien Bewertung.pdf [2012.07.10 09:39:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.07.07 23:40:07 | 000,101,542 | ---- | M] () -- C:\Users\admin\Documents\GF Stäwog.pdf [2012.07.06 11:55:03 | 000,035,840 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.06 11:32:30 | 000,001,856 | ---- | M] () -- C:\Users\admin\Desktop\Designer 2.0.lnk [2012.07.06 10:55:57 | 000,003,044 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.02 20:28:53 | 032,985,769 | ---- | M] () -- C:\Users\admin\Eisen 8 02.07.12.mkv [2012.07.02 20:27:42 | 026,920,386 | ---- | M] () -- C:\Users\admin\Eisen 8 front 02.07.12.mkv [2012.07.02 20:26:39 | 019,834,853 | ---- | M] () -- C:\Users\admin\Eisen 6 front 02.07.12.mkv [2012.07.02 20:25:46 | 021,210,506 | ---- | M] () -- C:\Users\admin\Eisen 6 02.07.12.mkv [2012.07.02 20:24:31 | 015,046,577 | ---- | M] () -- C:\Users\admin\Eisen 3 02.07.12.mkv [2012.07.02 20:23:48 | 021,809,336 | ---- | M] () -- C:\Users\admin\Eisen 3 front 02.07.12.mkv [2012.07.02 20:22:11 | 019,939,294 | ---- | M] () -- C:\Users\admin\Driver front 02.07.12.mkv [2012.07.02 20:20:07 | 016,418,871 | ---- | M] () -- C:\Users\admin\Driver 02.07.12.mkv [2012.07.01 11:50:06 | 000,083,331 | ---- | M] () -- C:\Users\admin\Documents\Projektassi Stelle.pdf [2012.06.21 15:13:41 | 000,398,999 | ---- | M] () -- C:\Users\admin\Eheurkunde.jpg [2012.06.21 15:12:49 | 000,405,649 | ---- | M] () -- C:\Users\admin\heiratsurkunde.jpg [2012.06.21 15:11:45 | 000,328,114 | ---- | M] () -- C:\Users\admin\Documents\Eheurkunde.pdf [2012.06.20 21:23:58 | 000,000,600 | ---- | M] () -- C:\Users\admin\AppData\Roaming\winscp.rnd [2012.06.18 21:07:07 | 000,001,634 | ---- | M] () -- C:\Users\admin\Desktop\WinSCP.lnk [2012.06.17 11:42:34 | 000,089,725 | ---- | M] () -- C:\Users\admin\Documents\Anzeigenmarkt Nordsee-Zeitung _ Stellenmarkt (Stellenangebote) _ Suchergebnis.pdf [2012.06.17 09:30:09 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.17 09:30:09 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.06.17 08:47:19 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.17 08:35:40 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2012.06.17 08:35:40 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.06.17 08:35:40 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.06.17 08:35:40 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.06.17 08:35:40 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.06.17 08:29:26 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.17 08:28:14 | 000,001,394 | ---- | M] () -- C:\Users\admin\Desktop\DivX Movies.lnk [2012.06.17 08:26:42 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk ========== Files Created - No Company Name ========== [2012.07.12 22:39:31 | 000,013,000 | ---- | C] () -- C:\Users\admin\Documents\meineSchufa.de _ Registrierung online.pdf [2012.07.10 14:00:42 | 000,041,113 | ---- | C] () -- C:\Users\admin\Documents\meineimmobilie.de - Immobilien Bewertung.pdf [2012.07.07 23:40:06 | 000,101,542 | ---- | C] () -- C:\Users\admin\Documents\GF Stäwog.pdf [2012.07.06 11:32:30 | 000,001,856 | ---- | C] () -- C:\Users\admin\Desktop\Designer 2.0.lnk [2012.07.02 20:28:35 | 032,985,769 | ---- | C] () -- C:\Users\admin\Eisen 8 02.07.12.mkv [2012.07.02 20:27:26 | 026,920,386 | ---- | C] () -- C:\Users\admin\Eisen 8 front 02.07.12.mkv [2012.07.02 20:26:31 | 019,834,853 | ---- | C] () -- C:\Users\admin\Eisen 6 front 02.07.12.mkv [2012.07.02 20:25:34 | 021,210,506 | ---- | C] () -- C:\Users\admin\Eisen 6 02.07.12.mkv [2012.07.02 20:24:24 | 015,046,577 | ---- | C] () -- C:\Users\admin\Eisen 3 02.07.12.mkv [2012.07.02 20:23:40 | 021,809,336 | ---- | C] () -- C:\Users\admin\Eisen 3 front 02.07.12.mkv [2012.07.02 20:22:01 | 019,939,294 | ---- | C] () -- C:\Users\admin\Driver front 02.07.12.mkv [2012.07.02 20:20:00 | 016,418,871 | ---- | C] () -- C:\Users\admin\Driver 02.07.12.mkv [2012.07.01 11:50:05 | 000,083,331 | ---- | C] () -- C:\Users\admin\Documents\Projektassi Stelle.pdf [2012.07.01 11:35:36 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.01 11:35:35 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.21 15:13:40 | 000,398,999 | ---- | C] () -- C:\Users\admin\Eheurkunde.jpg [2012.06.21 15:12:48 | 000,405,649 | ---- | C] () -- C:\Users\admin\heiratsurkunde.jpg [2012.06.21 15:11:39 | 000,328,114 | ---- | C] () -- C:\Users\admin\Documents\Eheurkunde.pdf [2012.06.18 21:07:09 | 000,000,600 | ---- | C] () -- C:\Users\admin\AppData\Roaming\winscp.rnd [2012.06.18 21:07:07 | 000,001,634 | ---- | C] () -- C:\Users\admin\Desktop\WinSCP.lnk [2012.06.17 11:42:33 | 000,089,725 | ---- | C] () -- C:\Users\admin\Documents\Anzeigenmarkt Nordsee-Zeitung _ Stellenmarkt (Stellenangebote) _ Suchergebnis.pdf [2012.06.17 09:30:09 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk [2012.06.17 09:30:09 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.06.17 08:47:19 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.06.17 08:28:14 | 000,001,394 | ---- | C] () -- C:\Users\admin\Desktop\DivX Movies.lnk [2012.06.17 08:26:42 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2012.05.22 19:33:48 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2012.05.22 19:33:48 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2012.05.22 19:33:48 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2012.05.22 19:33:48 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2012.05.22 19:33:48 