| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.07.2012, 20:17
| #1 |
 |  TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hallo wieder einmal... letztens erst der Pc meiner Freundin und nun hat es meinen genau so erwischt. Als ich mich gerade ein bisschen durch Google, Youtube etc. durchgeklickt habe wurde aufeinmal ein neuer TAB geöffnet und prompt hat JAVA irgendwas geladen, habs aber sofort alles zu gemacht.. war leider schon zu spät. Habe irgendwie das Gefühl das das alles durch JAVA eingeschleußt wird zumindest bei mir und meiner Freundin der fall. Avira hat mir gleich Meldungen gegeben das mehrere Infizierte Objecte gefunden wurden genauso wie Windows Defender. Wollte gleich nen Scan mit Malwarebytes machen aber da hat sich dann auf einmal das Sch*** Live Security Platinum eingeschaltet und mir alles beendet und gespeert. Sitz grade im Abgesichertem Modus drin und wäre echt nett wenn wieder jemand von euch mal drüber schauen würde.  Hier mein OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.07.2012 21:08:44 - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Ripchip\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,24% Memory free 6,20 Gb Paging File | 5,64 Gb Available in Paging File | 91,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 207,96 Gb Free Space | 44,65% Space Free | Partition Type: NTFS Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.25 21:08:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (No Company Name) ========== MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.03.19 17:25:08 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Stopped] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E) DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640) DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m) DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=c8de76e100000000000000ff01000001 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=c8de76e100000000000000ff01000001 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..keyword.URL: "hxxp://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=c8de76e100000000000000ff01000001&q=" FF - prefs.js..network.proxy.http: "213.197.182.78" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4587.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions [2012.06.17 21:42:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions [2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.05 09:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI [2012.06.17 21:42:18 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.24 18:12:29 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKCU..\Run: [Spotify] C:\Users\Ripchip\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKCU..\RunOnce: [7531E8D01B24231F3A10F45F2F3B6FDA] C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA\7531E8D01B24231F3A10F45F2F3B6FDA.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.25 21:07:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.25 20:53:43 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA [2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax [2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips [2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype [2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.24 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.24 13:28:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp [2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit [2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions [2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations [2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite [2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps [2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT [2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT [2012.07.01 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Documents\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.06.30 20:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.06.28 16:17:26 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Facebook [2012.06.28 16:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.06.28 16:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi ========== Files - Modified Within 30 Days ========== [2012.07.25 21:08:29 | 000,000,000 | ---- | M] () -- C:\Users\Ripchip\defogger_reenable [2012.07.25 21:08:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.25 21:07:51 | 000,050,477 | ---- | M] () -- C:\Users\Ripchip\Desktop\Defogger.exe [2012.07.25 21:05:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.25 21:03:36 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 21:03:35 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.25 16:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.25 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.07.24 12:42:12 | 298,609,418 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.01 13:14:39 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk ========== Files Created - No Company Name ========== [2012.07.25 21:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Ripchip\defogger_reenable [2012.07.25 21:07:50 | 000,050,477 | ---- | C] () -- C:\Users\Ripchip\Desktop\Defogger.exe [2012.07.25 21:02:57 | 000,023,040 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\800000cb.@ [2012.07.25 21:02:57 | 000,016,896 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\80000000.@ [2012.07.25 20:58:41 | 000,001,712 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\00000001.@ [2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 19:29:17 | 000,583,680 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640.sys [2012.07.24 19:29:17 | 000,008,192 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640m.sys [2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.07.24 12:42:12 | 298,609,418 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.07.01 12:49:27 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.06.28 16:17:34 | 000,001,146 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.06.28 16:17:29 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.05.01 22:04:35 | 000,000,680 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat [2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.20 17:39:41 | 000,002,048 | -HS- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\@ [2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012.07.20 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft [2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous [2012.04.24 18:12:24 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Babylon [2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft [2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular [2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient [2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2 [2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org [2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin [2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u [2012.07.25 14:50:28 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify [2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer [2012.06.13 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client [2012.07.25 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.25 16:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.25 21:03:20 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Hier der OTL Extra Log: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.07.2012 21:08:44 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Ripchip\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 78,24% Memory free
6,20 Gb Paging File | 5,64 Gb Available in Paging File | 91,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 207,96 Gb Free Space | 44,65% Space Free | Partition Type: NTFS
Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
"VistaSp2" = 83 94 EB 93 E6 05 CD 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15AA46BE-1527-46A9-AE0A-0A1A8A0A01BF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1D34DC2E-BC41-4CBA-A48E-BEB67ED74E66}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{51DFC127-2DE5-4B41-B7B3-CAE445C6FAA5}" = lport=58317 | protocol=17 | dir=in | name=pando media booster |
"{613BA39B-DEA3-4996-BF1D-5857339FFD83}" = lport=58317 | protocol=6 | dir=in | name=pando media booster |
"{6EF41774-D0F7-4FB5-8658-42BE38887946}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{D543DC0C-8487-4F82-B773-19F217285644}" = lport=58317 | protocol=17 | dir=in | name=pando media booster |
"{F8E57F4B-E7F8-4F7B-ABD9-8B99DEFAD8CE}" = lport=58317 | protocol=6 | dir=in | name=pando media booster |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A9E5B3-088C-47EC-A240-13BFAE160FE2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{06E17781-57E0-444D-A81B-A8D6E003F051}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{0CBC8422-F3ED-420D-B75C-6972702581D2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{0F08A710-04B7-436E-8E02-00AC2AA626E0}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe |
"{1038D44F-8DE0-40C2-A6B3-3ADE2805AF6F}" = protocol=6 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"{15415FDE-9AD0-41DF-8832-698CE928CBED}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{15F566BB-015F-4288-8450-562F3FCCBB63}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{160B213F-8A5E-499E-ADC9-5156B32633FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1616131C-3927-452B-B31E-E372AD778735}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1C297F07-E2FF-494C-8B40-52D58F207438}" = protocol=6 | dir=in | app=c:\users\ripchip\appdata\roaming\.minecraft\minecraft cracked.exe |
"{24AD413D-8530-4EDC-A2F3-C685C91B13A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2CD2AB6B-F0AE-4155-9260-6E13CE0FC172}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2CE97A72-EB11-40DA-AD85-430C89273618}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{36B7A0D1-F047-4320-97F2-C0B9326C3E01}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{3DF6ADFF-10BA-43BC-844C-02977F4000DD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{416E5FCB-BE44-401E-A882-C3C5E696EDD2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{425A03E3-E1D5-4D7C-97A7-768CA03049BC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{46ED64A0-D2C7-4AF8-B635-1F8F7FE63D84}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{4748A06D-EFB4-43F3-87E3-E9897C88D401}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4D2F3D62-42C9-40E5-9B93-4482D690BDDB}" = protocol=17 | dir=in | app=c:\users\ripchip\appdata\roaming\.minecraft\minecraft cracked.exe |
"{4D3126C1-4AE5-453B-933A-1B97F337D59A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{52DFEA87-8A01-4CC1-9154-028867BDCE28}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{55D47FA3-A265-4BCD-BCAE-C8D62048149E}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe |
"{65CF1E00-8A3E-484A-87EB-4936691EE6AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{6BA10E83-1E56-436E-94D3-BD6183FCC582}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{76ADD17C-A86F-4E81-987D-238B3DA1C456}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{99ECA2AC-8035-466F-9888-E5389F130EE6}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{9AA249FA-1810-4959-A96D-468B9D1D494C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{A023E56E-9356-43CE-B76F-BCC4D11673C1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{B87E3BE9-6A2D-4BA2-82CE-F21622F687D2}" = protocol=17 | dir=in | app=c:\program files\software4u\idevice manager\software4u.idevicemanager.exe |
"{BCD4719C-D361-40E2-BAC0-DFAA984D3935}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\launcheflc.exe |
"{D2AB7A57-FB0E-4413-97EE-29770BC3E584}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ripchip93\counter-strike source\hl2.exe |
"{DF60322F-D24F-48FD-B148-367689BCEDE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ripchip93\counter-strike source\hl2.exe |
"{DF90593F-CCCD-4470-BF0E-3AA2DC4718FE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{E292A45F-C1F4-4B7B-8072-FDB4E8618CBC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FED09411-FCF7-4349-B099-426B99727F23}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{2877CEDD-64E4-49D4-90ED-869C8CD3EC97}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{59CA6DC4-44C3-4277-B0F2-4B0E54C0756F}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{ABB2F9B8-72B4-47DF-972A-F119503AA934}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C23D59CD-ED12-4AD5-AF09-00B4740DD30E}C:\users\ripchip\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ripchip\appdata\roaming\spotify\spotify.exe |
"UDP Query User{0E5D2908-72BD-4894-A4B8-AFA93EFAA9B1}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{64D6E61F-4665-4173-96D8-C0E69A75A1AC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{9127B0E4-651F-48D3-AE32-C79CA8C2590E}C:\users\ripchip\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ripchip\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C7C990BC-3F69-4D36-8ED8-1CA82CD6D3F1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8A0CCEB1CE9A57BA1D36331A58157FF1E014B636" = Windows-Treiberpaket - Philips (SPC640) Image (05/09/2009 1.0.0.6650)
"ESL Wire_is1" = ESL Wire 1.11.1
"F0CE85A0D4B89D85CF1AF29E050A1D0BEBCBD86D" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA (05/20/2009 1.0.5.12)
"FDCB45DD5F1BF8F2153B3F259D2748CED0BF02F3" = Windows-Treiberpaket - Philips USB (05/09/2009 1.0.0.6650)
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1" = System.Data.SQLite v1.0.81.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{463CF221-6026-40D1-AFB8-2759FC061F82}" = Philips SPC640NC Webcam Setup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FB9BA8A-E711-40E6-BBF0-77ED60A2940F}" = Facebook Messenger 2.1.4587.0
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Diablo III" = Diablo III
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"Foxit Reader_is1" = Foxit Reader
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"TeamViewer 7" = TeamViewer 7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Security Platinum" = Live Security Platinum
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.07.2012 11:45:31 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14274
Error - 25.07.2012 11:45:32 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.07.2012 11:45:32 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15272
Error - 25.07.2012 11:45:32 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15272
Error - 25.07.2012 11:45:33 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.07.2012 11:45:33 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16271
Error - 25.07.2012 11:45:33 | Computer Name = Ripchip-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16271
Error - 25.07.2012 14:57:38 | Computer Name = Ripchip-PC | Source = Application Hang | ID = 1002
Description = Programm MSASCui.exe, Version 1.1.1600.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 850 Anfangszeit: 01cd6a63b84ab45b Zeitpunkt der Beendigung:
0
Error - 25.07.2012 15:06:07 | Computer Name = Ripchip-PC | Source = EventSystem | ID = 4609
Description =
Error - 25.07.2012 15:07:04 | Computer Name = Ripchip-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 08.06.2012 11:52:20 | Computer Name = Ripchip-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 13.06.2012 14:43:50 | Computer Name = Ripchip-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.06.2012 um 20:41:31 unerwartet heruntergefahren.
