| |
| |||||||
Log-Analyse und Auswertung: Trojaner-Befall (Sirefef.GA/GY/GZ, W64.ZAccess, Generic.7629199) in Windows\InstallerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.07.2012, 21:57
| #1 |
| |  Trojaner-Befall (Sirefef.GA/GY/GZ, W64.ZAccess, Generic.7629199) in Windows\Installer Hallo, ich habe folgendes Problem: 6-facher reproduzierender Virenbefall (das sagt F-Secure): 1. Trojan.Sirefef.GY Pfad: c:\windows \installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\u\00000004.$ 2. Trojan.Sirefef.GZ Pfad: c:\windows \installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\u\00000008.$ 3. Trojan.Sirefef.GA Pfad: c:\windows \installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\u\80000000.$ 4. Trojan.Generic.7629199 Pfad: c:\windows \installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\u\80000032.$ 5. Trojan.W64.Zaccess.H Pfad: c:\windows \installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\u\80000064.$ 6. Trojan.W64.Zaccess.G Pfad: c:\windows \installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\u\000000cb.$ Welche Computer-Probleme bestehen derzeit? Der Laptop ist langsam. Der Laptop fährt selbständig herunter. Wenn ich einen Link auf google öffnen möchte, öffnen sich andere Seiten Was habe ich bisher gemacht? - wiederholt einen Vollscan mit F-Secure durchgeführt, der die Trojaner zwar erkannt hat, deren Reproduktion jedoch nicht verhindern konnte - OTL.exe durchgeführt Hier die logfiles: Code:
ATTFilter OTL logfile created on: 12.07.2012 19:04:01 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Matthes\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,96% Memory free 7,73 Gb Paging File | 5,86 Gb Available in Paging File | 75,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 421,81 Gb Total Space | 103,33 Gb Free Space | 24,50% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 27,75 Gb Free Space | 95,70% Space Free | Partition Type: NTFS Computer Name: MATTHES-PC | User Name: Matthes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.07 07:52:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Matthes\Desktop\OTL.exe PRC - [2012.06.24 05:42:16 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012.06.16 14:44:08 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.06.06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.05.29 13:25:34 | 001,028,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fssm32.exe PRC - [2012.05.29 13:25:34 | 000,561,832 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\FSGK32.EXE PRC - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe PRC - [2012.03.08 20:00:52 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe PRC - [2012.03.08 20:00:07 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsav32.exe PRC - [2011.06.15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.09.17 21:54:27 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2010.03.03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.03 22:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.12.22 14:40:58 | 000,167,008 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe PRC - [2009.12.19 04:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.08.11 18:59:38 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009.08.05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE PRC - [2009.08.05 17:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE PRC - [2009.08.05 17:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSHDLL32.EXE PRC - [2009.08.05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe ========== Modules (No Company Name) ========== MOD - [2012.06.24 05:42:16 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2012.06.16 14:44:05 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.06.14 19:26:39 | 011,824,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll MOD - [2012.06.14 19:25:38 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012.06.14 19:25:30 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012.05.11 03:29:03 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll MOD - [2012.05.11 03:27:12 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.11 03:26:13 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012.05.11 03:26:08 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.11 03:26:05 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.11 03:26:04 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.11 03:25:58 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.04.03 17:14:32 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.09.17 21:54:26 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2010.09.17 12:59:35 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.17 12:59:32 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.04.20 22:40:54 | 000,262,144 | ---- | M] () -- C:\Windows\SysWOW64\370prop.ax MOD - [2009.12.19 04:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2009.12.19 04:51:18 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2009.12.19 04:50:38 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll MOD - [2009.08.05 17:58:30 | 000,330,336 | ---- | M] () -- \\?