![]() |
|
Plagegeister aller Art und deren Bekämpfung: Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) Hallo zusammen ![]() Gestern drehte mein avast Antivirus durch und meldete mir im gefühlten Sekundentakt blockierte Trojaner und Malware (Win32:Malware-gen und Win32:Troj-gen). Habe daraufhin avast einmal komplett drüberlaufen lassen und Malware Antbytes aktiviert (kp wann oder warum ich das deaktiviert hatte -.- ), mit dem Ergebnis, dass zwei Viren erkannt wurden, welche ich gelöscht habe. Damit hörte das Problem aber nicht auf, im Gegenteil, Malware meldete mir nun auch noch, dass es Zugriffe auf gefährliche Websites blockiere und nachdem ich mich ein bisschen mit google informiert hatte, habe ich mir von Kaspersky den TDSS (?)-Remover runtergeladen. Habe auch das zweimal laufen lassen mit anschließender Löschung von zwei Infektionen und danach gaben Malware und Avast Ruhe. Habe dann gestern Nacht noch einmal mit Malware den ganzen PC komplett gescannt, der noch drei Bedrohungen fand, die ich auch gelöscht habe. PC zeigte und zeigt keinerlei Anzeichen für einen Befall, läuft sauber und genauso schnell wie immer. Adware öffnet sich auch nicht. Will aber trotzdem auf Nummer sicher gehen, und nochmal ordentlich "durchputzen", dafür fehlt mir jedoch das nötige Know-How und hoffe, dass mich hier freundlicherweise jemand an die Hand nimmt und mir hilft ![]() OTL logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.08.2012 09:27:11 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,04% Memory free 3,46 Gb Paging File | 2,52 Gb Available in Paging File | 72,74% Paging File free Paging file location(s): c:\pagefile.sys 3067 12000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,78 Gb Total Space | 1,49 Gb Free Space | 0,67% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,33% Space Free | Partition Type: NTFS Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.15 09:26:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.15 11:41:33 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.05.29 16:55:56 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.05.11 05:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2006.11.05 13:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe PRC - [2006.11.05 12:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe ========== Modules (No Company Name) ========== MOD - [2007.05.11 05:08:40 | 003,076,096 | ---- | M] () -- c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU MOD - [2007.05.11 04:55:44 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU MOD - [2007.05.11 04:54:28 | 000,036,864 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU MOD - [2007.05.11 04:54:20 | 000,026,112 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu MOD - [2007.05.11 04:54:02 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU MOD - [2007.05.11 04:53:52 | 000,974,848 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU MOD - [2007.05.11 04:53:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU MOD - [2007.05.11 04:53:22 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU MOD - [2007.05.11 04:52:58 | 000,159,744 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU MOD - [2007.05.11 04:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU MOD - [2007.05.11 04:52:02 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu MOD - [2007.05.11 04:52:02 | 000,006,656 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU MOD - [2007.05.11 04:51:42 | 000,221,184 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU MOD - [2007.05.11 04:51:38 | 001,224,704 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU MOD - [2007.05.11 04:51:24 | 000,192,512 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU MOD - [2007.05.11 04:50:30 | 000,811,008 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU MOD - [2007.05.11 04:50:04 | 000,077,824 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU MOD - [2007.04.04 15:05:56 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2007.01.13 05:01:28 | 000,475,136 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll MOD - [2007.01.13 05:01:28 | 000,397,312 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll MOD - [2006.11.05 12:58:44 | 000,516,096 | ---- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll MOD - [2006.11.05 12:28:18 | 004,587,520 | R--- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll MOD - [2006.10.23 03:34:44 