Error - 13.06.2012 14:44:31 | Computer Name = Ripchip-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7905C209EA zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 13.06.2012 14:44:31 | Computer Name = Ripchip-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7905C209EA zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 17.06.2012 15:40:43 | Computer Name = Ripchip-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.06.2012 um 21:38:53 unerwartet heruntergefahren.
Error - 17.06.2012 15:41:19 | Computer Name = Ripchip-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7905C209EA zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 17.06.2012 15:41:19 | Computer Name = Ripchip-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 7A7905C209EA zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
Error - 19.06.2012 16:10:29 | Computer Name = Ripchip-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 20.06.2012 09:54:47 | Computer Name = Ripchip-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 20.06.2012 09:54:47 | Computer Name = Ripchip-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
MfG Hier ein neuer Scan von OTL da ich ein bisschen was gemacht habe. OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.07.2012 19:59:04 - Run 2 OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Ripchip\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 51,03% Memory free 6,22 Gb Paging File | 4,40 Gb Available in Paging File | 70,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 208,04 Gb Free Space | 44,67% Space Free | Partition Type: NTFS Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.25 21:08:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.11 16:13:40 | 001,192,664 | ---- | M] () -- C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.06.19 23:35:32 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Programme\Software4u\iDevice Manager\Software4u.IPELauncher.exe PRC - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 22:06:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe ========== Modules (No Company Name) ========== MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.07.11 16:13:40 | 001,192,664 | ---- | M] () -- C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.05.11 03:10:51 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll MOD - [2012.05.11 03:10:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.11 03:10:26 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll MOD - [2012.05.11 03:10:23 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.11 03:10:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012.03.19 17:25:08 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E) DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640) DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m) DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..network.proxy.http: "213.197.182.78" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4587.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions [2012.07.26 17:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions [2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.26 18:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.26 18:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI [2012.07.26 17:46:26 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKCU..\Run: [Spotify] C:\Users\Ripchip\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.26 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.07.26 17:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.07.25 21:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.25 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Google [2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.07.25 21:53:12 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe [2012.07.25 21:07:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA [2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax [2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips [2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype [2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.24 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp [2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit [2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions [2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations [2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite [2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps [2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT [2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT [2012.07.01 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Documents\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.06.30 20:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.06.28 16:17:26 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Facebook [2012.06.28 16:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.06.28 16:10:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi ========== Files - Modified Within 30 Days ========== [2012.07.26 19:50:25 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 19:50:25 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.26 19:27:13 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.26 17:50:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.26 17:50:23 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys [2012.07.25 22:53:35 | 000,001,356 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat [2012.07.25 21:57:22 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 21:53:50 | 000,632,049 | ---- | M] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe [2012.07.25 21:53:46 | 002,117,108 | ---- | M] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip [2012.07.25 21:53:40 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe [2012.07.25 21:08:29 | 000,000,000 | ---- | M] () -- C:\Users\Ripchip\defogger_reenable [2012.07.25 21:08:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.25 21:07:51 | 000,050,477 | ---- | M] () -- C:\Users\Ripchip\Desktop\Defogger.exe [2012.07.25 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.01 13:14:39 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk ========== Files Created - No Company Name ========== [2012.07.26 17:50:23 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys [2012.07.25 21:57:22 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 21:53:49 | 000,632,049 | ---- | C] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe [2012.07.25 21:53:37 | 002,117,108 | ---- | C] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip [2012.07.25 21:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Ripchip\defogger_reenable [2012.07.25 21:07:50 | 000,050,477 | ---- | C] () -- C:\Users\Ripchip\Desktop\Defogger.exe [2012.07.25 21:02:57 | 000,023,040 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\800000cb.@ [2012.07.25 21:02:57 | 000,016,896 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\80000000.@ [2012.07.25 20:58:41 | 000,001,712 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\00000001.@ [2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 19:29:17 | 000,583,680 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640.sys [2012.07.24 19:29:17 | 000,008,192 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640m.sys [2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.07.01 12:49:27 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.06.28 16:17:34 | 000,001,146 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.06.28 16:17:29 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.05.01 22:04:35 | 000,001,356 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat [2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.20 17:39:41 | 000,002,048 | -HS- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\@ [2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012.07.20 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft [2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous [2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft [2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular [2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient [2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2 [2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org [2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin [2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u [2012.07.26 17:53:12 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify [2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer [2012.07.25 22:00:01 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client [2012.07.25 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.26 19:27:13 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.25 21:03:20 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > MfG |
|
26.07.2012, 19:32
| #2 |
  | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hi,
__________________Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\SysNative\drivers\SPC640.sys
OTL:
 Code:
ATTFilter :OTL