\c:\program files (x86)\unitymedia\sicherheitspaket\hips\fshook32.dll MOD - [2009.08.05 17:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\strres.eng MOD - [2009.08.05 17:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\gres.dll MOD - [2009.08.05 17:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\flyerres.eng MOD - [2009.08.05 17:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\fsavures.eng MOD - [2009.08.05 17:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\about.dll MOD - [2009.08.05 17:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\aboutres.dll MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.12 18:42:44 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 14:44:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.08 20:13:37 | 000,844,384 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2012.03.08 20:00:52 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2011.07.07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.06.15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.03.03 22:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2009.08.11 18:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.05 17:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSMA32.EXE -- (FSMA) SRV - [2009.08.05 17:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.10 07:19:59 | 000,055,960 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts) DRV:64bit: - [2012.03.08 20:14:26 | 000,094,280 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW) DRV:64bit: - [2012.03.08 20:13:51 | 000,045,624 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.12.02 10:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64) DRV:64bit: - [2010.09.17 13:09:47 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.09.17 13:09:47 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.06.24 04:43:58 | 000,167,816 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.06.18 15:34:58 | 004,170,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.04.20 22:14:16 | 000,200,704 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi) DRV:64bit: - [2010.03.12 05:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.03.03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.28 13:55:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.01.18 11:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.01.05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.10.19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.16 13:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror) DRV:64bit: - [2009.07.16 05:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.01 06:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.07.01 06:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.01 06:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.01 06:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008.08.06 14:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2007.08.24 19:44:24 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012.05.29 13:25:55 | 000,199,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2012.03.08 20:02:29 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts) DRV - [2009.08.05 17:58:30 | 000,057,920 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2009.08.05 17:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys -- (F-Secure Filter) DRV - [2009.08.05 17:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys -- (F-Secure Recognizer) DRV - [2009.08.05 17:56:12 | 000,014,904 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=1586&gct=hp IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\SearchScopes,DefaultScope = {8151F7E7-182B-4701-BB04-F0649CBEEE9B} IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\SearchScopes\{8151F7E7-182B-4701-BB04-F0649CBEEE9B}: "URL" = hxxp://www.bing.com/search?FORM=BB07DF&PC=BB07&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}: "URL" = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms} IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\SearchScopes\{FFA10CDA-95BF-42EF-AB58-E13B18A03EFD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9F4497C3-2CDD-4543-9D00-1ED572FAF821&apn_sauid=B6E8C57A-E168-4CDD-BDB6-A2E4BD6FC138 IE - HKU\S-1-5-21-521551089-346159714-2597394513-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-521551089-346159714-2597394513-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKU\S-1-5-21-521551089-346159714-2597394513-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKU\S-1-5-21-521551089-346159714-2597394513-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-521551089-346159714-2597394513-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-521551089-346159714-2597394513-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "NCH DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.06.05 07:57:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 14:44:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Matthes\AppData\Roaming\5021 [2011.07.28 23:51:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 14:44:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.15 14:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthes\AppData\Roaming\mozilla\Extensions [2012.06.27 15:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthes\AppData\Roaming\mozilla\Firefox\Profiles\qiab0482.default\extensions [2012.06.06 19:01:33 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Matthes\AppData\Roaming\mozilla\Firefox\Profiles\qiab0482.