| |
| |||||||
Log-Analyse und Auswertung: GMX-Account versendet Spam-Mails von meiner AdresseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.07.2012, 09:50
| #1 |
| |  GMX-Account versendet Spam-Mails von meiner Adresse Hallo, ich bekam heute ein Mail von mehreren Bekannten(aus meinem gmx Adressbuch...), die mir sagten, dass ich ihnen einen Link geschickt hätte, der ihnen verdächtig vorkam und, den sie deshalb noch nicht geöffnet haben. Ich vermute, dass es mein gmx-Account ist, der die Mail ohne mein Wissen verschickt hat. Ich habe von einem anderen Computer aus gerade mein Passwort des Accounts geändert. (hatte ich hier in einem anderen Thread gelesen). Danke schon mal für's durchschauen, ich hoffe ich habe die ganzen logs richtig durchgeführt! Malwarebytes hat beim Quickscan nichts gefunden. Hier der Bericht: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.23.03 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Maike :: MAIKE-PC [Administrator] Schutz: Aktiviert 23.07.2012 09:17:38 mbam-log-2012-07-23 (09-17-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 176978 Laufzeit: 4 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Sollte ich noch einen Voll-scan durchführen? Die defogger-Suche ergab ebenfalls nichts. Hier die OTL-Ergebnisse: OTL-Text: OTL logfile created on: 23.07.2012 09:26:09 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Maike\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,02% Memory free 6,21 Gb Paging File | 4,86 Gb Available in Paging File | 78,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,75 Gb Total Space | 125,69 Gb Free Space | 56,43% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,71 Gb Free Space | 57,10% Space Free | Partition Type: NTFS Computer Name: MAIKE-PC | User Name: Maike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.23 09:21:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maike\Desktop\OTL.exe PRC - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.30 12:28:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe PRC - [2008.06.30 12:28:14 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe PRC - [2008.06.30 12:28:12 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe PRC - [2008.06.30 12:28:12 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe PRC - [2008.06.26 13:10:06 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.06.26 13:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe PRC - [2008.06.26 13:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe PRC - [2008.06.03 15:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Dell Webcam\Dell Webcam Central\WebcamDell.exe PRC - [2008.04.28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.03.11 12:44:38 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.03.11 12:44:36 | 000,202,544 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2008.02.08 15:18:16 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.02.08 15:18:16 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.07.16 03:22:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll MOD - [2012.07.16 03:22:17 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll MOD - [2012.07.16 03:21:55 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\898e41b30712906b3de438644a44c78f\System.Xml.ni.dll MOD - [2012.07.16 03:21:38 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll MOD - [2012.07.16 03:21:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll MOD - [2012.07.16 03:20:26 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll MOD - [2012.07.16 03:20:07 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll MOD - [2008.08.20 11:12:53 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll MOD - [2008.08.20 11:07:52 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3019.36912__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l MOD - [2008.08.20 11:07:52 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3019.36870__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.08.20 11:07:52 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3019.36924__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.08.20 11:07:52 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3019.37100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.08.20 11:07:52 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3019.37065__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.08.20 11:07:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3019.36904__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.08.20 11:07:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l MOD - [2008.08.20 11:07:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3019.36890__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll MOD - [2008.08.20 11:07:51 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3019.37131__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.08.20 11:07:39 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3019.36884__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.08.20 11:07:38 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3019.37072__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.08.20 11:07:38 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3019.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard. dll MOD - [2008.08.20 11:07:38 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3019.37137__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.08.20 11:07:38 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3019.37079__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.08.20 11:07:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3019.37071__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.08.20 11:07:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3019.37129__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.08.20 11:07:37 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3019.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.08.20 11:07:37 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3019.