|
Plagegeister aller Art und deren Bekämpfung: BKA Trojaner und noch mehr mit Malwarebytes gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.08.2012, 20:42 | #1 |
| BKA Trojaner und noch mehr mit Malwarebytes gefunden Hallo zusammen, ich bin seit gestern auch das Opfer des BKA Trojaners geworden, ohne dass ich so Recht weiß wie, und ich bin komplett unerfahren im Ausmerzen von sowas. Daher bräuchte ich etwas Hilfe. Der Trojaner sperrte mir den Desktop, nachdem ich den Browser ein paar Sekunden geöffnet hatte. Daher habe ich Malwarebytes (im normalen Modus, nicht abgesichert, weil mein Laptop beim Hochfahren im abgesicherten Modus nicht über eine bestimmte Datei rüberkam ) suchen lassen. Die Malware-Datenbank habe ich "offline" mit der mbam-rules.exe dazu geladen. Das Programm hat einiges gefunden, was ich in die Quarantäne verschoben habe. Danach konnte ich nach einem Neustart wieder ungehindert ins Netz. Weil ich mir über die Aktualität der Malware-Datenbank nicht sicher war, habe ich schnell online Malwarebytes aktualisiert und einen 2. Scan gestartet. Die beiden Suchläufe ergaben: Die Log-Files von Malwarebytes: 1. Durchgang: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Katharina :: KATHARINA-PC [Administrator] 01.08.2012 23:11:46 mbam-log-2012-08-01 (23-11-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 523442 Laufzeit: 3 Stunde(n), 11 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Backdoor.Agent) -> Bösartig: (C:\Users\Katharina\AppData\Roaming\appconf32.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\Windows\system32\userinit.exe,C:\Users\Katharina\AppData\Roaming\appconf32.exe,) Gut: (userinit.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Katharina\AppData\Local\Temp\5rEURRYE.exe.part (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_art-of-illusion.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_cdburnerxp-pro.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_cdrtfe.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_deepburner.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_google-sketchup.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Katharina\AppData\Local\Temp\deo0_sar.exe (Spyware.Zbot.DG) -> Löschen bei Neustart. C:\Program Files\php\php-5.3.5\ext\standard\tests\file\windows_acls\tiny.exe (RiskWare.TinyPE.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katharina\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.30.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Katharina :: KATHARINA-PC [Administrator] 01.08.2012 23:11:46 mbam-log-2012-08-01 (23-11-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 523442 Laufzeit: 3 Stunde(n), 11 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Backdoor.Agent) -> Bösartig: (C:\Users\Katharina\AppData\Roaming\appconf32.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bösartig: (C:\Windows\system32\userinit.exe,C:\Users\Katharina\AppData\Roaming\appconf32.exe,) Gut: (userinit.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 10 C:\Users\Katharina\AppData\Local\Temp\5rEURRYE.exe.part (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_art-of-illusion.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_cdburnerxp-pro.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_cdrtfe.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_deepburner.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Downloads\Software\SoftonicDownloader_fuer_google-sketchup.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt. C:\Users\Katharina\AppData\Local\Temp\deo0_sar.exe (Spyware.Zbot.DG) -> Löschen bei Neustart. C:\Program Files\php\php-5.3.5\ext\standard\tests\file\windows_acls\tiny.exe (RiskWare.TinyPE.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Katharina\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart. C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL.txt: Code:
ATTFilter OTL logfile created on: 02.08.2012 20:47:28 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Katharina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,25% Memory free 4,23 Gb Paging File | 3,07 Gb Available in Paging File | 72,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,36 Gb Total Space | 60,09 Gb Free Space | 27,14% Space Free | Partition Type: NTFS Drive D: | 11,52 Gb Total Space | 1,68 Gb Free Space | 14,59% Space Free | Partition Type: NTFS Computer Name: KATHARINA-PC | User Name: Katharina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.02 18:12:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe PRC - [2012.05.08 20:41:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:41:31 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 20:41:30 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 20:41:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.08.27 14:34:54 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.24 22:16:56 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe PRC - [2010.05.02 14:23:58 | 000,212,992 | ---- | M] () -- C:\Program Files\Hotkey Master\HotkeyMaster.exe PRC - [2010.03.20 00:08:33 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.09.15 10:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.05.02 14:23:58 | 000,212,992 | ---- | M] () -- C:\Program Files\Hotkey Master\HotkeyMaster.exe MOD - [2007.09.30 20:34:52 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll MOD - [2007.09.30 20:34:42 | 000,255,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll MOD - [2007.09.30 20:34:42 | 000,120,208 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll MOD - [2007.09.30 20:34:42 | 000,038,184 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll MOD - [2007.09.30 20:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll MOD - [2007.08.14 15:43:46 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.29 21:39:58 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.28 10:38:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.08 20:41:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 20:41:30 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.06.24 22:16:56 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe -- (NovacomD) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.08.02 20:32:21 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\mrwuqood.sys -- (wwcthm) DRV - [2012.05.08 20:41:38 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:41:38 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.11.17 15:37:16 | 000,441,608 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2011.11.17 15:37:16 | 000,277,576 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Uim_Vim.sys -- (Uim_Vim) DRV - [2011.11.17 15:37:16 | 000,045,240 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\UimBus.sys -- (UimBus) DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.22 13:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.01.22 13:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.09.05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr) DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008.11.16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\dne2000.sys -- (DNE) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.03.04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007.10.18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.09.10 00:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007.07.11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.04.03 11:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.03.07 04:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.16 23:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKLM\..\SearchScopes,DefaultScope = {DE0A07AA-BDB3-475C-AB03-039789E444B3} IE - HKLM\..\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=102e6be4000000000000001f3a45c694 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=102e6be4000000000000001f3a45c694 IE - HKCU\..\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - user.js..browser.search.selectedEngine: "Google" FF - user.js..browser.search.order.1: "Google" FF - user.js..browser.search.defaultenginename: "Google" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.20 00:09:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011.08.27 14:37:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.19 15:42:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Katharina\AppData\Roaming\14001.007 [2012.07.30 16:16:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 21:39:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.13 22:45:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Katharina\AppData\Roaming\14001.007 [2012.07.30 16:16:43 | 000,000,000 | ---D | M] [2010.03.19 22:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Extensions [2012.07.20 07:16:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions [2010.05.03 11:52:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.05.03 20:32:30 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29} [2012.06.28 20:03:16 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.04 00:17:14 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.30 23:15:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\engine@conduit.com [2012.06.29 22:33:12 | 000,000,853 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\11-suche.xml [2012.06.29 22:33:12 | 000,002,209 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\englische-ergebnisse.xml [2012.06.29 22:33:11 | 000,010,506 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\gmx-suche.xml [2012.06.29 22:33:12 | 000,002,368 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\lastminute.xml [2012.06.29 22:33:11 | 000,005,489 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\searchplugins\webde-suche.xml [2012.06.11 20:36:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.05.05 11:00:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.30 16:16:43 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KATHARINA\APPDATA\ROAMING\14001.007 [2012.07.20 07:16:46 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HK9Q3KG1.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI [2012.05.26 08:57:03 | 000,115,451 | ---- | M] () (No name found) -- C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HK9Q3KG1.DEFAULT\EXTENSIONS\{268AD77E-CFF8-42D7-B479-DA60A7B93305}.XPI [2012.06.29 22:32:57 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\KATHARINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HK9Q3KG1.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.07.29 21:39:58 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.25 11:09:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.01.25 12:55:14 | 000,644,096 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2009.10.26 16:53:52 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll [2012.02.13 22:27:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.04 20:31:17 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.02.13 22:27:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.13 22:27:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.03.20 00:26:21 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2012.02.13 22:27:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.13 22:27:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.13 22:27:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HotkeyMaster] C:\Program Files\Hotkey Master\HotkeyMaster.exe () O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems) O4 - Startup: C:\Users\Katharina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey Master.lnk = C:\Program Files\Hotkey Master\HotkeyMaster.