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2012.04.13 15:56:43 | 031,245,933 | ---- | C] () -- C:\Users\admin\kurzes Eisen 13.4.12.mkv [2012.04.13 15:54:56 | 012,321,174 | ---- | C] () -- C:\Users\admin\mittleres Eisen 13.4.12.mkv [2012.04.13 15:50:04 | 023,774,173 | ---- | C] () -- C:\Users\admin\Eisen 3 13.4.12.mkv [2012.04.13 15:46:55 | 029,628,308 | ---- | C] () -- C:\Users\admin\mittleres Eisen Front 13.4.12.mkv [2012.04.10 17:40:28 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2012.04.01 18:40:14 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.04.01 18:40:14 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.04.01 18:19:07 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat [2012.04.01 18:12:20 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini [2012.03.31 16:08:29 | 000,035,840 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.30 09:43:24 | 000,003,044 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.03.29 01:50:18 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.03.29 01:50:17 | 000,631,358 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.03.29 01:50:17 | 000,127,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.03.29 01:50:17 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.03.28 22:02:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.03.28 22:00:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.03.28 21:04:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.03.28 17:23:35 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2012.03.28 16:25:49 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2012.03.28 16:15:00 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat [2012.03.28 16:04:03 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat ========== LOP Check ========== [2012.04.02 17:58:26 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Babylon [2012.04.19 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\DAEMON Tools Lite [2012.04.15 21:35:59 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\FireShot [2012.07.06 11:33:13 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\fotobuch.de AG [2012.03.31 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Kinovea [2012.06.17 09:30:02 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenCandy [2012.04.01 12:17:43 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\OpenOffice.org [2012.06.17 09:30:07 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\pdfforge [2012.05.10 15:58:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\UltraMixer4 [2012.04.02 17:55:58 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Xi [2012.07.13 09:15:41 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
13.07.2012, 16:13
| #4 |
| /// Helfer-Team | Mail delivery failed Nachrichten ohne EndeFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10005’
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109989&babsrc=SP_ss&mntrId=8c1492c9000000000000001d09591750
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={645EC409-8B58-4B38-90C7-1C980FE2B617}&mid=341005eeee6a47d0b533d156a71633c1-9d1c6937c3c0b51fdad163c70aa3c50056532445&lang=de&ds=od011&pr=sa&d=2012-06-17 10:39:27&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.bild.de/"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B02f9d947-4aa1-483a-abc7-fc7ad84931a6%7D&mid=341005eeee6a47d0b533d156a71633c1-9d1c6937c3c0b51fdad163c70aa3c50056532445&ds=od011&v=11.1.0.7&lang=de&pr=sa&d=2012-06-17%2010%3A39%3A27&sap=ku&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [PMCRemote] File not found
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{017b65a0-8a0f-11e1-8d7f-001fe1f2da32}\Shell - "" = AutoRun
O33 - MountPoints2\{865a851f-89f7-11e1-93f0-001fe1f2da32}\Shell - "" = AutoRun
[2012.03.28 16:25:49 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2012.04.01 12:11:11 | 000,003,941 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fmmahgfc.default\searchplugins\sweetim.xml
[2012.07.09 21:42:52 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.04.02 17:58:30 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.01 17:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 17:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.07.13 15:45:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.13 12:16:26 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.01 11:35:36 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.01 11:35:35 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
:Commands
ipconfig /flushdns /c
[emptytemp]
[emptyflash]
[resethosts]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! danach: Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
|
|
14.07.2012, 08:58
| #5 |
| | Mail delivery failed Nachrichten ohne EndeCode:
ATTFilter All processes killed
========== OTL ==========
No active process named SweetIM.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.bild.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://isearch.avg.com/search?cid=%7B02f9d947-4aa1-483a-abc7-fc7ad84931a6%7D&mid=341005eeee6a47d0b533d156a71633c1-9d1c6937c3c0b51fdad163c70aa3c50056532445&ds=od011&v=11.1.0.7&lang=de&pr=sa&d=2012-06-17%2010%3A39%3A27&sap=ku&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Programme\SweetIM\Messenger\SweetIM.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PMCRemote deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche\ deleted successfully.
File Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{017b65a0-8a0f-11e1-8d7f-001fe1f2da32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017b65a0-8a0f-11e1-8d7f-001fe1f2da32}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{865a851f-89f7-11e1-93f0-001fe1f2da32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{865a851f-89f7-11e1-93f0-001fe1f2da32}\ not found.
C:\Windows\CT4CET.bin moved successfully.
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fmmahgfc.default\searchplugins\sweetim.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
========== COMMANDS ==========
Error: Unable to interpret <ipconfig /flushdns /c> in the current context!
[EMPTYTEMP]
User: admin
->Temp folder emptied: 2225625639 bytes
->Temporary Internet Files folder emptied: 201888068 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 607846437 bytes
->Google Chrome cache emptied: 38280595 bytes
->Flash cache emptied: 23245 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: User1
->Temp folder emptied: 36019 bytes
->Temporary Internet Files folder emptied: 74629 bytes
->FireFox cache emptied: 115609249 bytes
->Flash cache emptied: 675 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 183495334 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3.217,00 mb
[EMPTYFLASH]
User: admin
->Flash cache emptied: 0 bytes
User: All Users
User: Default
User: Default User
User: Public
User: User1
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.54.0 log created on 07132012_173401
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8be4624919308449894e0f95954c1510
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-13 03:56:52
# local_time=2012-07-13 05:56:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 32247 179727456 0 0
# compatibility_mode=8192 67108863 100 0 177 177 0 0
# scanned=3392
# found=0
# cleaned=0
# scan_time=284
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8be4624919308449894e0f95954c1510
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-13 04:40:32
# local_time=2012-07-13 06:40:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 32589 179727798 0 0
# compatibility_mode=8192 67108863 100 0 519 519 0 0
# scanned=73581
# found=0
# cleaned=0
# scan_time=2562
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8be4624919308449894e0f95954c1510
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-14 07:54:27
# local_time=2012-07-14 09:54:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 48913 179779324 0 0
# compatibility_mode=8192 67108863 100 0 52045 52045 0 0
# scanned=166374
# found=1
# cleaned=0
# scan_time=5872
C:\Users\admin\Downloads\OFFICE.2010.RTM.Final.Volume.Activator.READNFO-SHELOMOTUVI-PLZ\Activator\kmsreset.exe a variant of Win32/HackKMS.A application (unable to clean) 00000000000000000000000000000000 I
|
|
14.07.2012, 09:40
| #6 |
| /// Helfer-Team | Mail delivery failed Nachrichten ohne Ende
__________________ --> Mail delivery failed Nachrichten ohne Ende |
|
14.07.2012, 11:01
| #7 |
| | Mail delivery failed Nachrichten ohne Ende sorry, hatte das falsche kopiert! Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.14.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 admin :: *** [Administrator] Schutz: Aktiviert 14.07.2012 10:43:16 mbam-log-2012-07-14 (10-43-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 381878 Laufzeit: 1 Stunde(n), 16 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
14.07.2012, 21:14
| #8 |
| /// Helfer-Team | Mail delivery failed Nachrichten ohne Ende Downloade Dir bitte AdwCleaner auf deinen Desktop.