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashbo ard.dll MOD - [2008.08.20 11:07:37 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3019.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.08.20 11:07:37 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3019.37015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.08.20 11:07:37 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3019.36891__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashbo ard.dll MOD - [2008.08.20 11:07:37 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3019.37092__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.08.20 11:07:37 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.08.20 11:07:37 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3019.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.08.20 11:07:37 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3019.36930__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.08.20 11:07:37 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashbo ard.dll MOD - [2008.08.20 11:07:37 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.08.20 11:07:37 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.08.20 11:07:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3019.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime. dll MOD - [2008.08.20 11:07:37 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.08.20 11:07:37 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime. dll MOD - [2008.08.20 11:07:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.08.20 11:07:36 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.08.20 11:07:36 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.08.20 11:07:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.08.20 11:07:36 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.08.20 11:07:36 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.08.20 11:07:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.08.20 11:07:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.08.20 11:07:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.08.20 11:07:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.08.20 11:07:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.08.20 11:07:36 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.08.20 11:07:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.08.20 11:07:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.08.20 11:07:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.08.20 11:07:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.08.20 11:07:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.08.20 11:07:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.08.20 11:07:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.08.20 11:07:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.08.20 11:07:36 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.08.20 11:07:36 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.08.20 11:07:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dl l MOD - [2008.08.20 11:07:35 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dl l MOD - [2008.08.20 11:07:35 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.08.20 11:07:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l MOD - [2008.08.20 11:07:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.08.20 11:07:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.08.20 11:07:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.08.20 11:07:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.08.20 11:07:34 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.08.20 11:07:34 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.08.20 11:07:31 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3019.37147__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.08.20 11:07:30 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3019.36878__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.08.20 11:07:30 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3019.36897__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.08.20 11:07:30 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3019.37122__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.08.20 11:07:30 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.08.20 11:07:30 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3019.36863__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.08.20 11:07:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3019.37121__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.08.20 11:07:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.08.20 11:07:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.08.20 11:07:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.08.20 11:07:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.08.20 11:07:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3019.37122__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.08.20 11:07:30 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.08.20 11:07:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.08.20 11:07:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.08.20 11:07:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.08.20 11:07:30 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.08.20 11:07:30 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.08.20 11:07:29 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3019.36861__90ba9c70f846762e\APM.Server.dll MOD - [2008.08.20 11:07:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3019.36862__90ba9c70f846762e\AEM.Server.dll MOD - [2008.08.20 11:07:29 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.07.27 20:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2008.07.27 19:58:25 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.05.04 10:42:20 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.12 07:37:52 