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Katharina\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Katharina\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Katharina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Katharina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O8 - Extra context menu item: RF - Formular speichern - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html () O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html () O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\StepOne\bonjour\mdnsNSP.dll (Apple Computer, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7EB2489-4512-4418-831E-06F83B56AE0D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC3A04A0-F023-46A4-B61A-61A52850D1EC}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.02 20:45:53 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe [2012.08.01 22:55:27 | 000,000,000 | ---D | C] -- C:\archive_db [2012.08.01 22:51:07 | 000,000,000 | ---D | C] -- C:\Neuer Ordner 1 [2012.08.01 22:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\backup [2012.08.01 22:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher [2012.08.01 22:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher [2012.08.01 22:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free [2012.08.01 22:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software [2012.08.01 21:12:05 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\Malwarebytes [2012.08.01 21:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.01 21:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.01 21:11:39 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.01 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.30 18:07:47 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\UAs [2012.07.30 16:16:43 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\14001.007 [2012.07.29 20:16:49 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\13001.031 [2012.07.29 20:16:07 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\xmldm [2012.07.29 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\kock [2009.11.21 17:54:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Katharina\AppData\Roaming\pcouffin.sys [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Katharina\AppData\Roaming\*.tmp files -> C:\Users\Katharina\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.02 20:45:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.02 20:41:07 | 000,634,424 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.02 20:41:07 | 000,601,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.02 20:41:07 | 000,128,122 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.02 20:41:07 | 000,105,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.02 20:32:21 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\mrwuqood.sys [2012.08.02 20:04:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.02 19:20:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 19:20:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.02 18:12:50 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Katharina\Desktop\OTL.exe [2012.08.02 17:22:24 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2012.08.02 17:21:09 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.02 17:20:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.02 17:20:38 | 2146,406,400 | -HS- | M] () -- C:\hiberfil.sys [2012.08.01 23:03:02 | 000,007,916 | ---- | M] () -- C:\Users\Katharina\AppData\Local\d3d9caps.dat [2012.08.01 22:32:41 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk [2012.08.01 21:11:41 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.01 18:23:00 | 000,192,000 | ---- | M] () -- C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.31 15:26:27 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.07.31 15:25:43 | 000,001,863 | ---- | M] () -- C:\Users\Katharina\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.07.31 15:25:43 | 000,001,792 | ---- | M] () -- C:\Users\Katharina\Desktop\Avira DE-Cleaner.lnk [2012.07.31 14:07:22 | 000,000,034 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\blckdom.res [2012.07.30 16:16:32 | 000,006,400 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\BAcroIEHelpe178.dll [2012.07.19 22:29:18 | 000,543,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Katharina\AppData\Roaming\*.tmp files -> C:\Users\Katharina\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.02 20:32:21 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\mrwuqood.sys [2012.08.01 22:32:41 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2012 Free.lnk [2012.08.01 21:11:41 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.31 15:19:14 | 000,001,863 | ---- | C] () -- C:\Users\Katharina\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.07.31 15:19:14 | 000,001,792 | ---- | C] () -- C:\Users\Katharina\Desktop\Avira DE-Cleaner.lnk [2012.07.31 13:32:57 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.30 16:16:32 | 000,006,400 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\BAcroIEHelpe178.dll [2012.07.29 20:16:19 | 000,000,034 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\blckdom.res [2012.05.15 23:09:51 | 000,077,824 | R--- | C] () -- C:\Windows\System32\sasperf.dll [2012.03.18 00:15:21 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin [2011.06.01 23:39:56 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini [2011.02.28 18:59:42 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.02.06 00:03:13 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2011.01.30 21:36:58 | 000,000,239 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\prefsdb.dat [2010.12.19 17:39:40 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI [2010.12.08 21:34:42 | 000,003,492 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\kat.xml [2010.12.08 21:29:03 | 000,001,125 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\users.xml [2010.09.14 20:54:05 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.09.14 20:54:05 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.04.24 09:27:52 | 000,017,408 | ---- | C] () -- C:\Users\Katharina\AppData\Local\WebpageIcons.db [2010.04.16 21:26:51 | 000,000,136 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\wklnhst.dat [2010.04.08 20:59:50 | 000,007,916 | ---- | C] () -- C:\Users\Katharina\AppData\Local\d3d9caps.dat [2009.11.21 17:54:55 | 000,087,608 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\inst.exe [2009.11.21 17:54:55 | 000,007,887 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\pcouffin.cat [2009.11.21 17:54:55 | 000,001,144 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\pcouffin.inf [2009.09.21 22:06:33 | 000,138,409 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.09.21 22:06:33 | 000,138,409 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.09.18 21:46:40 | 000,027,715 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\nvModes.001 [2009.09.18 21:46:30 | 000,027,715 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\nvModes.dat [2009.09.17 21:52:27 | 000,192,000 | ---- | C] () -- C:\Users\Katharina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2012.07.29 20:16:49 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\13001.031 [2012.07.30 16:16:43 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\14001.007 [2012.04.09 18:15:32 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\4 Friends Games [2012.04.09 11:11:34 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Alawar [2012.02.19 13:45:18 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Alawar Entertainment [2012.04.07 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\AlawarEntertainment [2011.05.25 21:23:59 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Amazon [2012.03.31 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Anuman [2012.04.06 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Artogon [2011.08.16 20:53:59 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Auslogics [2011.10.04 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Babylon [2012.02.19 13:46:04 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Big Fish Games [2010.05.13 10:23:08 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\BITS [2010.03.07 23:56:16 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Canneverbe Limited [2012.04.01 00:26:48 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Casual Box [2012.03.31 01:28:14 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Deep Shadows [2012.05.15 18:57:18 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DeepBurner [2012.03.19 23:42:55 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DesktopIconForAmazon [2012.04.29 10:30:49 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DVDVideoSoft [2011.11.02 13:02:39 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.02 21:59:21 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\EleFun Games [2012.05.28 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\EndNote [2012.02.19 13:51:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\ERS Game Studios [2010.03.20 12:05:43 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\FlashGet [2010.05.13 10:27:03 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\FlashGetBHO [2010.05.13 10:27:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\FlashgetSetup [2012.05.27 15:30:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Free Download Manager [2012.04.08 23:53:45 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Friday's games [2012.05.06 13:26:56 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\GameDevo [2012.04.03 00:21:25 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\GameInvest [2012.04.06 18:43:06 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\GameMill Entertainment [2012.04.09 13:10:14 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\GO Games [2012.03.31 17:36:00 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\HitPoint Studios [2010.03.19 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\IrfanView [2012.03.08 23:24:37 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Jason Robitaille [2010.03.19 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\KLS Soft [2012.07.29 20:16:06 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\kock [2012.04.29 20:48:38 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Lazy Turtle Games [2012.03.30 23:47:11 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\MagicIndie [2012.03.31 12:17:19 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Mariaglorum [2010.03.19 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Mp3tag [2012.04.09 20:50:33 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\My Games [2012.04.10 22:29:32 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Natural Threat.Ominous Shores [2010.04.16 23:04:27 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\OpenOffice.org [2012.04.10 22:31:47 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Orneon [2010.05.21 22:27:50 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\SanDisk [2012.05.16 00:17:57 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\SAS [2012.03.30 22:25:21 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Top Evidence [2012.07.31 14:06:11 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\UAs [2012.03.31 10:15:54 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Vogat Interactive [2010.03.07 23:13:10 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Vso [2012.07.31 14:07:23 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\xmldm [2012.03.20 00:28:40 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\YoudaGames [2011.08.15 22:03:48 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Zylom [2012.08.02 17:19:28 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:A7DA2BCD @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:AABCC5A7 @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:CAC06C34 @Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:4D46D04F @Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:6F2340BB @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:EE2DD6CC @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:AD2DB2F9 @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:AEEC88F6 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:46283136 @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1604D047 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:1D6B18F1 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:961B84C5 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6E2D80C8 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:54380FEC @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:4244811A @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2A874675 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:ED2D63E4 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AABECEFB @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:63210866 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:466FA8C3 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3EC5BC08 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:23834E1E @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C10635F6 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:B097AC8A @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:79875988 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4C6F9D77 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:3A7527E8 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:C7F08EA3 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6EE8565A @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0EC7A545 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FAB64002 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:ED51D3ED @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8B4B9596 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:834DD57E @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:769BB147 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E7B4296D @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DC0B1070 