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU MOD - [2006.10.23 03:33:38 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU MOD - [2006.10.23 03:33:02 | 000,008,192 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU MOD - [2006.10.23 03:32:30 | 000,011,264 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU MOD - [2006.10.23 03:31:30 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu MOD - [2006.10.23 03:30:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter -- (sprtsvc_dellsupportcenter) SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.05.31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\pxldapod.sys -- (pxldapod) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\6537.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\inyafakj.sys -- (inyafakj) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.04.04 15:05:54 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool) DRV - [2006.10.10 08:54:34 | 000,138,240 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcd.sys -- (Nokia USB Phone Parent) DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcj.sys -- (Nokia USB Port) DRV - [2006.10.10 08:54:32 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdcm.sys -- (Nokia USB Modem) DRV - [2006.10.10 08:54:32 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdc.sys -- (Nokia USB Generic) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3071221 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1456 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.14.1 FF - prefs.js..extensions.enabledItems: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.07.09 21:21:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.15 11:46:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.15 11:45:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.15 11:48:21 | 000,000,000 | ---D | M] [2008.11.08 21:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Extensions [2012.07.27 10:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions [2011.06.22 22:30:55 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.11.21 09:31:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.26 23:02:36 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.02 00:53:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Paul\AppData\Roaming\mozilla\Firefox\Profiles\v13il3tt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.16 18:10:28 | 000,002,354 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\v13il3tt.default\searchplugins\aol-web-search.xml [2011.07.27 20:19:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.09 21:21:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [2012.08.12 01:05:19 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.15 11:46:38 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.06.15 11:42:37 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.01.01 16:58:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp;jsessionid=F9C9205408D9F59EAA745678E7F76607.icc_euro?RT=1337443640288" File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6493CB48-7F85-46D7-AE1F-8F60556E23B4}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA9BFC4-8DE8-4444-8520-41FCAFD46533}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\AutoRun\command - "" = gjn2pjlw.exe O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\explore\Command - "" = gjn2pjlw.exe O33 - MountPoints2\{22372fc1-9398-11dd-a7c8-001d097750a6}\Shell\open\Command - "" = gjn2pjlw.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.15 09:26:50 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe [2012.08.15 08:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.08.15 08:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.08.14 23:11:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.08.12 01:05:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.08.12 01:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.08.04 17:13:53 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Unis Bewerbungen [2010.03.26 07:48:53 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Paul\mbam-setup.exe [2010.03.26 00:48:02 | 058,172,520 | ---- | C] (Kaspersky Lab) -- C:\Users\Paul\kav9.0.0.459DE.exe [2010.03.26 00:38:52 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Paul\HJTInstall.exe [2010.03.26 00:20:04 | 009,823,176 | ---- | C] (Microsoft Corporation) -- C:\Users\Paul\windows-kb890830-v3.5.exe [2009.10.15 17:11:07 | 021,128,536 | ---- | C] (DivX, Inc.) -- C:\Users\Paul\DivXInstaller72.exe [2009.08.27 20:20:30 | 001,875,076 | ---- | C] (Password Recovery Magic Studio Ltd. ) -- C:\Users\Paul\RAR-Password-Recovery-Magic.exe [2009.07.01 14:39:57 | 077,690,152 | ---- | C] (Apple Inc.) -- C:\Users\Paul\iTunesSetup.exe [2007.12.29 19:21:46 | 044,575,761 | ---- | C] (Phenomedia AG ) -- C:\Program Files\Setup_Moorhuhn_Kart_XL.