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll MOD - [2008.02.08 14:44:32 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.21 17:18:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 22:50:34 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2008.08.20 11:19:38 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.06.26 13:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe -- (STacSV) SRV - [2008.06.26 13:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe -- (AESTFilters) SRV - [2008.04.28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.03.11 12:44:38 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2003.07.28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2008.06.30 12:28:10 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.06.26 13:10:08 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.05.04 10:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008.05.04 10:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.03.14 15:04:26 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2008.03.12 07:37:46 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008.03.11 08:53:02 | 000,149,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2008.03.11 08:53:00 | 000,277,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2008.03.11 08:42:24 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2008.03.11 08:24:46 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2008.03.11 08:24:44 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.03.11 08:24:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=5080820 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=5080820 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE_deDE492 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.13 20:11:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.21 17:18:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.21 17:18:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.13 19:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maike\AppData\Roaming\mozilla\Extensions [2012.07.14 19:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maike\AppData\Roaming\mozilla\Firefox\Profiles\podhavk4.default\extensions [2012.07.13 21:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.13 21:25:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.13 20:11:00 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.07.21 17:18:18 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.21 17:18:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.21 17:18:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.21 17:18:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.21 17:18:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.21 17:18:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.21 17:18:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\Maike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Maike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Maike\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\ CHR - Extension: Google Mail = C:\Users\Maike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D85255B3-4B2B-4E23-AA80-62C299780AA3}: DhcpNameServer = 10.72.0.68 10.72.0.69 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC3B6648-2010-43BD-92A1-34EAF5288E83}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\Maike\Pictures\ADSC_0911.JPG O24 - Desktop BackupWallPaper: C:\Users\Maike\Pictures\ADSC_0911.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.23 09:21:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Maike\Desktop\OTL.exe [2012.07.23 09:03:58 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Malwarebytes [2012.07.23 09:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.23 09:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.23 09:03:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.23 09:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.23 08:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.07.16 18:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series [2012.07.16 18:41:04 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information [2012.07.16 18:40:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012.07.15 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\Stardock_Corporation [2012.07.14 18:09:25 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\SupportSoft [2012.07.14 17:58:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2012.07.13 22:03:54 | 000,000,000 | ---D | C] -- C:\Users\Maike\.jordan [2012.07.13 22:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.07.13 21:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.07.13 21:51:10 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\Macromedia [2012.07.13 21:24:47 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Skype [2012.07.13 21:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.13 21:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.07.13 21:24:31 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.07.13 21:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.13 21:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.07.13 21:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync [2012.07.13 21:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.07.13 21:12:30 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.07.13 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.07.13 20:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.07.13 20:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.07.13 20:12:09 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.07.13 20:12:09 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.07.13 20:12:08 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.07.13 20:12:08 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.07.13 20:12:07 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.07.13 20:12:03 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.07.13 20:10:45 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.13 