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C178954A @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:AB3339EF @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9195103F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D8FCBEF @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:27A88EF2 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:164561C8 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BEA2EFEE @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:9FD757A9 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:479B1CF9 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:386B39C3 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E9FAC3AB @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C76CFF82 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:58E38390 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:13019F4B @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D6D084A5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CBAF0C30 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A88BE334 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A0921B2C @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:88A44CC1 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:864881BF @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:69AF9D20 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2CB9631F @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0FE0A03C @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:041C0562 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:FFD58FFB @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A819A132 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5164A01F @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4D551822 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3969ACF7 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:E6537A16 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4558A0B @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C9B27A06 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AA0017FD @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A5584049 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8BE7A048 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:041ED421 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:00D99749 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DDF112BD @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B64F7263 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:553056F1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:B3196E8D @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:99B20AD0 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:94874C0A @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:943971F5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:488F7244 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:474022C7 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:38FF076E @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:981456CB @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:6247E766 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EDC744FB @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:DCA79AB3 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BE0654D6 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6D89509 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9EE6560D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:587F3582 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4FA837B4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2211E7A0 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:14B2E0BD @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:08E5EE32 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:E80802C7 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C2F24DB5 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C0893153 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:99AC3203 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3E200C29 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E5B07840 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7ADB695A @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4EC7F009 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E6C6EB3B @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A8185163 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8855A119 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5CE91C67 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2652902F @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0696EC8E @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:95079543 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:75798D9A @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5E73E1C2 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FB4262DE @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D3A89E47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:94B46CA2 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1B389835 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:F3EFA8A8 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D9771F40 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:6F0B6A5A @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56FBA78D @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2CED8825 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E894A3ED @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:DBC3D477 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A9223B61 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:774C075A @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:689AB7E9 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:569CEE83 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1B96CF22 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1A15E356 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BF640EE5 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B1786630 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A441D13F @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8204AA35 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:7E4E56EA @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:6B7447D4 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:627153F1 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4F7FE589 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:404908B5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B845F669 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AAA06E15 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A798AA1A @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9BAC4211 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8AE92FD3 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:697DDE2B @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:51E66512 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3DB6F365 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D31BE97C @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C22674B6 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:AFC732F7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5520ED93 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:3B75B877 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:268BA8AB @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:EC0A74A1 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E6708F08 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E3615992 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:BE40C8A2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B1381B34 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A0CB43B2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:71612023 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:397D67BA @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3086B95F @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:B0456F0C @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:59465B40 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:55818279 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2B9555D8 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0785072C @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B6E6C4EA @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A60D0FA6 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:40EE25BB @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2D2461E7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:109734F6 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F5B51004 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:98982C88 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:774A0E14 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5C4A588B @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57176330 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:206470A5 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E2CFA9CD @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C5DC2B0C @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:AECF4772 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:51F17BB8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5197985B @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:32FFF2D1 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:29F0CA7D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E5BA9ADD @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E411AA0D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DB2748F7 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:CF61CE5A @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A9ABA3FF @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A4E7D25F @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A02025CE @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3D36932D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2AF322BF @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:26499772 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:1CB96B16 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:B139DDF3 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0F0A5896 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:29861223 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:9491C9C7 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:93D985FC @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:EF0C5444 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:D055FC10 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CDCDE97C @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6378B6B8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:C4A88D6B @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BD34FFC5 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:AEBC40EC @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3E06C78F @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:124B94C0 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:57B2B96C @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:95198126 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:45912F61 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:A56D6987 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:2BC498A4 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:E690114B @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:5E9B629B @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:0ED4AC2F < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.08.2012 20:47:28 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Katharina\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,25% Memory free 4,23 Gb Paging File | 3,07 Gb Available in Paging File | 72,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,36 Gb Total Space | 60,09 Gb Free Space | 27,14% Space Free | Partition Type: NTFS Drive D: | 11,52 Gb Total Space | 1,68 Gb Free Space | 14,59% Space Free | Partition Type: NTFS Computer Name: KATHARINA-PC | User Name: Katharina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\Foto Paradies\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Foto Paradies] -- "C:\Program Files\dm\Foto Paradies\Foto Paradies.exe" "%1" () Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3562765014-649757542-1335759542-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 "C:\Users\Katharina\AppData\Roaming\FlashgetSetup\fgmini.exe" = C:\Users\Katharina\AppData\Roaming\FlashgetSetup\fgmini.exe:*:Enabled:fg_ol_silent -- (Flashget) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04F49504-9DCE-4529-856E-9612B340658A}" = lport=2869 | protocol=6 | dir=in | app=system | "{0DE8BA26-F409-4871-ACBC-098FE18B604E}" = rport=10244 | protocol=6 | dir=out | app=system | "{22959358-BAC2-4A77-BBD2-6C95E322CD46}" = lport=139 | protocol=6 | dir=in | app=system | "{38E628C1-B1EF-41C4-BB14-6B9A31D72758}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{4A474972-DF22-450F-ADCF-90E01D49FC51}" = lport=3390 | protocol=6 | dir=in | app=system | "{4F8C56AD-16C1-49DE-B140-909F753F96EE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{5A4A1824-B3B9-4A19-BFE7-02F726CC16FD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{62872685-CEF2-4831-829A-DAAF091D9DC8}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe | "{62F7B970-5C96-4872-875C-C3E4E3900054}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{7AB32694-2CE6-46AD-8D34-321248A102BF}" = lport=137 | protocol=17 | dir=in | app=system | "{7E7FE525-03FA-4306-AB7E-7532E4632A81}" = lport=138 | protocol=17 | dir=in | app=system | "{8F0C0F5F-7C7C-4014-A0ED-F49FCA32E095}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp4c\wnt500x86\rpcsandrasrv.exe | "{9BEB168E-5F4D-451E-AF23-6B98D91F409A}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe | "{A2B206AF-C5E9-4470-851E-D5B57E328711}" = rport=445 | protocol=6 | dir=out | app=system | "{ACC0E4DC-F283-472B-B203-F4D7D56419C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B2EEA14D-A39B-4479-80AB-C7DDFA9B2183}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BB6FA540-54A9-404A-8895-996BFBDDD9F8}" = rport=139 | protocol=6 | dir=out | app=system | "{BC8005D2-B851-4EE9-908D-6B24EE69E605}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{BD099054-1D76-41E7-AEA7-D1FDB1BBF44B}" = lport=445 | protocol=6 | dir=in | app=system | "{CBBD94BF-3F8A-4AB7-AE63-6AFEC3B2E6DA}" = rport=137 | protocol=17 | dir=out | app=system | "{CE4D18E2-6648-46A7-8642-ECDA542A3B7C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{CE8F1870-1D30-40C4-AA91-84A821761036}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{CF4C1064-B8E1-4D41-9676-FAE93183C4AB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D46C3DD8-BA6B-4664-8C39-D60790B67B24}" = rport=138 | protocol=17 | dir=out | app=system | "{F049BF66-5A8B-436D-A17D-EE236EE3BA65}" = lport=10244 | protocol=6 | dir=in | app=system | "{F62D44D3-815F-44CD-9C9A-91D00B819E16}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0076238C-89DD-4F3A-8C95-3C19B5616F17}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{04B1F9E9-16F5-4553-BFE6-DFA562350424}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{05E24CD9-223B-474B-9F05-B509A825B1A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{07384987-DD13-474E-862F-366D919761D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{08F102F1-FF8A-4961-827D-4B63DF6606D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0CEF96F7-4B2A-41F0-8C7C-9D39B1A16C17}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe | "{0FFD5ABE-9BB4-4873-8EA3-DE25FAA90BED}" = dir=in | app=c:\program files\msn messenger\livecall.exe | "{101411EC-DEC5-41CC-A293-3856337040FB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1318E709-A2C7-4637-820A-223267751B2C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1392FA11-EFCF-4214-B656-9AE28D8D07DB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{17F27D3E-35F3-45D2-98DE-7E73B1EC2569}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{194AAE26-41F9-4573-8EEF-CF343ED0D7D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1ECFC0E3-D7D0-475E-BD21-9F5827B790A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{269396CE-59AF-48FD-968F-7C9BACE476AA}" = protocol=6 | dir=in | app=c:\program files\chapura\chapura syncmanager\syncmgr.exe | "{2989E04A-50D0-4923-90CC-FC18DFEE2C10}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2C322FD3-D1B2-4777-9A84-13425D2AF471}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2D1FA36D-1E54-43D7-AEBE-B729546C78E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3B3CC67A-A535-475D-97A3-3E0A777A08B6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4D026394-083F-49F4-9FFA-F6CEE5F0D9ED}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{55C4ADA9-A826-4AC4-8168-0B185F4FE39B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5BA15A65-80D9-46B6-83CC-B0D50AABD2C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{5C1BDBCD-A111-4618-90CA-9FDBEE4144C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{65076D90-E8CF-45CC-A013-A167D76022E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{66074B32-3546-4A4E-A867-A8BD49A81E65}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{660E6FF0-5AA0-4740-8781-A37C7B3AACCD}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe | "{711B99CD-C82C-49EE-B4AC-2DEFD2107D7D}" = protocol=17 | dir=in | app=c:\program files\chapura\chapura syncmanager\syncmgr.exe | "{741A0EDD-D7E2-4E49-8458-4276EC2211CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{762A0A8D-1D51-4C25-8A7A-2F50DAB81F94}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{76713E1F-972F-430D-84FF-7216B3868CFA}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | "{791143AE-11E5-4C81-9BC0-E520AAAAAE95}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe | "{7EC15A72-658C-4D2C-96E3-24BB7EFE2611}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8088D790-24DF-4019-84B9-5C84A426B102}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{82BD6292-3753-4C8C-B85B-84D9D47E3E86}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{901582C4-5622-4058-A2BB-3A9244DD236D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{906AA88E-43F2-4416-9EBC-73A535232DE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{978AB02A-46AB-43B9-B11F-617CDA011CB3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9C2FDA0B-7EF0-4795-8F42-10794E564DAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AA3135AD-6724-40EF-88BA-5DE528F98F20}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AB8212E7-A0B6-4E5E-8615-8C4FF0EC5938}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AC9185C9-0E4E-4653-BF91-4E9FE56F4198}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ADACD454-D612-4B3D-907C-31DD25441097}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{ADDCA68C-6ADA-4B1E-9ECE-5FB2832F32CB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AF5D801F-422D-4DA1-BD89-A786D3FBF15E}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe | "{AFC3883B-4C86-4E5D-8E89-19F54C42B15E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B2CCD50B-81A7-4170-9679-B42C078B29CF}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{B320D48D-3A9D-4713-81D9-BCF9F96731AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{B419EE50-D6C2-4751-83E2-65A2530BFD81}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{B7C51C32-A808-45B7-A86A-7CA7680F9601}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C7C5A869-DC5E-414A-93BA-9089B9EB44E7}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{C8FB9FF2-2EF6-4A93-A547-652A05484348}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CC7B51C4-6F1E-415A-AA0E-EE6AB789CA31}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CEF34F11-96C1-4991-9F2A-0AF02D83FAAD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CF633656-7A67-471B-A7C4-9153B4C89A18}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D57A1752-4EB7-4CF1-9F75-2C1DD2708DCB}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{D81DCF4F-D3B7-40C9-8186-03D27A64E629}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{DDDE9E29-2ED3-4635-A96B-A847E7F001E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E3359551-1E54-4062-A89C-D162F6DFC4E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E439FB9B-A48A-488C-A816-54C7CD46256B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E64CC4F6-34F5-4422-ACCA-6B7FB4FAA276}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E84E99AF-5FCA-41C8-95B4-C90FF9CD38C0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{E8C98FBD-D254-4665-A082-8837AD91333B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EC9D8470-B581-41B4-B3A9-C9DF0CBF04AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{ECF2E487-025B-4DF9-8CC8-833359FBDAD3}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{EFEB2251-76DE-4172-B47A-EA410920546B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{F2CE2DC6-F90B-4C9B-9187-8E12BB617A50}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F46BE57C-49E5-4BEF-A94B-CED88BEC177D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F955D700-E67F-484D-9AF5-2AAF89E5C8B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FD892BC0-A28D-4F24-9DA4-A8432FC52D68}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{0D39E007-89FF-404E-AD24-061DBA654DCF}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{2E4C9F8A-A11C-4DCF-A985-7C1B5B781531}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{3D067203-CB5A-4C44-AD77-0451C0249322}C:\users\katharina\appdata\roaming\flashgetsetup\fgmini.exe" = protocol=6 | dir=in | app=c:\users\katharina\appdata\roaming\flashgetsetup\fgmini.exe | "TCP Query User{49D2FB28-55D8-4A22-BA75-2F7749E07C94}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | "TCP Query User{756DCAAE-0394-4EBA-A400-81CC6DF33244}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{B62ACAE4-AA04-4EFA-BE73-8B60BEC45E34}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | "TCP Query User{BD3C3FAA-E9D7-4FD5-B8BE-CC68958197A2}C:\program files\stepone\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\stepone\jre\bin\javaw.exe | "TCP Query User{E3ECB558-FEDB-47A5-B2B9-D41FD890B1D3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{17C73EC5-4DF7-4718-8E0C-DCAF2FFCD793}C:\program files\stepone\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\stepone\jre\bin\javaw.exe | "UDP Query User{326A1702-710F-4EE1-8AEF-926FBCFA6B16}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | "UDP Query User{721FD2D7-848B-43B3-AA56-3EC0598BC9B4}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{93E743AD-7072-4743-97D7-B5C2099DC8BF}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{A1D51BCA-6FDE-4C04-BF9C-A876348D9DBF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{DCA79B49-0AA6-443A-92E5-AFDD94EF34E2}C:\users\katharina\appdata\roaming\flashgetsetup\fgmini.exe" = protocol=17 | dir=in | app=c:\users\katharina\appdata\roaming\flashgetsetup\fgmini.exe | "UDP Query User{DEB3F722-62ED-41F8-9596-75EE249952E1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{E79DD19B-B786-4702-AC7D-F33513AEAEEB}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BBA8AC3-ACD0-4C10-8451-0A79D14227ED}" = JMPProfilerGUISetup "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D356AA9-2D0C-4373-A762-B42F1A289233}" = MSCU for Microsoft Vista "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CEE62F6-9280-4508-BB3B-F1F40F7440C9}" = StepOne Software v2.1 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{79680002-DB49-4811-8CE0-FD84F81E04C6}" = CNAG_3.3.0.0_Beta "{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4 "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6 "{97EC9C16-6682-4BE4-9122-B48A79006D9A}" = JMP 9 "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{99669D61-FF21-4A5D-9DCC-33DBCCCFDCF9}" = SAS Enterprise Guide 4.3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BA6E8AF-2122-4825-9B55-98BC351E3C94}" = ESU for Microsoft Vista "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A4B0BFFE-DADB-4D00-8C8B-26B6EA87FCC5}" = SAS/IML Studio 3.3 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements "{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3699351-FCC8-40C1-BB00-23E555A0E87E}" = JMPProfilerCoreSetup "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9390B82-786C-43CF-A970-D39E23EF0366}" = SAS 9.2 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1d8476e4fcca11dab0f6f685d746a93a" = SAS/SECURE Java 9.2 "332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AI RoboForm" = RoboForm 7-4-2 (All Users) "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Avira AntiVir Desktop" = Avira Free Antivirus "BabylonToolbar" = Babylon toolbar on IE "BFGC" = Big Fish Games: Game Manager "BFG-Haunted Legends - Die Pik-Dame" = Haunted Legends: Die Pik-Dame "CCleaner" = CCleaner "CDex" = CDex - Open Source Digital Audio CD Extractor "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "d512c678901db9d321c85ecf7c30ae2e" = SAS Deployment Tester - Client 1.3 "DivX Setup" = DivX-Setup "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei) "febb569a337f725f5f8607711f665d3b" = SAS Versioned Jar Repository 9.2 "ffdshow_is1" = ffdshow v1.1.3721 [2011-01-07] "FormatFactory" = FormatFactory 2.60 "Foto Paradies" = Foto Paradies "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8 "Free Download Manager_is1" = Free Download Manager 3.0 "Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5.4 "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.0.4.423 "Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Hotkey Master" = Hotkey Master "InstallShield_{6CEE62F6-9280-4508-BB3B-F1F40F7440C9}" = StepOne Software v2.1 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link "IrfanView" = IrfanView (remove only) "KLS Mail Backup_is1" = KLS Mail Backup 1.9.7.5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Micrografx Designer 