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.06.06 19:01:26 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Matthes\AppData\Roaming\mozilla\Firefox\Profiles\qiab0482.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2012.06.27 15:55:11 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Matthes\AppData\Roaming\mozilla\Firefox\Profiles\qiab0482.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.02.25 22:08:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Matthes\AppData\Roaming\mozilla\Firefox\Profiles\qiab0482.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.31 05:35:52 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\Matthes\AppData\Roaming\mozilla\Firefox\Profiles\qiab0482.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} [2012.07.04 07:35:24 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Matthes\AppData\Roaming\mozilla\Firefox\Profiles\qiab0482.default\extensions\toolbar@ask.com [2012.05.05 07:07:14 | 000,000,933 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\11-suche.xml [2012.07.04 07:35:24 | 000,002,335 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\askcom.xml [2011.07.19 19:05:33 | 000,002,023 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\badoo.xml [2011.11.28 17:11:50 | 000,000,915 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\conduit.xml [2012.05.05 07:07:14 | 000,002,419 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\englische-ergebnisse.xml [2012.05.05 07:07:14 | 000,010,525 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\gmx-suche.xml [2012.07.03 12:45:49 | 000,000,950 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\icqplugin-1.xml [2011.06.30 03:19:39 | 000,000,950 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\icqplugin-2.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\icqplugin.xml [2012.05.05 07:07:14 | 000,002,457 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\lastminute.xml [2012.05.05 07:07:14 | 000,005,508 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Mozilla\Firefox\Profiles\qiab0482.default\searchplugins\webde-suche.xml [2012.03.17 20:02:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.10 07:21:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.05 07:57:54 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\UNITYMEDIA\SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM [2011.07.28 23:51:42 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MATTHES\APPDATA\ROAMING\5021 [2012.06.16 14:44:09 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.24 19:59:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.24 19:59:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.24 19:59:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.24 19:59:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.24 19:59:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.24 19:59:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (NCH DE Toolbar) - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\Toolbar\WebBrowser: (NCH DE Toolbar) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-521551089-346159714-2597394513-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-521551089-346159714-2597394513-1003\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-521551089-346159714-2597394513-1003\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Unitymedia\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-521551089-346159714-2597394513-1001..\Run: [avupdate] C:\Users\Matthes\AppData\Roaming\jashla.exe File not found O4 - HKU\S-1-5-21-521551089-346159714-2597394513-1001..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo Desktop\1.6.48.1082\Badoo.Desktop.exe File not found O4 - HKU\S-1-5-21-521551089-346159714-2597394513-1001..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4 File not found O4 - HKU\S-1-5-21-521551089-346159714-2597394513-1001..\Run: [phonostar-PlayerTimer] C:\Program Files (x86)\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Matthes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Matthes\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Unitymedia\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81DD7E84-8D22-45D1-B256-7D8545AF8B25}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2C6DD4B-5000-4589-916C-A10AEB2E53FC}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB157BF9-9DD7-41F5-BD3E-BB4A2B0A1C35}: DhcpNameServer = 80.69.100.198 80.69.100.206 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{00e4114a-c5b2-11e0-aa03-70f3954b130a}\Shell - "" = AutoRun O33 - MountPoints2\{00e4114a-c5b2-11e0-aa03-70f3954b130a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{00e4115b-c5b2-11e0-aa03-70f3954b130a}\Shell - "" = AutoRun O33 - MountPoints2\{00e4115b-c5b2-11e0-aa03-70f3954b130a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.10 07:48:58 | 000,000,000 | ---D | C] -- C:\Users\Matthes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte [2012.07.07 11:34:59 | 000,000,000 | ---D | C] -- C:\Users\Matthes\Documents\Aufnahmen [2012.07.07 11:34:48 | 000,000,000 | ---D | C] -- C:\Users\Matthes\AppData\Roaming\phonostar GmbH [2012.07.07 11:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phonostar [2012.07.07 11:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phonostar-Player [2012.07.07 07:52:14 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Matthes\Desktop\OTL.exe [2012.06.28 02:35:55 