20:10:44 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.07.13 20:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.07.13 20:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.07.13 19:37:42 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\yelle [2012.07.13 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\Video Converter [2012.07.13 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\TriKont Orga [2012.07.13 19:37:29 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\neuro summerschool [2012.07.13 19:37:11 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\Näherei! [2012.07.13 19:37:11 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\My Music [2012.07.13 19:37:10 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\My Digital Editions [2012.07.13 19:37:09 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\Kontoauszüge [2012.07.13 19:37:09 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\ICQ [2012.07.13 19:37:09 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\gegl-0.0 [2012.07.13 19:36:40 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\Französisch [2012.07.13 19:36:40 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\DVDVideoSoft [2012.07.13 19:36:37 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\bvmd [2012.07.13 19:36:37 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\Audible [2012.07.13 19:36:34 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\Abschlussbericht [2012.07.13 19:25:50 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\Adobe [2012.07.13 19:14:18 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Mozilla [2012.07.13 19:14:18 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\Mozilla [2012.07.13 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.07.13 19:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.07.13 19:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.07.13 19:12:07 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Macromedia [2012.07.13 19:11:47 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Adobe [2012.07.13 19:10:45 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Google [2012.07.13 19:08:34 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\MigWiz [2012.07.13 19:07:46 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\Eigene Google Gadgets [2012.07.13 19:07:39 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\Google [2012.07.13 19:07:37 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\ATI [2012.07.13 19:07:37 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\ATI [2012.07.13 19:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.07.13 19:07:36 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\Dell WebCam Central [2012.07.13 19:07:28 | 000,000,000 | ---D | C] -- C:\Users\Maike\Bluetooth Software [2012.07.13 19:07:28 | 000,000,000 | ---D | C] -- C:\Users\Maike\Documents\Bluetooth Exchange Folder [2012.07.13 19:07:12 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\MediaDirect [2012.07.13 19:06:52 | 000,000,000 | R--D | C] -- C:\Users\Maike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.07.13 19:06:51 | 000,000,000 | R--D | C] -- C:\Users\Maike\Searches [2012.07.13 19:06:41 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Identities [2012.07.13 19:06:38 | 000,000,000 | R--D | C] -- C:\Users\Maike\Contacts [2012.07.13 19:06:01 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Dell [2012.07.13 19:05:40 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\VirtualStore [2012.07.13 19:05:36 | 000,000,000 | --SD | C] -- C:\Users\Maike\AppData\Roaming\Microsoft [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\Videos [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\Saved Games [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\Pictures [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\Music [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\Links [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\Favorites [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\Downloads [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\Documents [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\Desktop [2012.07.13 19:05:36 | 000,000,000 | R--D | C] -- C:\Users\Maike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Vorlagen [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\AppData\Local\Verlauf [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\AppData\Local\Temporary Internet Files [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Startmenü [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\SendTo [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Recent [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Netzwerkumgebung [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Lokale Einstellungen [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Documents\Eigene Videos [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Documents\Eigene Musik [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Eigene Dateien [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Documents\Eigene Bilder [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Druckumgebung [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Cookies [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\AppData\Local\Anwendungsdaten [2012.07.13 19:05:36 | 000,000,000 | -HSD | C] -- C:\Users\Maike\Anwendungsdaten [2012.07.13 19:05:36 | 000,000,000 | -H-D | C] -- C:\Users\Maike\AppData [2012.07.13 19:05:36 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\Temp [2012.07.13 19:05:36 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Local\Microsoft [2012.07.13 19:05:36 | 000,000,000 | ---D | C] -- C:\Users\Maike\AppData\Roaming\Media Center Programs [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\Programme [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop [2012.07.13 19:01:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.07.13 