7" = Micrografx Designer 7 "Micrografx Graphics Suite 2 Enterprise" = Micrografx Graphics Suite 2 Enterprise "Micrografx Picture Publisher 7" = Micrografx Picture Publisher 7 "Micrografx QuickVector" = Micrografx QuickVector "Micrografx Simply 3D 2" = Micrografx Simply 3D 2 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mortimer Beckett and the Time Paradox Deluxe" = Mortimer Beckett and the Time Paradox Deluxe "Movies" = Movies "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.46 "NVIDIA Drivers" = NVIDIA Drivers "Photomatix Basic_is1" = Photomatix Basic version 1.0 "Pixum Fotobuch" = Pixum Fotobuch "RealPlayer 12.0" = RealPlayer "Redirection Port Monitor" = RedMon - Redirection Port Monitor "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper "REST 2009_is1" = REST 2009 2.0.13 "Siege of Avalon Chapter 1+" = Siege of Avalon Chapter 1+ "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.7 "WildTangent hp Master Uninstall" = My HP Games "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "XMedia Recode" = XMedia Recode 2.2.2.9 "Xvid Video Codec 1.3.2" = Xvid Video Codec "Zattoo4" = Zattoo4 4.0.5 "Zylom Games Player Plugin" = Zylom Games Player Plugin ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Sansa Updater" = Sansa Updater "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31.07.2012 16:02:36 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x12dc, Anwendungsstartzeit 01cd6f576de02e91. Error - 01.08.2012 02:32:39 | Computer Name = Katharina-PC | Source = VSS | ID = 8194 Description = Error - 01.08.2012 13:51:02 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0xf78, Anwendungsstartzeit 01cd700e36c951e1. Error - 01.08.2012 13:52:02 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x1164, Anwendungsstartzeit 01cd700e5ab97441. Error - 01.08.2012 15:25:34 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x704, Anwendungsstartzeit 01cd701b6bdeff81. Error - 01.08.2012 15:28:25 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x14d0, Anwendungsstartzeit 01cd701bd0ee9481. Error - 01.08.2012 16:50:10 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x1078, Anwendungsstartzeit 01cd70273d4b640a. Error - 01.08.2012 17:08:11 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x103c, Anwendungsstartzeit 01cd7029c1fc0320. Error - 01.08.2012 17:08:11 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel 0x4549b0e1, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x17b4, Anwendungsstartzeit 01cd7029c1f74060. Error - 01.08.2012 17:30:40 | Computer Name = Katharina-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung nvcplui.exe, Version 3.9.731.0, Zeitstempel 0x4e991d0e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x006d8e70, Prozess-ID 0x12d4, Anwendungsstartzeit 01cd702cd2a7ce40. [ Media Center Events ] Error - 18.11.2009 15:36:54 | Computer Name = Katharina-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError returned 0D Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 31.07.2012 13:27:22 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 31.07.2012 13:46:25 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 31.07.2012 13:47:16 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7022 Description = Error - 31.07.2012 13:47:17 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7001 Description = Error - 01.08.2012 16:45:31 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.08.2012 16:58:04 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.08.2012 16:59:29 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7009 Description = Error - 01.08.2012 16:59:29 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 01.08.2012 17:03:22 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000 Description = Error - 02.08.2012 11:22:20 | Computer Name = Katharina-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Was muss ich denn nun weiter tun, um diese Quälgeister fern zu halten? Ganz ganz vielen Dank schon mal im Voraus! Grüßle vom Kaddda |
03.08.2012, 15:02 | #2 |
/// Helfer-Team | BKA Trojaner und noch mehr mit Malwarebytes gefundenFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) IE - HKLM\..\SearchScopes,DefaultScope = {DE0A07AA-BDB3-475C-AB03-039789E444B3} IE - HKLM\..\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=100474&mntrId=102e6be4000000000000001f3a45c694 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100474&mntrId=102e6be4000000000000001f3a45c694 IE - HKCU\..\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.de" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] [2012.07.31 15:26:27 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2009.09.18 21:46:40 | 000,027,715 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\nvModes.001 [2009.09.18 21:46:30 | 000,027,715 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\nvModes.dat @Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:A7DA2BCD @Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:AABCC5A7 @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:CAC06C34 @Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:4D46D04F @Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:6F2340BB @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:EE2DD6CC @Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:AD2DB2F9 @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:AEEC88F6 @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:46283136 @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1604D047 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:1D6B18F1 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:961B84C5 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:6E2D80C8 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:54380FEC @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:4244811A @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:2A874675 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:ED2D63E4 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:AABECEFB @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:63210866 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:466FA8C3 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3EC5BC08 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:23834E1E @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C10635F6 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:B097AC8A @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:79875988 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4C6F9D77 @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:3A7527E8 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:C7F08EA3 @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6EE8565A @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0EC7A545 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FAB64002 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:ED51D3ED @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8B4B9596 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:834DD57E @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:769BB147 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E7B4296D @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DC0B1070 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C178954A @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:AB3339EF @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9195103F @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:4D8FCBEF @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:27A88EF2 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:164561C8 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:BEA2EFEE @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:9FD757A9 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:479B1CF9 @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:386B39C3 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E9FAC3AB @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C76CFF82 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:58E38390 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:13019F4B @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D6D084A5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CBAF0C30 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A88BE334 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A0921B2C @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:88A44CC1 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:864881BF @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:69AF9D20 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2CB9631F @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0FE0A03C @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:041C0562 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:FFD58FFB @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A819A132 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5164A01F @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:4D551822 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3969ACF7 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:E6537A16 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:D4558A0B @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:C9B27A06 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:AA0017FD @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A5584049 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8BE7A048 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:041ED421 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:00D99749 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:DDF112BD @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B64F7263 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:553056F1 @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:2AE74FF9 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:B3196E8D @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:99B20AD0 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:94874C0A @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:943971F5 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:488F7244 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:474022C7 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:38FF076E @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:981456CB @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:6247E766 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:EDC744FB @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:DCA79AB3 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:BE0654D6 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A6D89509 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:9EE6560D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:737160C1 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:587F3582 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:4FA837B4 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2211E7A0 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:14B2E0BD @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:08E5EE32 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:E80802C7 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C2F24DB5 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C0893153 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:99AC3203 @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:3E200C29 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E5B07840 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7ADB695A @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4EC7F009 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:E6C6EB3B @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A8185163 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8855A119 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5CE91C67 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2652902F @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:0696EC8E @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:95079543 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:75798D9A @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5E73E1C2 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FB4262DE @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D3A89E47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:94B46CA2 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1B389835 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:F3EFA8A8 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:D9771F40 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:6F0B6A5A @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:56FBA78D @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2CED8825 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:E894A3ED @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:DBC3D477 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:A9223B61 