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA% [2012.06.24 06:48:03 | 000,000,000 | ---D | C] -- C:\Users\Matthes\AppData\Local\Macromedia [2012.06.16 12:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.06.16 12:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.06.16 12:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [1 C:\Users\Matthes\AppData\Roaming\*.tmp files -> C:\Users\Matthes\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.12 19:04:36 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 19:04:36 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.12 18:56:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.12 18:56:04 | 3113,365,504 | -HS- | M] () -- C:\hiberfil.sys [2012.07.12 18:49:48 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.07.12 18:24:54 | 000,000,584 | ---- | M] () -- C:\windows\tasks\Scheduled scanning task.job [2012.07.12 06:48:12 | 000,301,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.07.09 23:07:35 | 000,001,118 | ---- | M] () -- C:\Users\Matthes\Desktop\Cyberlink Power2Go.lnk [2012.07.09 19:46:50 | 001,493,750 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.07.09 19:46:50 | 000,650,994 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.07.09 19:46:50 | 000,614,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.07.09 19:46:50 | 000,129,638 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.07.09 19:46:50 | 000,106,812 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.07.07 11:34:48 | 000,001,068 | ---- | M] () -- C:\Users\Matthes\Desktop\phonostar-Player.lnk [2012.07.07 07:52:15 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Matthes\Desktop\OTL.exe [2012.07.07 07:48:28 | 000,000,000 | ---- | M] () -- C:\Users\Matthes\defogger_reenable [2012.07.07 07:46:23 | 000,050,477 | ---- | M] () -- C:\Users\Matthes\Desktop\Defogger.exe [2012.07.05 01:14:08 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad [2012.07.05 01:11:03 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad [2012.07.05 01:08:53 | 000,001,881 | ---- | M] () -- C:\Users\Matthes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.28 02:27:59 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.26 08:53:40 | 001,475,048 | ---- | M] () -- C:\Users\Matthes\Documents\Lustige doofe Sprüche Hänschen Krusche Juni 2012.pdf [2012.06.16 12:28:33 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [1 C:\Users\Matthes\AppData\Roaming\*.tmp files -> C:\Users\Matthes\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.12 18:50:23 | 000,016,896 | ---- | C] () -- C:\windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\80000000.@ [2012.07.07 11:34:48 | 000,001,068 | ---- | C] () -- C:\Users\Matthes\Desktop\phonostar-Player.lnk [2012.07.07 10:40:35 | 000,000,584 | ---- | C] () -- C:\windows\tasks\Scheduled scanning task.job [2012.07.07 07:48:28 | 000,000,000 | ---- | C] () -- C:\Users\Matthes\defogger_reenable [2012.07.07 07:46:22 | 000,050,477 | ---- | C] () -- C:\Users\Matthes\Desktop\Defogger.exe [2012.07.05 01:08:53 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.07.05 01:08:53 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad [2012.07.05 01:08:53 | 000,001,881 | ---- | C] () -- C:\Users\Matthes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.06.28 02:24:17 | 000,000,804 | ---- | C] () -- C:\windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\L\00000004.@ [2012.06.26 08:53:40 | 001,475,048 | ---- | C] () -- C:\Users\Matthes\Documents\Lustige doofe Sprüche Hänschen Krusche Juni 2012.pdf [2012.06.16 12:28:33 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.08 19:51:31 | 000,042,672 | ---- | C] () -- C:\windows\SysWow64\drivers\fsbts.sys [2012.03.08 19:50:14 | 001,516,890 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012.01.12 00:19:42 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\@ [2012.01.12 00:19:42 | 000,002,048 | -HS- | C] () -- C:\Users\Matthes\AppData\Local\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\@ [2011.09.11 22:13:44 | 000,111,932 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat [2011.09.11 22:13:44 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini [2011.09.11 22:13:43 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat [2011.09.11 22:13:43 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat [2011.09.11 22:13:43 | 000,026,154 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat [2011.09.11 22:13:43 | 000,024,903 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat [2011.09.11 22:13:43 | 000,021,390 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat [2011.09.11 22:13:43 | 000,020,148 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat [2011.09.11 22:13:43 | 000,011,811 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat [2011.09.11 22:13:43 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat [2011.09.11 22:13:43 | 000,001,146 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_DU.dat [2011.09.11 22:13:43 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat [2011.09.11 22:13:43 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat [2011.09.11 22:13:43 | 000,001,136 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat [2011.09.11 22:13:43 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat [2011.09.11 22:13:43 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat [2011.09.11 