[2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
[2012.03.20 17:39:41 | 000,002,048 | -HS- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\@
:REG
:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]
MAM updaten und Fullscann, Log posten... Cureit (über nacht laufen lassen, braucht sehr lange... Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ |
|
26.07.2012, 19:39
| #3 | |||
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Erstmal danke dafür das du auf meine Nachricht reagiert hast hehe
__________________Hier herstmal die Datei die ich Überprüfen lassen sollte (das ist übrigens meine Philips Webcam xD) VirusTotal: Zitat:
Hier das Ergebnis vom OTL Fix: Zitat:
MAM? Meinst du damit Malwarebytes? Hatte erst kurz vor dem Fix mit OTL den du mir gegeben hast einen Fullscan am laufen: Zitat:
Das andere werd ich sofort ausführen und Meldung geben MfG Geändert von RIpchip (26.07.2012 um 19:53 Uhr) |
|
27.07.2012, 22:26
| #4 | |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Das steht ganz unten im Log aber Zwischendrin steht immer bei "Infiziert" eine 0 dahinter.. ? Zitat:
|
|
28.07.2012, 21:18
| #5 |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hi, Cureit hat was gefunden: Infiziert: 5 Modifikationen: 0 Verdächtig: 0 Adware: 0 Dialer: 0 Scherzprogramme: 0 Riskware: 0 Hacktools: 0 Desinfiziert: 0 Gelöscht: 3 Umbenannt: 0 Verschoben: 2 Suche im Log die Funde und poste sie und erstelle und poste auch ein neues OTL-Log... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
29.07.2012, 10:58
| #6 | |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hey, Hier das was ich alles gefunden habe.. und mein OTL wurde als Trojaner erkannt o.O? Habe es mir neu runtergeladen. CureIt: Zitat:
OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.07.2012 11:45:45 - Run 3 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ripchip\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 54,93% Memory free 6,21 Gb Paging File | 4,60 Gb Available in Paging File | 74,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 207,06 Gb Free Space | 44,46% Space Free | Partition Type: NTFS Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.07.11 16:13:40 | 001,192,664 | ---- | M] () -- C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.06.19 23:35:32 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Programme\Software4u\iDevice Manager\Software4u.IPELauncher.exe PRC - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 22:06:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe ========== Modules (No Company Name) ========== MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.07.11 16:13:40 | 001,192,664 | ---- | M] () -- C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.05.11 03:10:51 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll MOD - [2012.05.11 03:10:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.11 03:10:26 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll MOD - [2012.05.11 03:10:23 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.11 03:10:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012.03.19 17:25:08 | 008,527,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E) DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640) DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m) DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..network.proxy.http: "213.197.182.78" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions [2012.07.26 17:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions [2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.26 18:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.26 18:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI [2012.07.26 17:46:26 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 21:50:43 | 000,000,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKCU..\Run: [Spotify] C:\Users\Ripchip\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Ripchip\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 11:37:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.28 14:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.28 11:27:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.07.26 21:32:04 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\DoctorWeb [2012.07.26 20:40:06 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.26 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.07.26 17:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.07.25 21:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.25 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Google [2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.07.25 21:53:12 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe [2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA [2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax [2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips [2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype [2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp [2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit [2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions [2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations [2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite [2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps [2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT [2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT [2012.07.01 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Documents\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.06.30 20:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net ========== Files - Modified Within 30 Days ========== [2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.29 11:30:26 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 11:30:26 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.29 11:30:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.29 11:30:18 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys [2012.07.28 19:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.28 16:27:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.26 21:50:43 | 000,000,806 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.26 21:22:56 | 090,096,896 | ---- | M] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe [2012.07.25 22:53:35 | 000,001,356 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat [2012.07.25 21:57:22 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 21:53:50 | 000,632,049 | ---- | M] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe [2012.07.25 21:53:46 | 002,117,108 | ---- | M] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip [2012.07.25 21:53:40 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe [2012.07.25 21:08:29 | 000,000,000 | ---- | M] () -- C:\Users\Ripchip\defogger_reenable [2012.07.25 21:07:51 | 000,050,477 | ---- | M] () -- C:\Users\Ripchip\Desktop\Defogger.exe [2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.01 13:14:39 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk ========== Files Created - No Company Name ========== [2012.07.27 23:11:01 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys [2012.07.26 20:58:10 | 090,096,896 | ---- | C] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe [2012.07.25 21:57:22 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 21:53:49 | 000,632,049 | ---- | C] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe [2012.07.25 21:53:37 | 002,117,108 | ---- | C] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip [2012.07.25 21:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Ripchip\defogger_reenable [2012.07.25 21:07:50 | 000,050,477 | ---- | C] () -- C:\Users\Ripchip\Desktop\Defogger.exe [2012.07.25 20:58:41 | 000,001,712 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\00000001.@ [2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 19:29:17 | 000,583,680 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640.sys [2012.07.24 19:29:17 | 000,008,192 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640m.sys [2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.07.01 12:49:27 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.01 22:04:35 | 000,001,356 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat [2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012.07.20 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft [2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous [2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft [2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular [2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient [2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2 [2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org [2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin [2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u [2012.07.29 11:34:55 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify [2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer [2012.07.28 00:04:12 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client [2012.07.28 16:27:01 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.28 19:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.28 19:49:38 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > MfG |