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:774C075A @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:689AB7E9 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:569CEE83 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1B96CF22 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:1A15E356 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:BF640EE5 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B1786630 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A441D13F @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8204AA35 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:7E4E56EA @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:6B7447D4 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:627153F1 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4F7FE589 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:404908B5 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:B845F669 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:AAA06E15 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:A798AA1A @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:9BAC4211 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8AE92FD3 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:697DDE2B @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:51E66512 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:3DB6F365 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D31BE97C @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C22674B6 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:AFC732F7 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5520ED93 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:3B75B877 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:268BA8AB @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:EC0A74A1 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E6708F08 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E3615992 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:BE40C8A2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:B1381B34 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:A0CB43B2 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:71612023 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:397D67BA @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3086B95F @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:B0456F0C @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:59465B40 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:55818279 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:2B9555D8 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:14A1BBE3 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:0785072C @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B6E6C4EA @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A60D0FA6 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:40EE25BB @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:2D2461E7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:109734F6 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:F5B51004 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:98982C88 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:774A0E14 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:5C4A588B @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57176330 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:206470A5 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E2CFA9CD @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:C5DC2B0C @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:AECF4772 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:51F17BB8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5197985B @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:32FFF2D1 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:29F0CA7D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E5BA9ADD @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:E411AA0D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:DB2748F7 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:CF61CE5A @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A9ABA3FF @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A4E7D25F @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:A02025CE @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:3D36932D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:2AF322BF @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:26499772 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:1CB96B16 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:B139DDF3 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:0F0A5896 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:29861223 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:9491C9C7 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:93D985FC @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:EF0C5444 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:D055FC10 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CDCDE97C @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6378B6B8 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:C4A88D6B @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:BD34FFC5 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:AEBC40EC @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3E06C78F @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:124B94C0 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:57B2B96C @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:95198126 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:45912F61 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:A56D6987 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:2BC498A4 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:E690114B @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:5E9B629B @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:0ED4AC2F [2011.10.04 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Katharina\AppData\Roaming\Babylon [2012.07.30 18:07:47 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\UAs [2012.07.29 20:16:49 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\13001.031 [2012.07.29 20:16:07 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\xmldm [2012.07.29 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\kock [2012.07.29 20:16:19 | 000,000,034 | ---- | C] () -- C:\Users\Katharina\AppData\Roaming\blckdom.res [2012.08.02 20:45:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.02 20:04:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.02 17:21:09 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.30 16:16:43 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KATHARINA\APPDATA\ROAMING\14001.007 [2012.07.30 16:16:43 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\14001.007 [2012.07.30 16:16:32 | 000,006,400 | ---- | M] () -- C:\Users\Katharina\AppData\Roaming\BAcroIEHelpe178.dll :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
03.08.2012, 17:14 | #3 |
| BKA Trojaner und noch mehr mit Malwarebytes gefunden Hallo t'john,
__________________vielen vielen Dank für deine schnelle Hilfe!! OTL hat dieses Logfile ausgespuckt: Code:
ATTFilter All processes killed ========== OTL ========== Service SymIMMP stopped successfully! Service SymIMMP deleted successfully! File system32\DRIVERS\SymIM.sys not found. Service SANDRA stopped successfully! Service SANDRA deleted successfully! File C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys not found. Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File system32\DRIVERS\nwlnkfwd.sys not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File system32\DRIVERS\nwlnkflt.sys not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File system32\DRIVERS\ipinip.sys not found. Service blbdrive stopped successfully! Service blbdrive deleted successfully! File C:\Windows\system32\drivers\blbdrive.sys not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE0A07AA-BDB3-475C-AB03-039789E444B3}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{160DB79B-FE46-41D8-A2F7-3C3A5A247AAE}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DE0A07AA-BDB3-475C-AB03-039789E444B3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE0A07AA-BDB3-475C-AB03-039789E444B3}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: false removed from browser.search.update Prefs.js: "Google" removed from browser.search.defaultenginename Prefs.js: "Google" removed from browser.search.order.1 Prefs.js: "Google" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "hxxp://www.google.de" removed from browser.startup.homepage Prefs.js: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems Prefs.js: fdm_ffext@freedownloadmanager.org:1.3.4 removed from extensions.enabledItems Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 removed from extensions.enabledItems Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 removed from extensions.enabledItems Prefs.js: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724d43a9-0d85-11d4-9908-00400523e39a}\ deleted successfully. C:\Program Files\Siber Systems\AI RoboForm\roboform.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft &Excel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kuaiche.com\software\ deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. D:\AUTOMODE moved successfully. C:\ProgramData\ras_0oed.pad moved successfully. C:\Users\Katharina\AppData\Roaming\nvModes.001 moved successfully. C:\Users\Katharina\AppData\Roaming\nvModes.dat moved successfully. ADS C:\ProgramData\Temp:A7DA2BCD deleted successfully. ADS C:\ProgramData\Temp:AABCC5A7 deleted successfully. ADS C:\ProgramData\Temp:CAC06C34 deleted successfully. ADS C:\ProgramData\Temp:4D46D04F deleted successfully. ADS C:\ProgramData\Temp:6F2340BB deleted successfully. ADS C:\ProgramData\Temp:EE2DD6CC deleted successfully. ADS C:\ProgramData\Temp:AD2DB2F9 deleted successfully. ADS C:\ProgramData\Temp:AEEC88F6 deleted successfully. ADS C:\ProgramData\Temp:46283136 deleted successfully. ADS C:\ProgramData\Temp:1604D047 deleted successfully. ADS C:\ProgramData\Temp:1D6B18F1 deleted successfully. ADS C:\ProgramData\Temp:961B84C5 deleted successfully. ADS C:\ProgramData\Temp:6E2D80C8 deleted successfully. ADS C:\ProgramData\Temp:54380FEC deleted successfully. ADS C:\ProgramData\Temp:4244811A deleted successfully. ADS C:\ProgramData\Temp:2A874675 deleted successfully. ADS C:\ProgramData\Temp:ED2D63E4 deleted successfully. ADS C:\ProgramData\Temp:AABECEFB deleted successfully. ADS C:\ProgramData\Temp:63210866 deleted successfully. ADS C:\ProgramData\Temp:466FA8C3 deleted successfully. ADS C:\ProgramData\Temp:3EC5BC08 deleted successfully. ADS C:\ProgramData\Temp:23834E1E deleted successfully. ADS C:\ProgramData\Temp:C10635F6 deleted successfully. ADS C:\ProgramData\Temp:B097AC8A deleted successfully. ADS C:\ProgramData\Temp:79875988 deleted successfully. ADS C:\ProgramData\Temp:4C6F9D77 deleted successfully. ADS C:\ProgramData\Temp:3A7527E8 deleted successfully. ADS C:\ProgramData\Temp:C7F08EA3 deleted successfully. ADS C:\ProgramData\Temp:6EE8565A deleted successfully. ADS C:\ProgramData\Temp:0EC7A545 deleted successfully. ADS C:\ProgramData\Temp:FAB64002 deleted successfully. ADS C:\ProgramData\Temp:ED51D3ED deleted successfully. ADS C:\ProgramData\Temp:8B4B9596 deleted successfully. ADS C:\ProgramData\Temp:834DD57E deleted successfully. ADS C:\ProgramData\Temp:769BB147 deleted successfully. ADS C:\ProgramData\Temp:E7B4296D deleted successfully. ADS C:\ProgramData\Temp:DC0B1070 deleted successfully. ADS C:\ProgramData\Temp:C178954A deleted successfully. ADS C:\ProgramData\Temp:AB3339EF deleted successfully. ADS C:\ProgramData\Temp:9195103F deleted successfully. ADS C:\ProgramData\Temp:4D8FCBEF deleted successfully. ADS C:\ProgramData\Temp:27A88EF2 deleted successfully. ADS C:\ProgramData\Temp:164561C8 deleted successfully. ADS C:\ProgramData\Temp:BEA2EFEE deleted successfully. ADS C:\ProgramData\Temp:9FD757A9 deleted successfully. ADS C:\ProgramData\Temp:479B1CF9 deleted successfully. ADS C:\ProgramData\Temp:386B39C3 deleted successfully. ADS C:\ProgramData\Temp:E9FAC3AB deleted successfully. ADS C:\ProgramData\Temp:C76CFF82 deleted successfully. ADS C:\ProgramData\Temp:58E38390 deleted successfully. ADS C:\ProgramData\Temp:13019F4B deleted successfully. ADS C:\ProgramData\Temp:D6D084A5 deleted successfully. ADS C:\ProgramData\Temp:CBAF0C30 deleted successfully. ADS C:\ProgramData\Temp:A88BE334 deleted successfully. ADS C:\ProgramData\Temp:A0921B2C deleted successfully. ADS C:\ProgramData\Temp:88A44CC1 deleted successfully. ADS C:\ProgramData\Temp:864881BF deleted successfully. ADS C:\ProgramData\Temp:69AF9D20 deleted successfully. ADS C:\ProgramData\Temp:2CB9631F deleted successfully. ADS C:\ProgramData\Temp:0FE0A03C deleted