22:13:43 | 000,001,120 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_IT.dat [2011.09.11 22:13:43 | 000,001,107 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_GE.dat [2011.09.11 22:13:43 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat [2011.09.11 22:10:17 | 000,000,025 | ---- | C] () -- C:\windows\CDE DX5000EFDG.ini [2011.08.02 19:01:08 | 000,000,053 | ---- | C] () -- C:\Users\Matthes\AppData\Roaming\urhtps.dat [2011.07.21 21:08:11 | 000,391,425 | ---- | C] () -- C:\Users\Matthes\04 - Lying from You (Intro).mp3 [2011.07.21 21:06:21 | 000,000,248 | ---- | C] () -- C:\Users\Matthes\04 - Lying from You.mpd [2011.07.19 22:31:31 | 000,002,148 | ---- | C] () -- C:\Users\Matthes\.recently-used.xbel [2011.07.13 06:50:53 | 000,027,477 | ---- | C] () -- C:\Users\Matthes\bookmarks-2011-07-13.json [2011.07.03 23:06:50 | 000,022,643 | ---- | C] () -- C:\Users\Matthes\bookmarks-2011-07-03.json [2011.06.22 05:54:18 | 000,004,608 | ---- | C] () -- C:\Users\Matthes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.15 15:42:38 | 000,000,403 | ---- | C] () -- C:\windows\ODBC.INI [2011.06.15 15:32:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.17 22:09:15 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin [2010.09.17 22:09:15 | 000,000,512 | ---- | C] () -- C:\windows\current.bin [2010.09.17 22:01:41 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll [2010.09.17 21:54:30 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2010.09.17 21:54:30 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2010.09.17 21:54:23 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll ========== LOP Check ========== [2011.07.28 23:51:42 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\5021 [2011.07.19 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\ArcSyncConfig [2012.03.21 19:08:42 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\DVDVideoSoft [2012.02.25 22:08:43 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.30 13:38:20 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\elsterformular [2012.03.17 06:36:47 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\F-Secure [2012.03.17 06:07:40 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\gema [2011.07.19 22:31:31 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\gtk-2.0 [2011.10.06 03:40:54 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\ICQ [2011.08.21 17:23:15 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\Juniper Networks [2011.07.28 23:51:21 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\kock [2011.07.21 19:59:44 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\mp3DirectCut [2012.07.07 11:34:48 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\phonostar GmbH [2012.03.22 00:23:32 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\TeamViewer [2011.08.16 17:25:58 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\UAs [2011.08.16 17:25:58 | 000,000,000 | ---D | M] -- C:\Users\Matthes\AppData\Roaming\xmldm [2012.07.03 23:48:02 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012.07.12 18:24:54 | 000,000,584 | ---- | M] () -- C:\windows\Tasks\Scheduled scanning task.job ========== Purity Check ========== < End of report Code:
ATTFilter OTL Extras logfile created on: 07.07.2012 07:56:28 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Matthes\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,02% Memory free
7,73 Gb Paging File | 6,07 Gb Available in Paging File | 78,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 421,81 Gb Total Space | 105,48 Gb Free Space | 25,01% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 27,75 Gb Free Space | 95,70% Space Free | Partition Type: NTFS
Computer Name: MATTHES-PC | User Name: Matthes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.4.18_WHQL
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{0E1ACD7F-9B6E-47CF-AB67-A49036921A61}" = Bing Bar
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Benutzerhandbuch ESDX5000_CX4900" = Benutzerhandbuch ESDX5000_CX4900
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressZip" = Express Zip File Compression Software
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.5.5.221
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Freeware.de Toolbar" = Freeware.de Toolbar
"F-Secure Product 444" = Unitymedia Sicherheitspaket
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCH_DE Toolbar" = NCH DE Toolbar
"Pixillion" = Pixillion Image Converter
"Switch" = Switch Audiodatei-Konverter
"UMTS USB Modem Manager" = UMTS USB Modem Manager
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Audiobearbeitungs-Software
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"DrKawashima" = Dr Kawashima
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 07.07.2012 01:53:53 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 639 2012-07-07 07:53:53+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\80000000.$.
Infection: Trojan.Sirefef.GA
Error - 07.07.2012 01:54:00 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 640 2012-07-07 07:54:00+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\80000000.$.
Infection: Trojan.Sirefef.GA
Error - 07.07.2012 01:54:06 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 641 2012-07-07 07:54:06+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\80000000.$.