|
30.07.2012, 07:01
| #7 |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hi, es sind noch Reste da... Fix für OTL:
Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
[2012.07.25 20:58:41 | 000,001,712 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\00000001.@
:Commands
[emptytemp]
[resethosts]
[Reboot]
Erstelle und poste ein neues OTL-Log... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
30.07.2012, 15:30
| #8 | |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hey, Hier die Results von OTL nach dem Fix: Zitat:
Hier ein neues OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.07.2012 16:23:03 - Run 4 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ripchip\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 59,89% Memory free 6,20 Gb Paging File | 4,85 Gb Available in Paging File | 78,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 223,35 Gb Free Space | 47,95% Space Free | Partition Type: NTFS Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.06.19 23:35:32 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Programme\Software4u\iDevice Manager\Software4u.IPELauncher.exe PRC - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 22:06:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe ========== Modules (No Company Name) ========== MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.11 03:10:51 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll MOD - [2012.05.11 03:10:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.11 03:10:26 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll MOD - [2012.05.11 03:10:23 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.11 03:10:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E) DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640) DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m) DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..network.proxy.http: "213.197.182.78" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions [2012.07.26 17:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions [2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.26 18:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.26 18:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI [2012.07.26 17:46:26 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.30 16:19:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 11:37:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.28 14:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.28 11:27:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.07.26 21:32:04 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\DoctorWeb [2012.07.26 20:40:06 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.26 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.07.26 17:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.07.25 21:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.25 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Google [2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.07.25 21:53:12 | 004,585,817 | ---- | C] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe [2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA [2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax [2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips [2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype [2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp [2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit [2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions [2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations [2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite [2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps [2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT [2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT [2012.07.01 13:23:24 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Documents\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2012.07.01 12:49:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2012.06.30 20:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net ========== Files - Modified Within 30 Days ========== [2012.07.30 16:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.30 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.30 16:20:43 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 16:20:43 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 16:20:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.30 16:20:35 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys [2012.07.30 16:19:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.26 21:22:56 | 090,096,896 | ---- | M] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe [2012.07.25 22:53:35 | 000,001,356 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat [2012.07.25 21:57:22 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 21:53:50 | 000,632,049 | ---- | M] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe [2012.07.25 21:53:46 | 002,117,108 | ---- | M] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip [2012.07.25 21:53:40 | 004,585,817 | ---- | M] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe [2012.07.25 21:08:29 | 000,000,000 | ---- | M] () -- C:\Users\Ripchip\defogger_reenable [2012.07.25 21:07:51 | 000,050,477 | ---- | M] () -- C:\Users\Ripchip\Desktop\Defogger.exe [2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.07.01 13:14:39 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk ========== Files Created - No Company Name ========== [2012.07.27 23:11:01 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys [2012.07.26 20:58:10 | 090,096,896 | ---- | C] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe [2012.07.25 21:57:22 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 21:53:49 | 000,632,049 | ---- | C] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe [2012.07.25 21:53:37 | 002,117,108 | ---- | C] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip [2012.07.25 21:08:29 | 000,000,000 | ---- | C] () -- C:\Users\Ripchip\defogger_reenable [2012.07.25 21:07:50 | 000,050,477 | ---- | C] () -- C:\Users\Ripchip\Desktop\Defogger.exe [2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 19:29:17 | 000,583,680 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640.sys [2012.07.24 19:29:17 | 000,008,192 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640m.sys [2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.07.01 12:49:27 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.01 22:04:35 | 000,001,356 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat [2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012.07.20 15:46:49 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft [2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous [2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft [2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular [2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient [2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2 [2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org [2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin [2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u [2012.07.30 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify [2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer [2012.07.28 00:04:12 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client [2012.07.30 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.30 16:27:01 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.30 16:19:10 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > MfG |
|
30.07.2012, 16:03
| #9 |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hi, hmm, ein Verzeichnis hat überlebt, da setzen wir jetzt CF drauf an... ComboFix-Script Die nachfolgenden Zeilen (ohne Zitat!) abkopieren und in den Windows-Editor(start->Programme->zubehör->edior) kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!). Code:
ATTFilter
KILLALL::
ROOTKIT::
C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA
(Maustaste loslassen, nennt man "Drag-and-Drop";o). Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log! Bis auf das sieht es recht gut aus... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
30.07.2012, 16:29
| #10 |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hey, Hab übrigens immer noch ein Problem das seit dem das mit den Trojaner und so etc. aufgetaucht ist mein Internet extrem langsam ist.. die beiden anderen Pc's im Haus sind normal meiner gurkt aber mit Ø50kb/s herrum anstatt meiner 240kb/s..  hier das CFLog: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-30.01 - Ripchip 30.07.2012 17:15:24.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.3070.1871 [GMT 2:00]
ausgeführt von:: c:\users\Ripchip\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Ripchip\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-28 bis 2012-07-30 ))))))))))))))))))))))))))))))
.
.