successfully. ADS C:\ProgramData\Temp:041C0562 deleted successfully. ADS C:\ProgramData\Temp:FFD58FFB deleted successfully. ADS C:\ProgramData\Temp:A819A132 deleted successfully. ADS C:\ProgramData\Temp:5164A01F deleted successfully. ADS C:\ProgramData\Temp:4D551822 deleted successfully. ADS C:\ProgramData\Temp:3969ACF7 deleted successfully. ADS C:\ProgramData\Temp:E6537A16 deleted successfully. ADS C:\ProgramData\Temp:D4558A0B deleted successfully. ADS C:\ProgramData\Temp:C9B27A06 deleted successfully. ADS C:\ProgramData\Temp:AA0017FD deleted successfully. ADS C:\ProgramData\Temp:A5584049 deleted successfully. ADS C:\ProgramData\Temp:8BE7A048 deleted successfully. ADS C:\ProgramData\Temp:041ED421 deleted successfully. ADS C:\ProgramData\Temp:00D99749 deleted successfully. ADS C:\ProgramData\Temp:DDF112BD deleted successfully. ADS C:\ProgramData\Temp:B64F7263 deleted successfully. ADS C:\ProgramData\Temp:553056F1 deleted successfully. ADS C:\ProgramData\Temp:2AE74FF9 deleted successfully. ADS C:\ProgramData\Temp:B3196E8D deleted successfully. ADS C:\ProgramData\Temp:99B20AD0 deleted successfully. ADS C:\ProgramData\Temp:94874C0A deleted successfully. ADS C:\ProgramData\Temp:943971F5 deleted successfully. ADS C:\ProgramData\Temp:488F7244 deleted successfully. ADS C:\ProgramData\Temp:474022C7 deleted successfully. ADS C:\ProgramData\Temp:38FF076E deleted successfully. ADS C:\ProgramData\Temp:981456CB deleted successfully. ADS C:\ProgramData\Temp:6247E766 deleted successfully. ADS C:\ProgramData\Temp:EDC744FB deleted successfully. ADS C:\ProgramData\Temp:DCA79AB3 deleted successfully. ADS C:\ProgramData\Temp:BE0654D6 deleted successfully. ADS C:\ProgramData\Temp:A76A1B1B deleted successfully. ADS C:\ProgramData\Temp:A6D89509 deleted successfully. ADS C:\ProgramData\Temp:9EE6560D deleted successfully. ADS C:\ProgramData\Temp:737160C1 deleted successfully. ADS C:\ProgramData\Temp:587F3582 deleted successfully. ADS C:\ProgramData\Temp:4FA837B4 deleted successfully. ADS C:\ProgramData\Temp:2211E7A0 deleted successfully. ADS C:\ProgramData\Temp:14B2E0BD deleted successfully. ADS C:\ProgramData\Temp:08E5EE32 deleted successfully. ADS C:\ProgramData\Temp:E80802C7 deleted successfully. ADS C:\ProgramData\Temp:C2F24DB5 deleted successfully. ADS C:\ProgramData\Temp:C0893153 deleted successfully. ADS C:\ProgramData\Temp:99AC3203 deleted successfully. ADS C:\ProgramData\Temp:3E200C29 deleted successfully. ADS C:\ProgramData\Temp:E5B07840 deleted successfully. ADS C:\ProgramData\Temp:7ADB695A deleted successfully. ADS C:\ProgramData\Temp:4EC7F009 deleted successfully. ADS C:\ProgramData\Temp:E6C6EB3B deleted successfully. ADS C:\ProgramData\Temp:A8185163 deleted successfully. ADS C:\ProgramData\Temp:8855A119 deleted successfully. ADS C:\ProgramData\Temp:5CE91C67 deleted successfully. ADS C:\ProgramData\Temp:2652902F deleted successfully. ADS C:\ProgramData\Temp:0696EC8E deleted successfully. ADS C:\ProgramData\Temp:95079543 deleted successfully. ADS C:\ProgramData\Temp:75798D9A deleted successfully. ADS C:\ProgramData\Temp:5E73E1C2 deleted successfully. ADS C:\ProgramData\Temp:FB4262DE deleted successfully. ADS C:\ProgramData\Temp:D3A89E47 deleted successfully. ADS C:\ProgramData\Temp:94B46CA2 deleted successfully. ADS C:\ProgramData\Temp:1B389835 deleted successfully. ADS C:\ProgramData\Temp:F3EFA8A8 deleted successfully. ADS C:\ProgramData\Temp:D9771F40 deleted successfully. ADS C:\ProgramData\Temp:6F0B6A5A deleted successfully. ADS C:\ProgramData\Temp:56FBA78D deleted successfully. ADS C:\ProgramData\Temp:2CED8825 deleted successfully. ADS C:\ProgramData\Temp:E894A3ED deleted successfully. ADS C:\ProgramData\Temp:DBC3D477 deleted successfully. ADS C:\ProgramData\Temp:A9223B61 deleted successfully. ADS C:\ProgramData\Temp:774C075A deleted successfully. ADS C:\ProgramData\Temp:689AB7E9 deleted successfully. ADS C:\ProgramData\Temp:569CEE83 deleted successfully. ADS C:\ProgramData\Temp:1B96CF22 deleted successfully. ADS C:\ProgramData\Temp:1A15E356 deleted successfully. ADS C:\ProgramData\Temp:BF640EE5 deleted successfully. ADS C:\ProgramData\Temp:B1786630 deleted successfully. ADS C:\ProgramData\Temp:A4AF8D0D deleted successfully. ADS C:\ProgramData\Temp:A441D13F deleted successfully. ADS C:\ProgramData\Temp:8204AA35 deleted successfully. ADS C:\ProgramData\Temp:7E4E56EA deleted successfully. ADS C:\ProgramData\Temp:6B7447D4 deleted successfully. ADS C:\ProgramData\Temp:627153F1 deleted successfully. ADS C:\ProgramData\Temp:4F7FE589 deleted successfully. ADS C:\ProgramData\Temp:404908B5 deleted successfully. ADS C:\ProgramData\Temp:B845F669 deleted successfully. ADS C:\ProgramData\Temp:AAA06E15 deleted successfully. ADS C:\ProgramData\Temp:A798AA1A deleted successfully. ADS C:\ProgramData\Temp:9BAC4211 deleted successfully. ADS C:\ProgramData\Temp:8AE92FD3 deleted successfully. ADS C:\ProgramData\Temp:697DDE2B deleted successfully. ADS C:\ProgramData\Temp:51E66512 deleted successfully. ADS C:\ProgramData\Temp:3DB6F365 deleted successfully. ADS C:\ProgramData\Temp:D31BE97C deleted successfully. ADS C:\ProgramData\Temp:C22674B6 deleted successfully. ADS C:\ProgramData\Temp:AFC732F7 deleted successfully. ADS C:\ProgramData\Temp:5520ED93 deleted successfully. ADS C:\ProgramData\Temp:3B75B877 deleted successfully. ADS C:\ProgramData\Temp:268BA8AB deleted successfully. ADS C:\ProgramData\Temp:EC0A74A1 deleted successfully. ADS C:\ProgramData\Temp:E6708F08 deleted successfully. ADS C:\ProgramData\Temp:E3615992 deleted successfully. ADS C:\ProgramData\Temp:BE40C8A2 deleted successfully. ADS C:\ProgramData\Temp:B1381B34 deleted successfully. ADS C:\ProgramData\Temp:A0CB43B2 deleted successfully. ADS C:\ProgramData\Temp:71612023 deleted successfully. ADS C:\ProgramData\Temp:397D67BA deleted successfully. ADS C:\ProgramData\Temp:3086B95F deleted successfully. ADS C:\ProgramData\Temp:B0456F0C deleted successfully. ADS C:\ProgramData\Temp:59465B40 deleted successfully. ADS C:\ProgramData\Temp:55818279 deleted successfully. ADS C:\ProgramData\Temp:2B9555D8 deleted successfully. ADS C:\ProgramData\Temp:14A1BBE3 deleted successfully. ADS C:\ProgramData\Temp:0785072C deleted successfully. ADS C:\ProgramData\Temp:B6E6C4EA deleted successfully. ADS C:\ProgramData\Temp:A60D0FA6 deleted successfully. ADS C:\ProgramData\Temp:40EE25BB deleted successfully. ADS C:\ProgramData\Temp:2D2461E7 deleted successfully. ADS C:\ProgramData\Temp:109734F6 deleted successfully. ADS C:\ProgramData\Temp:F5B51004 deleted successfully. ADS C:\ProgramData\Temp:98982C88 deleted successfully. ADS C:\ProgramData\Temp:774A0E14 deleted successfully. ADS C:\ProgramData\Temp:5C4A588B deleted successfully. ADS C:\ProgramData\Temp:57176330 deleted successfully. ADS C:\ProgramData\Temp:206470A5 deleted successfully. ADS C:\ProgramData\Temp:E2CFA9CD deleted successfully. ADS C:\ProgramData\Temp:C5DC2B0C deleted successfully. ADS C:\ProgramData\Temp:AECF4772 deleted successfully. ADS C:\ProgramData\Temp:51F17BB8 deleted successfully. ADS C:\ProgramData\Temp:5197985B deleted successfully. ADS C:\ProgramData\Temp:32FFF2D1 deleted successfully. ADS C:\ProgramData\Temp:29F0CA7D deleted successfully. ADS C:\ProgramData\Temp:E5BA9ADD deleted successfully. ADS C:\ProgramData\Temp:E411AA0D deleted successfully. ADS C:\ProgramData\Temp:DB2748F7 deleted successfully. ADS C:\ProgramData\Temp:CF61CE5A deleted successfully. ADS C:\ProgramData\Temp:A9ABA3FF deleted successfully. ADS C:\ProgramData\Temp:A4E7D25F deleted successfully. ADS C:\ProgramData\Temp:A02025CE deleted successfully. ADS C:\ProgramData\Temp:3D36932D deleted successfully. ADS C:\ProgramData\Temp:2AF322BF deleted successfully. ADS C:\ProgramData\Temp:26499772 deleted successfully. ADS C:\ProgramData\Temp:1CB96B16 deleted successfully. ADS C:\ProgramData\Temp:B139DDF3 deleted successfully. ADS C:\ProgramData\Temp:0F0A5896 deleted successfully. ADS C:\ProgramData\Temp:29861223 deleted successfully. ADS C:\ProgramData\Temp:9491C9C7 deleted successfully. ADS C:\ProgramData\Temp:93D985FC deleted successfully. ADS C:\ProgramData\Temp:EF0C5444 deleted successfully. ADS C:\ProgramData\Temp:D055FC10 deleted successfully. ADS C:\ProgramData\Temp:CDCDE97C deleted successfully. ADS C:\ProgramData\Temp:6378B6B8 deleted successfully. ADS C:\ProgramData\Temp:C4A88D6B deleted successfully. ADS C:\ProgramData\Temp:BD34FFC5 deleted successfully. ADS C:\ProgramData\Temp:AEBC40EC deleted successfully. ADS C:\ProgramData\Temp:3E06C78F deleted successfully. ADS C:\ProgramData\Temp:124B94C0 deleted successfully. ADS C:\ProgramData\Temp:57B2B96C deleted successfully. ADS C:\ProgramData\Temp:95198126 deleted successfully. ADS C:\ProgramData\Temp:45912F61 deleted successfully. ADS C:\ProgramData\Temp:A56D6987 deleted successfully. ADS C:\ProgramData\Temp:2BC498A4 deleted successfully. ADS C:\ProgramData\Temp:E690114B deleted successfully. ADS C:\ProgramData\Temp:5E9B629B deleted successfully. ADS C:\ProgramData\Temp:0ED4AC2F deleted successfully. C:\Users\Katharina\AppData\Roaming\Babylon folder moved successfully. C:\Users\Katharina\AppData\Roaming\UAs folder moved successfully. C:\Users\Katharina\AppData\Roaming\13001.031\components folder moved successfully. C:\Users\Katharina\AppData\Roaming\13001.031 folder moved successfully. C:\Users\Katharina\AppData\Roaming\xmldm folder moved successfully. C:\Users\Katharina\AppData\Roaming\kock folder moved successfully. C:\Users\Katharina\AppData\Roaming\blckdom.res moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully. C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job moved successfully. C:\USERS\KATHARINA\APPDATA\ROAMING\14001.007\components folder moved successfully. C:\USERS\KATHARINA\APPDATA\ROAMING\14001.007 folder moved successfully. Folder C:\Users\Katharina\AppData\Roaming\14001.007\ not found. C:\Users\Katharina\AppData\Roaming\BAcroIEHelpe178.dll moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Katharina\Desktop\cmd.bat deleted successfully. C:\Users\Katharina\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Katharina ->Temp folder emptied: 5236619323 bytes ->Temporary Internet Files folder emptied: 166983056 bytes ->Java cache emptied: 34319976 bytes ->FireFox cache emptied: 55207255 bytes ->Flash cache emptied: 599 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 290112 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 46814012 bytes RecycleBin emptied: 66302663 bytes Total Files Cleaned = 5.347,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Katharina ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.55.0 log created on 08032012_173158 Files\Folders moved on Reboot... C:\Users\Katharina\AppData\Local\Temp\ehmsas.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Katharina\AppData\Local\Temp\ehmsas.txt not found! Registry entries deleted on Reboot... Mir macht es ja Angst, wie unbemerkt ich mir da einiges eingefangen habe. Avira und Konsorten haben ja nix bemerkt. Gibt's eine eierlegende Wollmilchsau, damit das nicht mehr passiert? Grüßle und tausend Dank! Kaddda |
03.08.2012, 17:28 | #4 |
/// Helfer-Team | BKA Trojaner und noch mehr mit Malwarebytes gefunden Sehr gut! Online kannst du gehen, aber noch nicht rumsurfen. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
04.08.2012, 09:51 | #5 |