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.15 09:26:53 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe [2012.08.15 09:26:16 | 000,000,000 | ---- | M] () -- C:\Users\Paul\defogger_reenable [2012.08.15 09:08:02 | 000,087,360 | ---- | M] () -- C:\Users\Paul\Desktop\gmer.wmv [2012.08.15 09:08:02 | 000,061,440 | ---- | M] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.15 08:59:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 08:59:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 08:59:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.15 08:40:58 | 000,278,161 | ---- | M] () -- C:\Users\Paul\Desktop\gmer1015.zip [2012.08.15 08:30:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.08.14 22:36:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.13 16:02:58 | 000,308,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.13 16:02:58 | 000,210,908 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.13 16:02:58 | 000,061,620 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.13 16:02:58 | 000,038,804 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.12 01:04:15 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.09 12:55:36 | 000,002,912 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.15 09:26:16 | 000,000,000 | ---- | C] () -- C:\Users\Paul\defogger_reenable [2012.08.15 09:08:00 | 000,087,360 | ---- | C] () -- C:\Users\Paul\Desktop\gmer.wmv [2012.08.15 08:40:58 | 000,278,161 | ---- | C] () -- C:\Users\Paul\Desktop\gmer1015.zip [2012.08.14 22:36:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.12 01:04:15 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2011.01.18 13:50:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.01.18 13:50:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.01.18 13:49:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.01.02 17:41:30 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.01.02 17:41:26 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2011.01.02 17:41:26 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.01.02 17:41:26 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.01.02 17:41:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.01.02 17:32:27 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat [2010.08.25 11:15:06 | 000,221,584 | ---- | C] () -- C:\Users\Paul\controller.pdf [2010.08.08 18:49:20 | 077,796,050 | ---- | C] () -- C:\Users\Paul\gameskeebrake.zip [2010.07.11 10:14:25 | 003,364,153 | ---- | C] () -- C:\Users\Paul\Upside_(feat._Michelle_Breeze).mp3 [2010.06.02 01:34:57 | 057,817,611 | ---- | C] () -- C:\Users\Paul\Kano_-_Kano_Mixtape.rar [2010.06.02 00:28:59 | 068,414,451 | ---- | C] () -- C:\Users\Paul\Kano_-_Beats_And_Bars__2005___www.beatboxradioshow.blogspot.com_.rar [2010.06.01 23:48:36 | 056,687,361 | ---- | C] () -- C:\Users\Paul\Kano-Beats_&_Bars_(2005).zip [2010.05.29 17:19:04 | 010,871,495 | ---- | C] () -- C:\Users\Paul\Usher_-_OMG_(Feat._Will.I.Am).mp3 [2010.05.13 12:46:05 | 006,469,101 | ---- | C] () -- C:\Users\Paul\Justin_Timberlake_-_Rock_Your_Body.mp3 [2010.05.13 12:25:33 | 003,966,046 | ---- | C] () -- C:\Users\Paul\three 6 mafia feat. tiesto, sean kingston & flo rida - feel it.mp3.mp3 [2010.05.13 12:17:21 | 007,670,478 | ---- | C] () -- C:\Users\Paul\10__Dizzee_Rascal_-_Holiday_[Ft._Chrome].mp3 [2010.05.08 19:26:30 | 007,946,244 | ---- | C] () -- C:\Users\Paul\Surkin_-_Radio_Fireworks_(Riot_In_Belgium_Second_Remix).mp3 [2010.05.08 18:56:11 | 004,235,328 | ---- | C] () -- C:\Users\Paul\Bob_Marley_Vs._Funkstar_Deluxe_-_Sun_Is_Shining.mp3 [2010.04.04 21:44:24 | 000,017,089 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\UserTile.png [2010.03.25 23:55:29 | 004,103,298 | ---- | C] () -- C:\Users\Paul\cleanvirusmsn.zip [2010.03.19 18:00:00 | 008,655,505 | ---- | C] () -- C:\Users\Paul\11 Pursuit Of Happiness.mp3 [2010.03.19 18:00:00 | 008,035,880 | ---- | C] () -- C:\Users\Paul\08 Back Home.mp3 [2010.03.19 18:00:00 | 005,467,521 | ---- | C] () -- C:\Users\Paul\09 Kinda Like A Big Deal (KA Freestyle).mp3 [2010.03.19 18:00:00 | 005,063,145 | ---- | C] () -- C:\Users\Paul\10 