2012-07-28 09:27 . 2012-07-28 09:27 -------- d-----w- c:\windows\Sun
2012-07-26 19:32 . 2012-07-28 15:21 -------- d-----w- c:\users\Ripchip\DoctorWeb
2012-07-26 18:40 . 2012-07-26 18:40 -------- d-----w- C:\_OTL
2012-07-26 16:09 . 2012-07-26 16:08 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-26 16:08 . 2012-07-26 16:08 -------- d-----w- c:\program files (x86)\Java
2012-07-25 19:57 . 2012-07-25 19:57 -------- d-----w- c:\program files\CCleaner
2012-07-25 19:55 . 2012-07-26 18:45 -------- d-----w- c:\program files (x86)\Google
2012-07-25 19:55 . 2012-07-25 19:59 -------- d-----w- c:\users\Ripchip\AppData\Local\Google
2012-07-25 18:52 . 2012-07-25 18:53 -------- d-----w- c:\programdata\7531E8D01B24231F3A10F45F2F3B6FDA
2012-07-25 09:49 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05D612CA-A9DD-4194-806B-C1EA9E02DCA2}\mpengine.dll
2012-07-24 17:30 . 2012-07-24 17:30 -------- d-----w- c:\program files\DIFX
2012-07-24 17:29 . 2009-06-15 07:25 8192 ----a-w- c:\windows\system32\drivers\SPC640m.sys
2012-07-24 17:29 . 2009-06-15 07:25 583680 ----a-w- c:\windows\system32\drivers\SPC640.sys
2012-07-24 17:29 . 2009-06-15 07:25 323584 ----a-w- c:\windows\SysWow64\stvspc.ax
2012-07-24 17:29 . 2012-07-24 17:29 -------- d-----w- c:\windows\Philips
2012-07-24 17:29 . 2012-07-24 17:29 -------- d-----w- c:\program files (x86)\Common Files\SPC640NC
2012-07-24 17:29 . 2009-06-15 07:04 1919968 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2012-07-24 17:29 . 2009-06-15 07:03 113664 ----a-w- c:\windows\system32\drivers\phaudlwr.sys
2012-07-24 15:31 . 2012-07-30 14:13 -------- d-----w- c:\users\Ripchip\AppData\Roaming\Skype
2012-07-24 15:31 . 2012-07-24 15:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-07-24 15:31 . 2012-07-24 15:31 -------- d-----r- c:\program files (x86)\Skype
2012-07-24 15:31 . 2012-07-24 15:31 -------- d-----w- c:\programdata\Skype
2012-07-24 11:07 . 2012-07-24 11:07 -------- d-----w- c:\users\Ripchip\AppData\Roaming\IDMComp
2012-07-24 11:07 . 2012-07-24 11:07 -------- d-----w- c:\programdata\IDMComp
2012-07-24 10:54 . 2012-07-24 10:54 -------- d-----w- c:\program files (x86)\IDM Computer Solutions
2012-07-24 10:53 . 2012-07-24 10:53 -------- d-----w- c:\users\Ripchip\AppData\Local\Downloaded Installations
2012-07-24 10:48 . 2012-07-24 10:48 -------- d-----w- c:\program files\Software4u
2012-07-24 10:48 . 2012-07-24 10:48 -------- d-----w- c:\program files (x86)\System.Data.SQLite
2012-07-09 15:42 . 2012-07-24 16:23 -------- d-----w- c:\users\Ripchip\AppData\Roaming\Foxit Software
2012-07-09 15:41 . 2012-07-09 15:41 -------- d-----w- c:\program files (x86)\Foxit Software
2012-07-09 15:35 . 2012-07-09 15:35 -------- d-----w- c:\users\Ripchip\AppData\Local\Apps
2012-07-04 20:24 . 2012-07-04 20:24 -------- d-----w- c:\program files (x86)\ROCCAT
2012-07-04 20:24 . 2001-09-05 19:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-04 20:24 . 2001-09-05 02:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-07-04 20:24 . 2001-09-05 02:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-07-04 20:24 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-07-04 20:23 . 2002-07-25 14:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-07-01 10:49 . 2012-07-01 11:23 -------- d-----w- c:\program files (x86)\Diablo III
2012-07-01 10:49 . 2012-07-01 11:14 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-01 10:49 . 2012-07-01 11:14 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-06-30 18:30 . 2012-06-30 18:30 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 16:08 . 2012-03-19 21:28 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-03-26 16:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-24 20:26 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 20:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 20:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 20:26 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 20:26 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-24 20:26 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 20:26 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-24 20:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 20:26 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-24 20:26 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 13:19 . 2012-06-24 20:26 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:19 . 2012-06-24 20:26 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 13:15 . 2012-06-24 20:26 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 13:12 . 2012-06-24 20:26 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-31 10:25 . 2012-03-19 21:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-09 20:07 . 2012-03-31 18:10 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 20:07 . 2012-03-31 18:10 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-24 12:50 . 2012-03-22 17:18 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"iDevice Manager Launcher"="c:\program files\Software4u\iDevice Manager\Software4u.IPELauncher.exe" [2012-06-19 132608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job
- c:\users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-28 14:22]
.
2012-07-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job
- c:\users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-28 14:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.178.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ripchip\AppData\Roaming\Mozilla\Firefox\Profiles\dsandmbp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: network.proxy.http - 213.197.182.78
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-30 17:28:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-30 15:28
.
Vor Suchlauf: 8 Verzeichnis(se), 239.647.862.784 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 239.313.043.456 Bytes frei
.