19:01:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2012.07.23 09:27:46 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.23 09:21:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maike\Desktop\OTL.exe [2012.07.23 09:18:47 | 000,000,000 | ---- | M] () -- C:\Users\Maike\defogger_reenable [2012.07.23 09:03:51 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.23 08:50:21 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.23 08:50:21 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.23 08:50:21 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.23 08:50:21 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.23 08:50:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.23 08:44:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.23 08:44:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 08:44:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.23 08:44:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.23 08:43:57 | 3219,103,744 | -HS- | M] () -- C:\hiberfil.sys [2012.07.22 23:10:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.07.15 20:49:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012.07.15 14:50:42 | 000,021,504 | ---- | M] () -- C:\Users\Maike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.14 18:01:31 | 000,283,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.13 21:24:37 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.13 21:13:51 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI [2012.07.13 20:23:47 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.13 20:12:10 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.13 20:12:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.07.13 19:14:14 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.13 19:00:15 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.07.03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.07.03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.07.23 09:18:47 | 000,000,000 | ---- | C] () -- C:\Users\Maike\defogger_reenable [2012.07.23 09:03:51 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.15 20:49:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf [2012.07.14 00:52:56 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.07.14 00:52:56 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.07.14 00:52:51 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex [2012.07.14 00:36:37 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2012.07.14 00:36:37 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2012.07.14 00:36:37 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2012.07.13 22:14:01 | 000,021,504 | ---- | C] () -- C:\Users\Maike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.13 21:50:21 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.13 21:24:37 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.13 21:13:51 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2012.07.13 20:23:47 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.07.13 20:21:03 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2012.07.13 20:12:22 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.13 20:12:21 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.13 20:12:10 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.07.13 19:37:58 | 000,140,081 | ---- | C] () -- C:\Users\Maike\Documents\zweiwohnsitz anmeldung.pdf [2012.07.13 19:37:55 | 020,533,281 | ---- | C] () -- C:\Users\Maike\Documents\vlc-1.1.9-win32.exe [2012.07.13 19:37:54 | 000,244,374 | ---- | C] () -- C:\Users\Maike\Documents\ticket emsa.pdf [2012.07.13 19:37:54 | 000,110,929 | ---- | C] () -- C:\Users\Maike\Documents\tans uni 2011.pdf [2012.07.13 19:37:54 | 000,099,614 | ---- | C] () -- C:\Users\Maike\Documents\stammdatenauszug ws 2011.pdf [2012.07.13 19:37:54 | 000,067,361 | ---- | C] () -- C:\Users\Maike\Documents\tumblr_lyngtdyymY1qewacoo1_500.jpg [2012.07.13 19:37:54 | 000,047,501 | ---- | C] () -- C:\Users\Maike\Documents\studienzeitbescheinigung.pdf [2012.07.13 19:37:53 | 000,053,413 | ---- | C] () -- C:\Users\Maike\Documents\regal2.JPG [2012.07.13 19:37:53 | 000,047,520 | ---- | C] () -- C:\Users\Maike\Documents\maike rentenbesch.pdf [2012.07.13 19:37:53 | 000,047,211 | ---- | C] () -- C:\Users\Maike\Documents\maike immatri.pdf [2012.07.13 19:37:53 | 000,046,540 | ---- | C] () -- C:\Users\Maike\Documents\regal.JPG [2012.07.13 19:37:53 | 000,024,914 | ---- | C] () -- C:\Users\Maike\Documents\Maike Johanna Fotos 0512.jpg [2012.07.13 19:37:53 | 000,020,261 | ---- | C] () -- C:\Users\Maike\Documents\Protokoll äth.25.2..odt [2012.07.13 19:37:53 | 000,013,818 | ---- | C] () -- C:\Users\Maike\Documents\kündigen 2.odt [2012.07.13 19:37:52 | 002,614,559 | ---- | C] () -- C:\Users\Maike\Documents\IMG_0066.JPG [2012.07.13 19:37:52 | 000,338,384 | ---- | C] () -- C:\Users\Maike\Documents\imma WS10.pdf [2012.07.13 19:37:52 | 000,255,711 | ---- | C] () -- C:\Users\Maike\Documents\Infopaket_Erstsemester_HM_WiSe0809.pdf [2012.07.13 19:37:52 | 000,194,533 | ---- | C] () -- C:\Users\Maike\Documents\jungs.jpg [2012.07.13 19:37:52 | 000,105,885 | ---- | C] () -- C:\Users\Maike\Documents\Ihre Alice Bestellung.pdf [2012.07.13 19:37:52 | 000,099,109 | ---- | C] () -- C:\Users\Maike\Documents\imma ws 2011.pdf [2012.07.13 19:37:52 | 000,099,104 | ---- | C] () -- C:\Users\Maike\Documents\imma ss11.pdf [2012.07.13 19:37:52 | 000,098,956 | ---- | C] () -- C:\Users\Maike\Documents\imma ss12.pdf [2012.07.13 19:37:52 | 000,047,231 | ---- | C] () -- C:\Users\Maike\Documents\immatrikulationsbescheinigungWise 09.pdf [2012.07.13 19:37:52 | 000,047,225 | ---- | C] () -- C:\Users\Maike\Documents\imma_ss10.pdf [2012.07.13 19:37:51 | 003,062,743 | ---- | C] () -- C:\Users\Maike\Documents\certificate emsa.JPG [2012.07.13 19:37:51 | 000,092,835 | ---- | C] () -- C:\Users\Maike\Documents\Famulaturbestätigung.pdf [2012.07.13 19:37:51 | 000,012,312 | ---- | C] () -- C:\Users\Maike\Documents\cc_20110827_152325.reg [2012.07.13 19:37:51 | 000,009,445 | ---- | C] () -- C:\Users\Maike\Documents\französische musik.odt [2012.07.13 19:37:50 | 000,693,678 | ---- | C] () -- C:\Users\Maike\Documents\BuKo-Aachen_Maike_Kusenbach.pdf [2012.07.13 19:37:50 | 000,377,619 | ---- | C] () -- C:\Users\Maike\Documents\butter paneer masala.pdf [2012.07.13 19:37:50 | 000,075,799 | ---- | C] () -- C:\Users\Maike\Documents\basics.pdf [2012.07.13 19:37:50 | 000,029,150 | ---- | C] () -- C:\Users\Maike\Documents\9782356413130_hq_0002.wma [2012.07.13 19:37:50 | 000,029,146 | ---- | C] () -- C:\Users\Maike\Documents\9782356413130_hq_0001.wma [2012.07.13 19:14:14 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.07.13 19:14:13 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.07.13 19:06:55 | 000,000,951 | ---- | C] () -- C:\Users\Maike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.07.13 19:06:49 | 000,000,946 | ---- | C] () -- C:\Users\Maike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.07.13 19:06:36 | 000,000,917 | ---- | C] () -- C:\Users\Maike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.07.13 18:59:11 | 3219,103,744 | -HS- | C] () -- C:\hiberfil.sys ========== LOP Check ========== [2012.07.22 23:10:18 | 000,013,202 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extra-text: OTL Extras logfile created on: 23.07.2012 09:26:09 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Maike\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 57,02% Memory free 6,21 Gb Paging File | 4,86 Gb Available in Paging File | 78,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,75 Gb Total Space | 125,69 Gb Free Space | 56,43% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,71 Gb Free Space | 57,10% Space Free | Partition Type: NTFS Computer Name: MAIKE-PC | User Name: Maike | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4D7980B7-79D6-4AD6-8AB4-D866914D136B}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | "{53188800-E581-4A1B-980F-07447B501121}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{7D9BCE33-ED1C-4B1E-A016-FFD020041C25}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{A162D18C-F19A-43DE-9222-D7028F77D726}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D1EA2915-60B4-4D83-9752-902B68FAEA66}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{DC3BB188-46D6-43A4-8DF2-CBD9E801E179}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | "{E547C262-F7E0-48A3-A1D6-644E1A2A132A}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4400 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{05A677ED-F6EB-C225-0852-C8EDA143F637}" = Catalyst Control Center Core Implementation "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver "{1339C679-8EBD-A264-F51B-8AFF9E5178AB}" = Catalyst Control Center Localization Chinese Standard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{33D38429-A417-2939-F2ED-68B02C60524B}" = CCC Help Italian "{348982C0-1053-041B-90E9-27E52C5CBAC4}" = Catalyst Control Center Localization Chinese Traditional "{3683198D-D48D-8F78-D544-E0CEEDA9A5AD}" = Catalyst Control Center Localization Norwegian "{39874C29-6A64-A5E4-15E8-48CAB1630758}" = Catalyst Control Center Graphics Full New "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{497CDC20-F32E-B732-D5A7-C508832901B1}" = Catalyst Control Center Localization Italian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding "{4E8B4C51-20A4-A946-F2FD-361E1E64CBFE}" = Catalyst Control Center Localization Dutch "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{66E07661-1C3B-EBB3-DDD7-CA2D9CF728E5}" = CCC Help Chinese Standard "{67192DDF-D12C-7C14-0891-1999A8322D9A}" = ccc-core-static "{693C5CAC-E43C-4A5F-0793-DB1A91576F00}" = Catalyst Control Center Localization Swedish "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6BA2D1B0-0892-AF53-1542-767C1B1B558F}" = CCC Help German "{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module "{706136D4-648C-92B9-FF9E-BDAC45C977CB}" = CCC Help Norwegian "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{732784F2-BBB3-AF93-F0F8-2B28D93F023E}" = Catalyst Control Center Localization Finnish "{75554025-5756-D2A8-E12A-3996A174E1AF}" = Catalyst Control Center Localization German "{7842F022-6597-76DA-4DE4-DA3FBD82ECF2}" = Skins "{7A4CE9D2-DC5E-4B5B-0ED2-A2F66E76DD52}" = CCC Help Russian "{7BE855E5-8130-A624-1C47-D5EB13FA6DF2}" = Catalyst Control Center Graphics Previews Vista "{7D712AFE-2D7C-13B8-DEB7-BA8A28FED665}" = Catalyst Control Center Localization Danish "{7E00AAF2-89F3-F7FC-A8F2-8C651449671E}" = CCC Help English "{828816F4-629A-233E-DB02-A6F8BD004643}" = Catalyst Control Center Localization Portuguese "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90601456-1F28-AD6C-C1CE-740526D3BC27}" = Catalyst Control Center Localization French "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{975F5675-8FC8-04A8-92CD-4653BD12282F}" = CCC Help French "{97900633-AADE-35DC-A424-21380BFC5431}" = Catalyst Control Center Graphics Previews Common "{98C948A6-5498-9DEE-BA4C-74B0A96CB521}" = CCC Help Danish "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A7969E95-7E39-A1AC-2D6F-85531D8A371D}" = CCC Help Japanese "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C78107-7CBC-B05B-083B-562FA9C1EA0B}" = CCC Help Portuguese "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BB883D70-5B1D-9430-E626-7F495925590D}" = Catalyst Control Center Localization Spanish "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet "{C49E407D-A6A0-6F9A-767D-67387EF5523F}" = CCC Help Finnish "{CBF91610-C661-3464-8831-DA8AE2589DB9}" = Catalyst Control Center Localization Japanese "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2DB5404-378B-2821-513E-A8F230A0E948}" = ccc-utility "{D5D92C28-42FB-5E24-DBFA-07232A50D670}" = CCC Help Dutch "{D9DD6E03-ACE1-2503-205E-4FA74267CDC6}" = CCC Help Spanish "{DB549485-9D94-E7AE-2FE7-DCB33A54FBD7}" = Catalyst Control Center Localization Russian "{DE200E10-45BD-E11E-EC8E-1DAD80EF8EA9}" = Catalyst Control Center Graphics Full