Kano In The House (Pon De Floor).mp3 [2010.03.19 17:59:59 | 007,281,464 | ---- | C] () -- C:\Users\Paul\07 Chip Roll, Sausage In Batter.mp3 [2010.03.19 17:59:58 | 009,437,088 | ---- | C] () -- C:\Users\Paul\05 Game Over.mp3 [2010.03.19 17:59:58 | 008,561,464 | ---- | C] () -- C:\Users\Paul\04 Pass Out (KA Freestyle).mp3 [2010.03.19 17:59:58 | 007,593,888 | ---- | C] () -- C:\Users\Paul\03 Track Burglar.mp3 [2010.03.19 17:59:58 | 006,496,745 | ---- | C] () -- C:\Users\Paul\06 Rude Boy.mp3 [2010.03.19 17:59:57 | 008,962,705 | ---- | C] () -- C:\Users\Paul\02 You Are Young.mp3 [2010.03.19 17:59:57 | 000,806,231 | ---- | C] () -- C:\Users\Paul\01 Intro.mp3 [2010.03.19 17:59:05 | 076,615,102 | ---- | C] () -- C:\Users\Paul\Jack Bauer- The 7 Day Edition (www.kanosworld.com).zip [2010.02.21 14:42:23 | 001,579,618 | ---- | C] () -- C:\Users\Paul\img004.jpg [2010.01.07 17:45:56 | 000,953,919 | ---- | C] () -- C:\Users\Paul\Apple Store - Deutschland.mht [2010.01.07 17:45:34 | 000,190,335 | ---- | C] () -- C:\Users\Paul\Sparkasse Krefeld - Ihr persönliches Finanzportal - Ihr Auftrag.mht [2010.01.06 02:05:19 | 001,901,794 | ---- | C] () -- C:\Users\Paul\02 chase the sun.mp3 [2010.01.06 02:00:58 | 007,686,773 | ---- | C] () -- C:\Users\Paul\Planet_Funk_-_Chase_the_Sun.mp3 [2010.01.05 17:31:36 | 006,513,216 | ---- | C] () -- C:\Users\Paul\Nikkfurie_-_The_A_La_Menthe_Extended.mp3 [2009.12.26 15:43:05 | 007,989,158 | ---- | C] () -- C:\Users\Paul\-_Akon_ft_David_Guetta_-_Sexy_Bitch.mp3 [2009.10.11 10:59:48 | 005,556,136 | ---- | C] () -- C:\Users\Paul\Plane9.exe [2009.08.28 15:19:31 | 010,351,542 | ---- | C] () -- C:\Users\Paul\Jay-Z_-_Death_of_Autotune.mp3 [2009.08.27 20:14:21 | 003,449,769 | ---- | C] () -- C:\Users\Paul\-_Planet_Funk_-_Chase_The_Sun.rar [2009.07.02 19:53:14 | 099,423,964 | ---- | C] () -- C:\Users\Paul\34082008.rar [2009.07.02 16:27:56 | 006,393,388 | ---- | C] () -- C:\Users\Paul\myGamersCam_Setup.zip [2009.06.05 13:37:36 | 015,350,784 | ---- | C] () -- C:\Users\Paul\AppleMobileDeviceSupport.msi [2009.06.03 15:09:15 | 000,041,838 | ---- | C] () -- C:\Users\Paul\John_Brown_-_Suburban_Empire_(Hosted_By_Superstar_Jay)-2009-MIXFIEND.torrent [2009.05.22 19:27:18 | 004,329,056 | ---- | C] () -- C:\Users\Paul\DJ_Size_feat._J._Lourenzo___Big_Steve_-_Sunglasses.mp3 [2009.05.15 16:06:32 | 005,824,446 | ---- | C] () -- C:\Users\Paul\She's Glowing (Remix).mp3 [2009.03.31 19:22:03 | 000,463,360 | ---- | C] () -- C:\Users\Paul\Magischer+Kater+3.pps [2008.08.12 15:07:44 | 000,022,328 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\PnkBstrK.sys [2008.01.05 18:30:08 | 000,222,269 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\NMM-MetaData.db [2007.12.29 19:21:48 | 003,108,049 | ---- | C] () -- C:\Program Files\The Beatles - Come Together.mp3 [2007.12.29 19:21:48 | 000,086,791 | ---- | C] () -- C:\Program Files\575m_rot_front.zip [2007.12.29 19:21:48 | 000,062,874 | ---- | C] () -- C:\Program Files\575m_blau_dreiviertelfront.zip [2007.12.29 19:21:48 | 000,062,613 | ---- | C] () -- C:\Program Files\575m_blau_heck.zip [2007.12.29 19:21:48 | 000,057,566 | ---- | C] () -- C:\Program Files\575m_blau_top.zip [2007.12.29 19:21:48 | 000,053,648 | ---- | C] () -- C:\Program Files\575m_rot_seite.zip [2007.12.29 19:21:46 | 005,316,116 | ---- | C] () -- C:\Program Files\Forsaken_Part2.zip [2007.12.29 19:21:46 | 003,060,864 | ---- | C] () -- C:\Program Files\Infamous.mp3 [2007.12.29 19:21:46 | 002,927,388 | ---- | C] () -- C:\Program Files\Infamous.zip [2007.12.28 23:01:19 | 000,002,912 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat [2007.12.28 21:13:39 | 000,000,552 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d8caps.dat [2007.12.28 20:59:41 | 000,061,440 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.28 20:49:52 | 000,001,356 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2010.01.13 00:52:10 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Amazon [2010.06.02 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DVDVideoSoftIEHelpers [2011.07.22 18:44:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo [2008.12.31 15:04:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ [2008.03.20 17:08:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ Toolbar [2008.03.09 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ICQ6 [2008.05.03 17:46:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\LimeWire [2008.03.05 