- - End Of File - - DDB8EDDD69C888DBDD46CE1A72542C88
Geändert von RIpchip (30.07.2012 um 16:41 Uhr) |
|
30.07.2012, 21:05
| #11 |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hi, das Teil ist nach wie vor da... 2012-07-25 18:52 . 2012-07-25 18:53 -------- d-----w- c:\programdata\7531E8D01B24231F3A10F45F2F3B6FDA hmm, die Killbox hilft leider nicht bei Verzeichnissen... OTL:
Code:
ATTFilter
:REG
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:0x00
"FirewallOverride"=dword:0x00
:Commands
[purity]
[emptytemp]
[Reboot]
Dann schauen wir mal was Hitman meint... Hitman Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten. ACHTUNG: Firewall muss für Hitman geöffnet sein (Zugriff unbedingt erlauben!) Downloads - SurfRight Für die Beseitigung kann eine temp. Lizenz (30 Tage) georderter werden (gibt dazu einen Reiter ;o)... . Nach den 30 Tagen deinstallieren, dann entfernt er nichts mehr (außer Ihr erwerbt eine Lizenz)... Prüfen wir das Internet... Lade Dir Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe runter, starte ihn und wähle folgende Optionen aus:
Starte durch "Scan". Das Logfile (FSS.txt) wird in dem Arbeitsverzeichnis erstellt. Log hier posten chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
31.07.2012, 15:53
| #12 | |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hey, die Results von OTL hatte ich ausversehen weggeklickt.. hab dann da gesucht %systemroot%\_OTL aber das gibt es bei mir nicht... :/ Hier das Log von Hitman: Code:
ATTFilter HitmanPro 3.6.1.163
www.hitmanpro.com
Computer name . . . . : RIPCHIP-PC
Windows . . . . . . . : 6.0.2.6002.X64/4
User name . . . . . . : Ripchip-PC\Ripchip
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2012-07-31 16:37:16
Scan mode . . . . . . : Normal
Scan duration . . . . : 9m 43s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 2
Traces . . . . . . . : 2
Objects scanned . . . : 2.479.498
Files scanned . . . . : 22.052
Remnants scanned . . : 335.453 files / 2.121.993 keys
Malware remnants ____________________________________________________________
C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\L\ (ZeroAccess) -> Deleted
C:\Users\Ripchip\AppData\Local\{0d1bd6ca-450a-b84b-75dd-b860a1aff568}\U\ (ZeroAccess) -> Deleted
Hier das Log von FFS: Zitat:
EDIT:// Mein Internet geht wieder normal das Problem hat sich einfach aufgelöst MfG |
|
01.08.2012, 07:20
| #13 |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hi, das ist recht gut aus, Hitmann hat zumindest Teile des Rootkits erwischt... Erstelle und poste nochmal ein neues OTL-Log & ein OSA-Log wie folgt: OSAM Prüft Programme/Treiber die gestartet werden online. Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
01.08.2012, 15:24
| #14 |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hey, hier das OTL Log: Code:
ATTFilter OTL logfile created on: 01.08.2012 16:09:49 - Run 5 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Ripchip\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 47,09% Memory free 6,20 Gb Paging File | 4,41 Gb Available in Paging File | 71,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 220,67 Gb Free Space | 47,38% Space Free | Partition Type: NTFS Computer Name: RIPCHIP-PC | User Name: Ripchip | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe PRC - [2012.07.18 22:11:28 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.06.19 23:35:32 | 000,132,608 | ---- | M] (Marx Softwareentwicklung - www.software4u.de) -- C:\Programme\Software4u\iDevice Manager\Software4u.IPELauncher.exe PRC - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 22:06:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.07.12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe ========== Modules (No Company Name) ========== MOD - [2012.07.18 22:11:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.05.11 03:10:51 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll MOD - [2012.05.11 03:10:31 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll MOD - [2012.05.11 03:10:26 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll MOD - [2012.05.11 03:10:23 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll MOD - [2012.05.11 03:10:16 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll MOD - [2012.02.20 22:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 22:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.18 22:11:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.06.20 15:54:24 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.09 22:06:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 22:06:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.24 14:50:46 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.09 22:07:02 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.09 22:07:02 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.24 14:50:38 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC) DRV:64bit: - [2012.01.24 14:50:38 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ESLvnic.sys -- (ESLvnic1) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.02 17:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.08.17 20:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.08.05 06:18:34 | 000,057,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E) DRV:64bit: - [2009.06.15 09:25:44 | 000,583,680 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640.sys -- (SPC640) DRV:64bit: - [2009.06.15 09:25:44 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPC640m.sys -- (SPC640m) DRV:64bit: - [2009.06.15 09:03:00 | 000,113,664 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys -- (phaudlwr) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2006.11.03 02:00:00 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..network.proxy.http: "213.197.182.78" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Ripchip\AppData\Local\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 22:11:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.19 00:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Extensions [2012.07.26 17:46:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions [2012.03.31 20:31:47 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ripchip\AppData\Roaming\mozilla\Firefox\Profiles\dsandmbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.26 18:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.26 18:09:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.04.05 15:02:46 | 000,005,582 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI [2012.07.26 17:46:26 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\RIPCHIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DSANDMBP.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.07.18 22:11:28 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.30 17:22:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKCU..\Run: [Facebook Update] C:\Users\Ripchip\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5F2FC3-9004-4B89-A5B9-0A093CE1D45F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8B7EF2-E8EF-49AF-83BB-FDE2AC72D29C}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O24 - Desktop BackupWallPaper: C:\Users\Ripchip\Desktop\Sonstiges\Bilder\Logo Ripchip.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.01 16:11:04 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\Desktop\osam_autorun_manager_5_0_portable [2012.07.31 16:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012.07.31 16:32:38 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\Ripchip\Desktop\FSS.exe [2012.07.31 16:27:59 | 008,854,904 | ---- | C] (SurfRight B.V.) -- C:\Users\Ripchip\Desktop\HitmanPro36_x64.exe [2012.07.30 17:28:46 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.07.30 17:22:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.07.30 17:09:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.30 17:09:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.30 17:09:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.30 17:09:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.30 17:09:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.29 11:37:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.28 14:53:45 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.07.28 11:27:53 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.07.26 21:32:04 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\DoctorWeb [2012.07.26 20:40:06 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.26 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.07.26 17:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.07.25 21:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.25 21:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Google [2012.07.25 21:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.07.25 