Infection: Trojan.Sirefef.GA
Error - 07.07.2012 01:54:12 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 642 2012-07-07 07:54:12+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\80000000.$.
Infection: Trojan.Sirefef.GA
Error - 07.07.2012 01:54:12 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 643 2012-07-07 07:54:12+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\00000008.$.
Infection: Trojan.Sirefef.GZ
Error - 07.07.2012 01:54:35 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 644 2012-07-07 07:54:35+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\00000008.$.
Infection: Trojan.Sirefef.GZ
Error - 07.07.2012 01:54:40 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 645 2012-07-07 07:54:40+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\80000000.$.
Infection: Trojan.Sirefef.GA
Error - 07.07.2012 01:54:43 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 646 2012-07-07 07:54:43+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\00000008.$.
Infection: Trojan.Sirefef.GZ
Error - 07.07.2012 01:54:46 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 647 2012-07-07 07:54:46+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\80000000.$.
Infection: Trojan.Sirefef.GA
Error - 07.07.2012 01:55:02 | Computer Name = Matthes-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 648 2012-07-07 07:55:02+02:00 MATTHES-PC Matthes-PC\Matthes F-Secure
Anti-Virus Malicious code found in file C:\Windows\Installer\{c5cc8527-1ef6-3fa6-f990-81d73c07a9a3}\U\80000000.$.
Infection: Trojan.Sirefef.GA
[ System Events ]
Error - 07.07.2012 00:55:59 | Computer Name = Matthes-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 07.07.2012 00:55:59 | Computer Name = Matthes-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 07.07.2012 00:56:24 | Computer Name = Matthes-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
Error - 07.07.2012 00:56:31 | Computer Name = Matthes-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ReadyComm.DirectRouter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.07.2012 00:56:53 | Computer Name = Matthes-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 07.07.2012 00:56:56 | Computer Name = Matthes-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =
Error - 07.07.2012 00:58:55 | Computer Name = Matthes-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Intel(R) Management & Security Application User Notification
Service" wurde nicht richtig gestartet.
Error - 07.07.2012 01:01:31 | Computer Name = Matthes-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error - 07.07.2012 02:04:51 | Computer Name = Matthes-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2147024891
Error - 07.07.2012 02:04:51 | Computer Name = Matthes-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
Fehler beendet: %%-2147024891
< End of report >
Von daher wäre ich Euch für jede Hilfe äußerst dankbar. MfG Matthes |
|
13.07.2012, 08:41
| #2 | |||
| /// Helfer-Team    | Trojaner-Befall (Sirefef.GA/GY/GZ, W64.ZAccess, Generic.7629199) in Windows\Installer Hallo und Herzlich Willkommen!
__________________ Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangen  :Zitat:
Da würde ich an Deiner Stelle das System gleich neu installieren, da die Bekämpfung diese neue Art der Infektion ohne div. Nebenwirkungen und hinterlassenen Schaden, die immer wieder [auf verschiedene Weise] Probleme bereiten können, ist nicht möglich! - einen Backdoor mit Rootkitfunktionalität diese Malware verwendet Rootkit-Technologie und Backdoor-Routine *was sind Backdoors und Rootkits* Verhaltensweise: "speicherresident" Zitat:
Tipps & Rat: ➊ Datensicherung: ► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen - Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall! - Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren! - Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...: - die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung Absolut empfehlenswerter Scanner: Zitat:
➋ -> Anleitung: Neuaufsetzen des Systems + Absicherung -> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7 ➌ Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) gruß kira
__________________ |
|
| Themen zu Trojaner-Befall (Sirefef.GA/GY/GZ, W64.ZAccess, Generic.7629199) in Windows\Installer |
| adobe, autorun, bho, bingbar, bonjour, conduit, converter, error, fehler, firefox, flash player, format, google, helper, home, install.exe, lenovo, mozilla, mp3, object, plug-in, problem, realtek, registry, reproduktion, rundll, searchscopes, security, software, trojaner, usb 2.0, windows, winload toolbar |
Linear-Darstellung