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MAGIX [2008.03.01 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia [2007.12.30 16:33:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite [2010.12.10 23:14:51 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PCDr [2010.04.04 21:44:24 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PeerNetworking [2009.10.11 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Plane9 [2007.12.28 23:19:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template [2012.03.15 01:01:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\TP [2012.08.15 08:30:12 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\My Games:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Meine empfangenen Dateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\CyberLink:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Documents\Battlefield 2 Demo:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Paul\Desktop\Installationsdateien:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Nokia:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Netscape:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Codemasters:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\City Interactive:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Program Files\Activision:Roxio EMC Stream @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.08.2012 09:27:12 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Paul\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,14 Gb Available Physical Memory | 57,04% Memory free 3,46 Gb Paging File | 2,52 Gb Available in Paging File | 72,74% Paging File free Paging file location(s): c:\pagefile.sys 3067 12000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 222,78 Gb Total Space | 1,49 Gb Free Space | 0,67% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,03 Gb Free Space | 60,33% Space Free | Partition Type: NTFS Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{0DE20748-45A5-6CD9-610E-F881A34E7342}" = Catalyst Control Center Localization Arabic "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{150C58DD-54ED-4697-AAA5-16F037C9F7EF}" = Kane and Lynch Dead Men Demo "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{15CC10AB-4266-210D-E2D2-03089C25A028}" = CCC Help English "{1603C7DC-358B-97AF-B451-B2DDAC734117}" = Catalyst Control Center Localization French "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{214030BC-490D-57D4-2547-D0D4ECC851A5}" = Catalyst Control Center Localization Japanese "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{25F28E36-FDBB-11DB-8314-0800200C9A66}" = Medal of Honor Airborne Demo "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2B98E4C3-AABC-9594-3219-A6EB60006C2C}" = Catalyst Control Center Graphics Full Existing "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "{2C698DB8-0D99-5A27-DA3D-A3414FC5DBA7}" = Catalyst Control Center Graphics Light "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{31DBBB49-CAC2-984A-64CA-A88102056E10}" = CCC Help German "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.2.1 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver "{3D26D137-EA12-4D31-8326-226EA0A819A9}" = Moorhuhn Kart XL "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{412FECA2-836F-3DF6-A302-924CEC5B4DE2}" = CCC Help Spanish "{46ACAEB5-365A-74BB-D405-980EA4FE3545}" = CCC Help Japanese "{4AAB7E8F-1C71-E364-458F-5A6797670157}" = Catalyst Control Center Graphics Full New "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{501BB464-E875-4E1E-9CF4-8C445DDAE01E}" = Tom Clancy's Splinter Cell Double Agent Demo "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{65E6362A-B878-4A7B-86DA-D16F8DBD75C7}" = ccc-core-static "{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo "{6DD45BD7-DB28-E59F-8239-CF6816AE1FA4}" = Skins "{70D52D20-82A5-43CC-85C1-C994FA2EC591}" = Tom Clancy's Rainbow Six: Lockdown Demo "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73C8DECD-5948-F3DB-6B38-B7AF881647A6}" = ATI Catalyst Install Manager "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{76C73966-AED3-5ACB-B438-B47E9B1FB2E3}" = CCC Help Chinese Standard "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{794F49F0-2A44-EE74-62FE-22FD68953A25}" = ccc-utility "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit "{7CD5F286-FF0A-E638-8143-0E258E3C17E2}" = CCC Help Thai "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{98698CC8-F4C4-A0A7-F521-8547DDD1BB6B}" = Catalyst