Existing "{DEF19AE8-B330-CF2A-AEAA-1E23BBBC7B00}" = CCC Help Chinese Traditional "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E5BE4931-F31C-2BA0-F06E-4FEC56725673}" = CCC Help Swedish "{EC2C71BB-42DF-6F53-FB23-F7B3B160467B}" = Catalyst Control Center Graphics Light "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F1465B68-4D9A-D412-2528-4F84A681F15C}" = Catalyst Control Center Localization Korean "{F1E18790-4053-4031-483B-80E932CE3910}" = CCC Help Korean "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "avast" = avast! Free Antivirus "Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte "Creative OA001" = Integrated Webcam Driver (1.00.08.0216) "Dell Video Chat" = Dell Video Chat (remove only) "Dell Webcam Central" = Dell Webcam Central "ESET Online Scanner" = ESET Online Scanner v3 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "GoToAssist" = GoToAssist 8.0.0.514 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 14.07.2012 16:40:34 | Computer Name = Maike-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AUDIODG.EXE, Version 6.0.6001.18000, Zeitstempel 0x47919284, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0xb80000ff, Prozess-ID 0x544, Anwendungsstartzeit 01cd620048ee2aef. Error - 14.07.2012 17:42:21 | Computer Name = Maike-PC | Source = WinMgmt | ID = 10 Description = Error - 14.07.2012 21:02:14 | Computer Name = Maike-PC | Source = WinMgmt | ID = 10 Description = Error - 15.07.2012 02:45:02 | Computer Name = Maike-PC | Source = WinMgmt | ID = 10 Description = Error - 15.07.2012 05:21:34 | Computer Name = Maike-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung AUDIODG.EXE, Version 6.0.6001.18000, Zeitstempel 0x47919284, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0xb80000ff, Prozess-ID 0x528, Anwendungsstartzeit 01cd626b0d9747d3. Error - 15.07.2012 05:22:00 | Computer Name = Maike-PC | Source = WinMgmt | ID = 10 Description = Error - 15.07.2012 07:52:21 | Computer Name = Maike-PC | Source = WinMgmt | ID = 10 Description = Error - 15.07.2012 21:02:16 | Computer Name = Maike-PC | Source = WinMgmt | ID = 10 Description = Error - 15.07.2012 21:19:19 | Computer Name = Maike-PC | Source = WinMgmt | ID = 10 Description = Error - 17.07.2012 02:05:05 | Computer Name = Maike-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 13.07.2012 19:09:38 | Computer Name = Maike-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 14.07.2012 12:01:45 | Computer Name = Maike-PC | Source = HTTP | ID = 15016 Description = Error - 14.07.2012 12:03:05 | Computer Name = Maike-PC | Source = Service Control Manager | ID = 7024 Description = Error - 14.07.2012 12:03:05 | Computer Name = Maike-PC | Source = Service Control Manager | ID = 7031 Description = Error - 14.07.2012 12:47:38 | Computer Name = Maike-PC | Source = Service Control Manager | ID = 7030 Description = Error - 14.07.2012 15:28:36 | Computer Name = Maike-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 14.07.2012 16:36:01 | Computer Name = Maike-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 14.07.2012 um 21:32:32 unerwartet heruntergefahren. Error - 14.07.2012 16:36:06 | Computer Name = Maike-PC | Source = HTTP | ID = 15016 Description = Error - 14.07.2012 17:02:54 | Computer Name = Maike-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 14.07.2012 17:41:47 | Computer Name = Maike-PC | Source = HTTP | ID = 15016 Description = < End of report > Den GEMR-log hänge ich als Anhang an. |
|
25.07.2012, 14:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GMX-Account versendet Spam-Mails von meiner Adresse Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
25.07.2012, 18:43
| #3 |
| | GMX-Account versendet Spam-Mails von meiner Adresse Ich habe meinen Computer jetzt komplett formatiert, also auf den Auslieferungszustand zurückgesetzt. Sollte ich die Scan trotzdem noch durchführen? (also könnte sich immer noch Malware, etc. auf meinem PC befinden?)
__________________Danke schonmal für die genaue Anleitung! |
|
26.07.2012, 12:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX-Account versendet Spam-Mails von meiner Adresse Ist eigentlich nicht nötig kannst du aber machen. Viel wichtiger wäre als erster Schritt alle Passwörter v.a. das zu GMX zu ändern Oder Wurde das Passwort vom Mailkonto schon geändert? Wenn nein: Bitte umgehend jetzt machen! Wenn ja: Hattest du ein zu einfaches Passwort? Beschreib mal wie das Passwort vorher war, also Länge und Zeichensatz. Ein schwaches Passwort besteht zB nur aus kleinen Buchstaben oder nur aus Zahlen und ist kürzer als 8 Stellen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.07.2012, 12:32
| #5 |
| | GMX-Account versendet Spam-Mails von meiner Adresse Gut, dann werde ich es wohl dabei belassen. Und ja, ich habe das Passwort sofort geändert. Und es war definitiv ein schwaches Passwort! (nur kleinbuchstaben) Da es meine älteste emailadresse war hatte ich es zudem seit 10 Jahren nicht geändert.... Leichtsinnig und somit auf jeden Fall auch eigene Schuld, ich weiß! Meine anderen Passwörter werde ich aber jetzt auch mit ändern. Danke dir! |
|
26.07.2012, 21:34
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GMX-Account versendet Spam-Mails von meiner Adresse Da du alles komplett neu gemacht hast wären wir durch, abschließend poste ich noch meinen Updateleitfaden! Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks => Adobe Flash Player Distribution | Adobe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ --> GMX-Account versendet Spam-Mails von meiner Adresse |
|
| Themen zu GMX-Account versendet Spam-Mails von meiner Adresse |
| administrator, adobe, antivirus, audiodg.exe, autorun, avast, bho, canon, computer, defender, error, euro, excel, explorer, firefox, flash player, format, gmx-account, google, heuristiks/extra, heuristiks/shuriken, home, install.exe, intranet, logfile, mozilla, pdf, plug-in, registry, rundll, searchscopes, security, software, vista, wlan. |
Linear-Darstellung