danach: Aendere das Passwort für Deinen web.de Account! |
|
15.07.2012, 20:38
| #9 |
| | Mail delivery failed Nachrichten ohne EndeCode:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/15/2012 at 21:37:42
# Updated 13/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : admin - LAPPI
# Running from : C:\Users\admin\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\admin\AppData\Local\AVG Secure Search
Folder Found : C:\Users\admin\AppData\Local\Babylon
Folder Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Folder Found : C:\Users\admin\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\admin\AppData\LocalLow\SweetIM
Folder Found : C:\Users\admin\AppData\Roaming\Babylon
Folder Found : C:\Users\admin\AppData\Roaming\OpenCandy
Folder Found : C:\Users\admin\AppData\Roaming\pdfforge
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\Common Files\AVG Secure Search
***** [Registry] *****
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={645EC409-8B58-4B38-90C7-1C980FE2B617}&mid=341005eeee6a47d0b533d156a71633c1-9d1c6937c3c0b51fdad163c70aa3c50056532445&lang=de&ds=od011&pr=sa&d=2012-06-17 10:39:27&v=11.1.0.7&sap=hp
-\\ Mozilla Firefox v13.0.1 (en-US)
Profile name : default
File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fmmahgfc.default\prefs.js
Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109989");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "8c1492c9000000000000001d09591750");
Found : user_pref("extensions.BabylonToolbar_i.id", "8c1492c9000000000000001d09591750");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15432");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109989&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:58:36");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.bild.de/");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10005’");
Profile name : default
File : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\v0zxq0au.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v20.0.1132.57
File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Found : "path": "C:\\Program Files\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.1.0\\\[...]
*************************
AdwCleaner[R1].txt - [10383 octets] - [15/07/2012 21:37:42]
########## EOF - C:\AdwCleaner[R1].txt - [10512 octets] ##########
|
|
15.07.2012, 20:44
| #10 |
| /// Helfer-Team | Mail delivery failed Nachrichten ohne Ende http://www.trojaner-board.de/119265-...tml#post865077 Passwoerter geaendert?
|
|
15.07.2012, 20:54
| #11 |
| | Mail delivery failed Nachrichten ohne Ende Ja, ist geändert! Code:
ATTFilter # AdwCleaner v1.702 - Logfile created 07/15/2012 at 21:47:49
# Updated 13/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : admin - LAPPI
# Running from : C:\Users\admin\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\admin\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\admin\AppData\Local\Babylon
Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Folder Deleted : C:\Users\admin\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\admin\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\admin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\admin\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\admin\AppData\Roaming\pdfforge
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\SweetIM
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
***** [Registry] *****
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\SweetIM
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={645EC409-8B58-4B38-90C7-1C980FE2B617}&mid=341005eeee6a47d0b533d156a71633c1-9d1c6937c3c0b51fdad163c70aa3c50056532445&lang=de&ds=od011&pr=sa&d=2012-06-17 10:39:27&v=11.1.0.7&sap=hp --> hxxp://www.google.com
-\\ Mozilla Firefox v13.0.1 (en-US)
Profile name : default
File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fmmahgfc.default\prefs.js
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\fmmahgfc.default\user.js ... Deleted !
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.12");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109989");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "8c1492c9000000000000001d09591750");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "8c1492c9000000000000001d09591750");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15432");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109989&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:58:36");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.bild.de/");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10005’");
Profile name : default
File : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\v0zxq0au.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v20.0.1132.57
File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted : "path": "C:\\Program Files\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\11.1.0\\\[...]
*************************
AdwCleaner[R1].txt - [10514 octets] - [15/07/2012 21:37:42]
AdwCleaner[S1].txt - [10822 octets] - [15/07/2012 21:47:49]
########## EOF - C:\AdwCleaner[S1].txt - [10951 octets] ##########
|
|
15.07.2012, 21:24
| #12 |
| /// Helfer-Team | Mail delivery failed Nachrichten ohne Ende Sehr gut!  Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
15.07.2012, 22:14
| #13 |
| | Mail delivery failed Nachrichten ohne Ende ok, ich tu nun immer hörig, was verlangt wird. Aber genau warum und wieso weiss ich nicht?!? Was ist Stand der Dinge? Was kann es sein? Warum so viele scans? |
|
15.07.2012, 22:20
| #14 |
| /// Helfer-Team | Mail delivery failed Nachrichten ohne Ende Wir wollen ueberpruefn, ob Du einen Virus oder Trojaner hast. Die Scans dienen der Ueberpruefung des Systems. Der letzte Scanauftrag ist nur zur Kontrolle. Aber Dein Rechner ist sauber, Du hattest wahrscheinlich ein zu einfaches Passwort für dein web.de Account vergeben und er wurde per BruteForce gehackt und nicht ausgespaeht. |
|
25.07.2012, 06:43
| #15 |
| /// Helfer-Team | Mail delivery failed Nachrichten ohne Ende Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu Mail delivery failed Nachrichten ohne Ende |
| account, account gehackt, adresse, angeblich, antworten, bekannte, bestellt, delivery, failed, gehackt, mail, mail delivery, mail delivery failed, nachrichten, schei, tagen, täglich, unbekannte, versendet, web.de, worte, überhaupt |
Linear-Darstellung