Control Center Localization Chinese Standard "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B651AD20-D522-2D6F-3AC7-A5F625FCB283}" = Catalyst Control Center Core Implementation "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes "{C3E2D64C-1B8E-D142-A76F-DEAC02AFF4FA}" = CCC Help Polish "{C5145CD4-4F74-C986-F86B-F57F3995C59B}" = Catalyst Control Center Localization Arabic "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{C8D524C0-FBD2-C4F0-2446-912EABA681E0}" = CCC Help Portuguese "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent "{CCF7F09E-A1C5-7D81-437D-B2DC347CC52E}" = Catalyst Control Center Localization Spanish "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEEE47BB-4AB7-9AEB-2212-ECC6D05DDC74}" = Catalyst Control Center Localization Italian "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable "{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23 "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE "{D71B45B0-70B5-12BA-4ACF-2CEC94FE8A06}" = CCC Help Korean "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate "{E7744050-4D6F-1280-5331-2EA048B51E94}" = Catalyst Control Center Localization Arabic "{ECA80341-4BFB-172D-EC5D-64FD8DD41F5A}" = Catalyst Control Center Localization German "{ECBEB9C6-CC47-70F7-E939-1E20E3BEEC8F}" = Catalyst Control Center Localization Korean "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4FA8AC4-6B6A-CAA6-8E44-FC64227CC4F7}" = CCC Help Italian "{F6412237-45F7-B34B-0803-4D77E2D39D0C}" = Catalyst Control Center Localization Chinese Traditional "{FD01FEBF-376F-F125-09F8-E94B04D21E77}" = CCC Help French "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg "{FF001690-A829-9DFD-9EF6-DA285783C49C}" = CCC Help Chinese Traditional "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5 "ASIO4ALL" = ASIO4ALL "Aston Martin Screensaver" = Aston Martin Screensaver "Aston Martin Vanquish V12 S Screensaver" = Aston Martin Vanquish V12 S Screensaver "ATITool" = ATITool Overclocking Utility "avast" = avast! Free Antivirus "Clean Virus MSN_is1" = Clean Virus MSN "Collab" = Collab "Counter-Strike: Source" = Counter-Strike: Source "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Driving Speed 2_is1" = Driving Speed 2.0 "eMule" = eMule "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "FL Studio 7" = FL Studio 7 "Fraps" = Fraps "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7 "Google Desktop" = Google Desktop "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "IL Download Manager" = IL Download Manager "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch "InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty(R) 4 - Modern Warfare(TM) Demo "InstallShield_{69EA6470-D4D3-49A3-89C8-0530C416ADB9}" = Need For Speed Hot Pursuit 2 Demo "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23 "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full) "MAGIX Music Maker 2008 Producer Edition Trial D" = MAGIX Music Maker 2008 Producer Edition Trial 13.0.1.11 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5) "myGamersCam" = myGamersCam 1.2 "Need For Speed II SE" = Need For Speed II SE "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "OpenAL" = OpenAL "Operation Flashpoint" = Operation Flashpoint (Uninstall via Start Menu shortcut) "Ots CD Scratch 1200" = Ots CD Scratch 1200 1.00.044 "OtsTurntables Free" = OtsTurntables Free 1.00.027 "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0 "RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.111 "RealPlayer 15.0" = RealPlayer "SoftwareUpdUtility" = Download Updater (AOL LLC) "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0 "StationRipper" = StationRipper 2.87 "SystemRequirementsLab" = System Requirements Lab "TmNationsForever_is1" = TmNationsForever "tt2_demo_is1" = Terrorist Takedown 2 DEMO (1.01) "Uninstall_is1" = Uninstall 1.0.0.1 "Winamp" = Winamp "Winamp Toolbar" = Winamp Toolbar "WinRAR archiver" = WinRAR "XTTB00001.XTTB00001Toolbar" = ICQ Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Erkennungs-Plug-in "Winamp Toolbar" = Winamp Toolbar ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11.08.2012 19:26:15 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621 Description = Error - 12.08.2012 05:45:15 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621 Description = Error - 12.08.2012 10:41:27 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621 Description = Error - 13.08.2012 14:52:04 | Computer Name = Paul-PC | Source = EventSystem | ID = 4621 Description = Error - 14.08.2012 06:18:52 | Computer Name = Paul-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16447, Zeitstempel 0x4fc9cd53, fehlerhaftes Modul aswWebRepIE.dll, Version 7.0.1456.418, Zeitstempel 0x4ff31b8b, Ausnahmecode 0xc0000417, Fehleroffset 0x0004d9fb, Prozess-ID 0x16e4, Anwendungsstartzeit 01cd7a063332084f. Error - 14.08.2012 06:25:41 | Computer Name = Paul-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16447, Zeitstempel 0x4fc9cd53, fehlerhaftes Modul aswWebRepIE.dll, Version 7.0.1456.418, Zeitstempel 0x4ff31b8b, Ausnahmecode 0xc0000417, Fehleroffset 0x0004d9fb, Prozess-ID 0x17bc, Anwendungsstartzeit 01cd7a072789ca4f. Error - 14.08.2012 07:33:12 | Computer Name = Paul-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung InstallFlashPlayer.exe, Version 11.0.1.152, Zeitstempel 0x4e7d1453, fehlerhaftes Modul InstallFlashPlayer.exe, Version 11.0.1.152, Zeitstempel 0x4e7d1453, Ausnahmecode 0xc0000005, Fehleroffset 0x000071ad, Prozess-ID 0x14d0, Anwendungsstartzeit 01cd7a1088e81eb9. Error - 15.08.2012 02:50:01 | Computer Name = Paul-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.14966, Zeitstempel 0x49ccf290, fehlerhaftes Modul gmer.exe, Version 1.0.15.14966, Zeitstempel 0x49ccf290, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c4b1, Prozess-ID 0xbf0, Anwendungsstartzeit 01cd7ab1f986aab0. Error - 15.08.2012 03:03:46 | Computer Name = Paul-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.14966, Zeitstempel 0x49ccf290, fehlerhaftes Modul gmer.exe, Version 1.0.15.14966, Zeitstempel 0x49ccf290, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c4b1, Prozess-ID 0x508, Anwendungsstartzeit 01cd7ab3ad461c40. Error - 15.08.2012 03:06:50 | Computer Name = Paul-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung qk4ecqzy.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, fehlerhaftes Modul qk4ecqzy.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x1750, Anwendungsstartzeit 01cd7ab43f76d2d0. [ System Events ] Error - 15.08.2012 02:46:55 | Computer Name = Paul-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 15.08.2012 um 08:45:06 unerwartet heruntergefahren. Error - 15.08.2012 02:46:43 | Computer Name = Paul-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 15.08.2012 02:47:07 | Computer Name = Paul-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002 Description = Error - 15.08.2012 02:48:15 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7024 Description = Error - 15.08.2012 02:48:15 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.08.2012 02:58:56 | Computer Name = Paul-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 15.08.2012 02:59:14 | Computer Name = Paul-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 15.08.2012 um 08:57:31 unerwartet heruntergefahren. Error - 15.08.2012 02:59:06 | Computer Name = Paul-PC | Source = volmgr | ID = 262193 Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher abbilden zu können. Error - 15.08.2012 03:00:46 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7024 Description = Error - 15.08.2012 03:00:46 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Gmer kann ich leider nicht ausführen, der Scan bricht immer ab mit der Begründung, xyz.exe funktioniere nicht mehr. Der Bericht vom letzten Malware Bytes Scan: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.14.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Paul :: PAUL-PC [Administrator] Schutz: Aktiviert 14.08.2012 23:36:28 mbam-log-2012-08-14 (23-36-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 440218 Laufzeit: 2 Stunde(n), 12 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\TDSSKiller_Quarantine\14.08.2012_23.09.55\zasubsys0000\zafs0000\tsk0001.dta (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Paul\AppData\Local\Temp\Low\msimg32.dll (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Paul\AppData\Local\Temp\Low\adfm32.exe (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
Themen zu Win32:Malware gen, Win32:Troj gen und ähnliche nach Adobe Flash Player Aktualisierung (?) |
adobe, adobe flash player, adware, antivirus, avast, avast antivirus, befall, bytes, ergebnis, erkannt, flash player, gelöscht, gen, google, intranet, kaspersky, malware, malware bytes, plug-in, problem, schnell, sekunden, tables, tdss, trojaner, viren, warum, websites, win, win32, öffnet |