21:53:12 | 004,722,436 | R--- | C] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe [2012.07.25 20:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\7531E8D01B24231F3A10F45F2F3B6FDA [2012.07.24 19:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.07.24 19:29:17 | 000,323,584 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax [2012.07.24 19:29:11 | 000,113,664 | ---- | C] (Philips Applied Technologies) -- C:\Windows\SysNative\drivers\phaudlwr.sys [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC640NC [2012.07.24 19:29:11 | 000,000,000 | ---D | C] -- C:\Windows\Philips [2012.07.24 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Skype [2012.07.24 17:31:10 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.07.24 17:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.07.24 17:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\IDMComp [2012.07.24 13:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IDMComp [2012.07.24 12:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraEdit [2012.07.24 12:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions [2012.07.24 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Downloaded Installations [2012.07.24 12:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Software4u [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System.Data.SQLite [2012.07.24 12:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System.Data.SQLite [2012.07.24 12:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012.07.09 17:42:41 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.07.09 17:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2012.07.09 17:35:54 | 000,000,000 | ---D | C] -- C:\Users\Ripchip\AppData\Local\Apps [2012.07.04 22:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT [2012.07.04 22:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT ========== Files - Modified Within 30 Days ========== [2012.08.01 16:10:39 | 004,272,474 | ---- | M] () -- C:\Users\Ripchip\Desktop\osam_autorun_manager_5_0_portable.rar [2012.08.01 16:05:23 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 16:05:23 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.01 16:05:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.01 16:05:13 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys [2012.07.31 22:27:02 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.31 16:32:52 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\Ripchip\Desktop\FSS.exe [2012.07.31 16:32:27 | 008,854,904 | ---- | M] (SurfRight B.V.) -- C:\Users\Ripchip\Desktop\HitmanPro36_x64.exe [2012.07.31 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.30 17:22:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.30 17:08:48 | 004,722,436 | R--- | M] (Swearware) -- C:\Users\Ripchip\Desktop\ComboFix.exe [2012.07.29 11:37:37 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Ripchip\Desktop\OTL.exe [2012.07.26 21:22:56 | 090,096,896 | ---- | M] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe [2012.07.25 22:53:35 | 000,001,356 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat [2012.07.25 21:57:22 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 21:53:50 | 000,632,049 | ---- | M] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe [2012.07.25 21:53:46 | 002,117,108 | ---- | M] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip [2012.07.24 19:31:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 17:31:11 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | M] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.07.22 22:15:45 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.18 22:14:30 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.18 22:14:30 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.18 22:14:30 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.18 22:14:30 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.18 22:14:30 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.17 14:36:08 | 000,005,632 | ---- | M] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.08.01 16:10:17 | 004,272,474 | ---- | C] () -- C:\Users\Ripchip\Desktop\osam_autorun_manager_5_0_portable.rar [2012.07.30 17:09:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.30 17:09:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.30 17:09:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.30 17:09:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.30 17:09:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.27 23:11:01 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys [2012.07.26 20:58:10 | 090,096,896 | ---- | C] () -- C:\Users\Ripchip\Desktop\drweb-cureit.exe [2012.07.25 21:57:22 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.25 21:53:49 | 000,632,049 | ---- | C] () -- C:\Users\Ripchip\Desktop\adwcleaner.exe [2012.07.25 21:53:37 | 002,117,108 | ---- | C] () -- C:\Users\Ripchip\Desktop\tdsskiller.zip [2012.07.24 19:31:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf [2012.07.24 19:29:17 | 000,583,680 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640.sys [2012.07.24 19:29:17 | 000,008,192 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\SPC640m.sys [2012.07.24 17:31:11 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.24 12:54:35 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\UltraEdit.lnk [2012.07.24 12:48:20 | 000,001,971 | ---- | C] () -- C:\Users\Ripchip\Desktop\iDevice Manager.lnk [2012.05.01 22:04:35 | 000,001,356 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps.dat [2012.04.24 18:08:37 | 001,537,614 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.22 19:18:54 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe [2012.03.20 17:39:42 | 000,005,632 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.19 17:17:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.03.19 17:17:26 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.03.19 17:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.03.19 17:16:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.03.18 23:53:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.03.18 23:53:15 | 000,035,881 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.03.18 23:40:53 | 000,000,732 | ---- | C] () -- C:\Users\Ripchip\AppData\Local\d3d9caps64.dat [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== LOP Check ========== [2012.07.31 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.minecraft [2012.06.25 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\.Nitrous [2012.03.31 20:31:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoft [2012.03.31 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.18 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\elsterformular [2012.07.24 18:23:57 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Foxit Software [2012.03.20 18:00:04 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient [2012.05.24 23:18:08 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\LolClient2 [2012.04.02 14:34:20 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\OpenOffice.org [2012.03.20 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Origin [2012.04.24 18:12:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Software4u [2012.07.30 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\Spotify [2012.06.13 17:27:48 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TeamViewer [2012.07.28 00:04:12 | 000,000,000 | ---D | M] -- C:\Users\Ripchip\AppData\Roaming\TS3Client [2012.07.31 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000Core.job [2012.07.31 22:27:02 | 000,001,146 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4226489665-394158821-3784408567-1000UA.job [2012.07.31 22:30:03 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Ich kann kein Log von OSAM Speicher wenn ich auf "Save Log" klicke.. passiert rein garnix.. :/ MfG |
|
01.08.2012, 15:36
| #15 |
| | TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... Hi, kannst Du das OSAM-Log abkopieren? Das OTL-Log sieht gut aus... nix mehr vom Rootkit zu sehen... Combofix deinstallieren: Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist. Combofix deinstallieren  Wie verhält sich der Rechner? chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu TR/ATRAPS.Gen2 - Live Security Platinum - Volles Programm... |
| antivir, application/pdf:, autorun, babylon toolbar, babylontoolbar, bho, bonjour, converter, error, fehler, firefox, flash player, format, google, grand theft auto, helper, install.exe, logfile, monitor.exe, mozilla, mp3, nvidia update, pando media booster, plug-in, port, registry, rundll, scan, search the web, searchscopes, security, software, spotify web helper, teamspeak, udp, vdeck.exe, vista, windows |
Linear-Darstellung