| BKA Trojaner und noch mehr mit Malwarebytes gefunden Moin t'john, Malwarebytes hat noch 5 Dateien gefunden, die ich Blödi vorher fürs Löschen nicht aktiv markiert hatte. Ist mir entgangen. Entschuldige. Ich hoffe das ist nicht so schlimm und macht die ganze Arbeit nicht umsonst. Jetzt sind sie auf alle Fälle in die Quarantäne gewandert. Logfile von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.03.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Katharina :: KATHARINA-PC [Administrator] 03.08.2012 22:55:51 mbam-log-2012-08-03 (22-55-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 514554 Laufzeit: 2 Stunde(n), 58 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Downloads\Software\SoftonicDownloader_fuer_art-of-illusion.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Downloads\Software\SoftonicDownloader_fuer_cdburnerxp-pro.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Downloads\Software\SoftonicDownloader_fuer_cdrtfe.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Downloads\Software\SoftonicDownloader_fuer_deepburner.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Downloads\Software\SoftonicDownloader_fuer_google-sketchup.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/04/2012 at 10:36:34 # Updated 01/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : Katharina - KATHARINA-PC # Running from : C:\Users\Katharina\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\Katharina\AppData\Local\Babylon Folder Found : C:\Users\Katharina\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\Katharina\AppData\LocalLow\Conduit Folder Found : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\Conduit Folder Found : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\ConduitEngine Folder Found : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\CT2269050 Folder Found : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Folder Found : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\engine@conduit.com Folder Found : C:\ProgramData\Babylon Folder Found : C:\Program Files\BabylonToolbar Folder Found : C:\Program Files\Conduit File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\BabylonToolbar Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\BabylonToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\b Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Key Found : HKLM\SOFTWARE\Wise Solutions ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\prefs.js Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.EngineHiddenByUser", true); Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Found : user_pref("CommunityToolbar.IsEngineShown", false); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 15 2011 19:25:51 GMT+02[...] Found : user_pref("CommunityToolbar.alert.alertEnabled", false); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Apr 01 2011 19:20:34 GMT+0200"); Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 15:27:18 GMT+0200"); Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "5c23ab9c-50a7-4553-a3f2-ab88cd4446b0"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 14 2011 23:15:54 GMT+0200"); Found : user_pref("ConduitEngine.CTID", "ConduitEngine"); Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Found : user_pref("ConduitEngine.FirstServerDate", "03/31/2011 00"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstalledDate", "Wed Mar 30 2011 23:15:42 GMT+0200"); Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", true); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Apr 30 2011 22:24:10 GMT+0200"); Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Found : user_pref("ConduitEngine.UserID", "UN95138959742640564"); Found : user_pref("ConduitEngine.approveUntrustedApps", true); Found : user_pref("ConduitEngine.componentAlertEnabled", false); Found : user_pref("ConduitEngine.engineLocale", "de"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Found : user_pref("ConduitEngine.initDone", true); Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Found : user_pref("ConduitEngine.isDetectionEnabled", false); Found : user_pref("ConduitEngine.usageEnabled", false); Found : user_pref("ConduitEngine.usagesFlag", 2); Found : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=100474"); Found : user_pref("extensions.BabylonToolbar.bbDpng", 5); Found : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Found : user_pref("extensions.BabylonToolbar.dfltSrch", true); Found : user_pref("extensions.BabylonToolbar.hmpg", true); Found : user_pref("extensions.BabylonToolbar.id", "102e6be4000000000000001f3a45c694"); Found : user_pref("extensions.BabylonToolbar.instlDay", "15251"); Found : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...] Found : user_pref("extensions.BabylonToolbar.lastDP", 5); Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1020:31:23"); Found : user_pref("extensions.BabylonToolbar.newTab", true); Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar.ptch_0717", true); Found : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)"); Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); Found : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10"); Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1020:31:23"); ************************* AdwCleaner[R1].txt - [12596 octets] - [04/08/2012 09:52:47] AdwCleaner[R2].txt - [12550 octets] - [04/08/2012 10:36:34] ########## EOF - C:\AdwCleaner[R2].txt - [12679 octets] ########## Wie immer vielen lieben Dank Kaddda |
04.08.2012, 15:02 | #6 |
/// Helfer-Team | BKA Trojaner und noch mehr mit Malwarebytes gefunden Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> BKA Trojaner und noch mehr mit Malwarebytes gefunden |
05.08.2012, 20:43 | #7 |
| BKA Trojaner und noch mehr mit Malwarebytes gefunden Hi t'john, Adwcleaner hat folgendes nach dem Löschen angezeigt: Code:
ATTFilter # AdwCleaner v1.800 - Logfile created 08/04/2012 at 20:07:25 # Updated 01/08/2012 by Xplode # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # User : Katharina - KATHARINA-PC # Running from : C:\Users\Katharina\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\Katharina\AppData\Local\Babylon Folder Deleted : C:\Users\Katharina\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\Katharina\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\Conduit Folder Deleted : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\ConduitEngine Folder Deleted : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\CT2269050 Folder Deleted : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} Folder Deleted : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\extensions\engine@conduit.com Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Program Files\BabylonToolbar Folder Deleted : C:\Program Files\Conduit File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Key Deleted : HKLM\SOFTWARE\Wise Solutions ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\prefs.js C:\Users\Katharina\AppData\Roaming\Mozilla\Firefox\Profiles\hk9q3kg1.default\user.js ... Deleted ! Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true); Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.IsEngineShown", false); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 15 2011 19:25:51 GMT+02[...] Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Apr 01 2011 19:20:34 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 15:27:18 GMT+0200"); Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "5c23ab9c-50a7-4553-a3f2-ab88cd4446b0"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 14 2011 23:15:54 GMT+0200"); Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine"); Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Deleted : user_pref("ConduitEngine.FirstServerDate", "03/31/2011 00"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Mar 30 2011 23:15:42 GMT+0200"); Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Apr 30 2011 22:24:10 GMT+0200"); Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Deleted : user_pref("ConduitEngine.UserID", "UN95138959742640564"); Deleted : user_pref("ConduitEngine.approveUntrustedApps", true); Deleted : user_pref("ConduitEngine.componentAlertEnabled", false); Deleted : user_pref("ConduitEngine.engineLocale", "de"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Apr 30 2011 22:24:10 GMT+0200"); Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Deleted : user_pref("ConduitEngine.isDetectionEnabled", false); Deleted : user_pref("ConduitEngine.usageEnabled", false); Deleted : user_pref("ConduitEngine.usagesFlag", 2); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=100474"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 5); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true); Deleted : user_pref("extensions.BabylonToolbar.hmpg", true); Deleted : user_pref("extensions.BabylonToolbar.id", "102e6be4000000000000001f3a45c694"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15251"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...] Deleted : user_pref("extensions.BabylonToolbar.lastDP", 5); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1020:31:23"); Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10"); Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1020:31:23"); ************************* AdwCleaner[R1].txt - [12596 octets] - [04/08/2012 09:52:47] AdwCleaner[R2].txt - [12681 octets] - [04/08/2012 10:36:34] AdwCleaner[R3].txt - [12742 octets] - [04/08/2012 10:46:26] AdwCleaner[S1].txt - [13086 octets] - [04/08/2012 20:07:25] ########## EOF - C:\AdwCleaner[S1].txt - [13215 octets] ########## Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6 Letztes Update: 04.08.2012 20:30:20 Scan Einstellungen: Scan Methode: Detail Scan Objekte: Rootkits, Speicher, Traces, C:\, D:\ Archiv Scan: An ADS Scan: An Scan Beginn: 04.08.2012 20:31:04 Key: hkey_local_machine\software\trymedia systems gefunden: Trace.Registry.trymedia!E1 Key: hkey_local_machine\software\trymedia systems\activemark software gefunden: Trace.Registry.trymedia!E1 C:\Program Files\SAS\SASFoundation\9.2\core\sasext\sqldmdb.dll gefunden: Malware.Win32.AMN!E1 C:\Program Files\SAS\SASFoundation\9.2\access\sasexe\sasiowk4.dll gefunden: Malware.Win32.AMN!E1 Gescannt 788501 Gefunden 4 Scan Ende: 04.08.2012 23:47:49 Scan Zeit: 3:16:45 SAS ist ein Programm, das ich ganz legal von der Universität habe und nicht gedownloaded wurde und auch keine Updates hatte. Kann das ein Fehlalarm sein? Ganz lieben Dank und viele Grüße Kaddda |
06.08.2012, 02:46 | #8 |
/// Helfer-Team | BKA Trojaner und noch mehr mit Malwarebytes gefunden Ja, das ist ein Fehlalarm. Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
06.08.2012, 13:28 | #9 |
| BKA Trojaner und noch mehr mit Malwarebytes gefunden Hallo t'john, ESET log: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=513a03e0664abd4ea9c56a36443b62e7 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-06 12:18:28 # local_time=2012-08-06 02:18:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 24609991 24609991 0 0 # compatibility_mode=5892 16776573 100 100 873 181773940 0 0 # compatibility_mode=8192 67108863 100 0 143 143 0 0 # scanned=314160 # found=3 # cleaned=3 # scan_time=14295 C:\_OTL\MovedFiles\08032012_173158\C_Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\08032012_173158\C_Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\08032012_173158\C_Users\Katharina\AppData\Roaming\14001.007\components\AcroFF007.dll a variant of Win32/Spy.Banker.YCR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Lieber Gruß und zum 100. Mal Danke! Kaddda |
06.08.2012, 14:07 | #10 |
/// Helfer-Team | BKA Trojaner und noch mehr mit Malwarebytes gefunden Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html |
06.08.2012, 16:09 | #11 |
| BKA Trojaner und noch mehr mit Malwarebytes gefunden Hi t'john! Java ist aktualisiert und die Einstellungen geändert. Gibt's noch weitere Schritte? Lieber Gruß vom Kaddda |
06.08.2012, 17:06 | #12 |
/// Helfer-Team | BKA Trojaner und noch mehr mit Malwarebytes gefundenBitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. |
06.08.2012, 21:03 | #13 |
| BKA Trojaner und noch mehr mit Malwarebytes gefunden Hallo t'john, guggst du: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.06.11 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Katharina :: KATHARINA-PC [Administrator] 06.08.2012 18:40:55 mbam-log-2012-08-06 (18-40-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 515393 Laufzeit: 3 Stunde(n), 18 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Liebe Grüße Kaddda |
07.08.2012, 13:40 | #14 |
/// Helfer-Team | BKA Trojaner und noch mehr mit Malwarebytes gefunden Sehr gut! damit bist Du sauber und entlassen! Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html |
08.08.2012, 22:05 | #15 |
| BKA Trojaner und noch mehr mit Malwarebytes gefunden Hi t'john, ei wie schön, dass ich meinen Compi wieder für mich habe . Ich befolge nun brav deine Tipps, damit das auch so bleibt. Ich habe noch eine kleine Frage. Seit dem Trojaner habe ich festgestellt, dass meine 1TB externen Festplatten nicht mehr erkannt werden, bzw. nur noch als USB-Massenspeicher im Geräte-Manager geführt werden. Andere Computer erkennen sie. An den Festplatten liegt es definitiv nicht. Mit anderen USB-Geräte gibt es keine Probleme. Alle Versuche mit Treiber aktualisieren, infcache.1-Datei löschen, USB-Controller deinstallieren/installieren und andere von Foren vorgeschlagenes hilft nicht. Ich sehe im Explorer noch Änderungen in Treiber-Ordner (C:\WINDOWS\System32\DriverStore\FileRepository), die auf das Trojaner-Einfall-Datum passen. Hast du davon schon gehört, dass mit dem BKA-Trokaner USB-Probleme auftreten? Irgendwie sieht es für mich so aus, als würde damit verhindert, dass man sich seine Daten sichern kann. Ich danke dir für die ganze Hilfe und hoffe, dass ich sobald nicht wieder in einen Trojaner reinlaufe. Viele liebe Grüße Kaddda |
Themen zu BKA Trojaner und noch mehr mit Malwarebytes gefunden |
antivir, avira, babylon toolbar, babylontoolbar, bho, bonjour, browser, converter, ctfmon.lnk, deo0_sar.exe, desktop, entfernen, error, excel, failed, firefox, flash player, free download, google earth, home, install.exe, intranet, launch, logfile, microsoft office 2003, mp3, nicht sicher, nvidia update, office 2007, plug-in, programm, riskware.tinype.gen, scan, security, sekunden, senden, software, svchost.exe, trojaner, usb 3.0, vista |