| |
| |||||||
Log-Analyse und Auswertung: RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dllWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.08.2012, 12:13
| #1 |
| |  RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll Hallo, ich hab seid tagen das problem :\Users\Username\AppData\tmikanp.dll, Das angegebene Modul wurde nicht gefunden. Der PC ist seid dem langsamm und stürz zwischen durch immer ab und wenn ich bei Firefox eine Seite zu Favoriten hinzufüge ist sie beim nächsten mal wenn ich den PC starte wieder weg =(. Ich hoffe ihr könnt mir beim mein Problem helfen. Danke das ihr euch Zeit nehmt mein beitrag zu lesen =) MfG Aus der Südheide =D |
|
15.08.2012, 15:04
| #2 |
| /// Helfer-Team  | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten. 2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
|
15.08.2012, 21:35
| #3 |
| | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dllCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.15.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Veronika :: VERONIKA-PC [Administrator] Schutz: Aktiviert 15.08.2012 21:46:03 mbam-log-2012-08-15 (21-46-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 280323 Laufzeit: 37 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UpgradeHelper (Trojan.Winlock.P) -> Daten: C:\Users\Veronika\AppData\Roaming\Windows Desktop Search\{A2C927B9-9B87-4130-8199-F12A7ED61342}\UpgradeHelper.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Veronika\AppData\Roaming\Windows Desktop Search\{A2C927B9-9B87-4130-8199-F12A7ED61342}\UpgradeHelper.exe (Trojan.Winlock.P) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 15.08.2012 22:38:31 - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Veronika\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,88% Memory free 4,00 Gb Paging File | 2,91 Gb Available in Paging File | 72,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,73 Gb Total Space | 10,56 Gb Free Space | 21,66% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 82,06 Gb Free Space | 84,03% Space Free | Partition Type: NTFS Drive E: | 86,40 Gb Total Space | 86,28 Gb Free Space | 99,87% Space Free | Partition Type: NTFS Computer Name: VERONIKA-PC | User Name: Veronika | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Veronika\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Companion\companionuser.exe (Microsoft Corporation) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\System32\CtHelper.exe (Creative Technology Ltd) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Pando Networks\Media Booster\PMB.exe () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (MSICDSetup) -- G:\CDriver.sys File not found DRV - (cpuz135) -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (NXP Semiconductors Germany GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (COMMONFX.DLL) -- C:\Windows\System32\COMMONFX.DLL (Creative Technology Ltd) DRV - (CT20XUT.DLL) -- C:\Windows\System32\CT20XUT.DLL (Creative Technology Ltd.) DRV - (CTHWIUT.DLL) -- C:\Windows\System32\CTHWIUT.DLL (Creative Technology Ltd.) DRV - (CTEXFIFX.DLL) -- C:\Windows\System32\CTEXFIFX.DLL (Creative Technology Ltd.) DRV - (CTEDSPSY.DLL) -- C:\Windows\System32\CTEDSPSY.DLL (Creative Technology Ltd) DRV - (CTEDSPIO.DLL) -- C:\Windows\System32\CTEDSPIO.DLL (Creative Technology Ltd) DRV - (CTEDSPFX.DLL) -- C:\Windows\System32\CTEDSPFX.DLL (Creative Technology Ltd) DRV - (CTERFXFX.DLL) -- C:\Windows\System32\CTERFXFX.DLL (Creative Technology Ltd) DRV - (CTEAPSFX.DLL) -- C:\Windows\System32\CTEAPSFX.DLL (Creative Technology Ltd) DRV - (CTSBLFX.DLL) -- C:\Windows\System32\CTSBLFX.DLL (Creative Technology Ltd) DRV - (CTAUDFX.DLL) -- C:\Windows\System32\CTAUDFX.DLL (Creative Technology Ltd) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\Windows\System32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (hap17v2k) -- C:\Windows\System32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\Windows\System32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\Windows\System32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\Windows\System32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctprxy2k) -- C:\Windows\System32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctdvda2k) -- C:\Windows\System32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (ctaud2k) -- C:\Windows\System32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\Windows\System32\drivers\ctac32k.sys (Creative Technology Ltd) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=APN10381&gct=hp IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 5F E1 67 E6 FA CC 01 [binary data] IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\SearchScopes\{2E6E926A-0784-49D4-A2E3-EB2548C6AFFF}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NRO3&o=APN10381&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABG&apn_dtid=^YYYYYY^YY^DE&apn_uid=fe0c77b1-e868-4900-afbf-6fea8952bcef&apn_sauid=07FE641F-E9C3-4EE3-882A-729D5DF2E0CA IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={365C618A-DFBA-496B-8ED4-38413BAB1997}&mid=d8d24821d8c347d0a6d3d1530bbf30cb-d8f9ee1bfa9103739eb8b3ac735456f225d9f062&lang=de&ds=AVG&pr=pr&d=2012-08-15 12:15:58&v=12.2.0.5&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=APN10381&gct=hp" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO3&o=APN10381&locale=de_DE&apn_uid=fe0c77b1-e868-4900-afbf-6fea8952bcef&apn_ptnrs=%5EABG&apn_sauid=07FE641F-E9C3-4EE3-882A-729D5DF2E0CA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 22:24:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 22:24:13 | 000,000,000 | ---D | M] [2011.04.22 16:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Veronika\AppData\Roaming\mozilla\Extensions [2012.06.12 19:12:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Veronika\AppData\Roaming\mozilla\Firefox\Profiles\2g2pev7z.default\extensions [2011.12.30 16:49:53 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Veronika\AppData\Roaming\mozilla\Firefox\Profiles\2g2pev7z.default\extensions\DeviceDetection@logitech.com [2012.06.12 19:12:30 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\Veronika\AppData\Roaming\mozilla\Firefox\Profiles\2g2pev7z.default\extensions\toolbar@ask.com [2012.06.12 19:12:30 | 000,002,343 | ---- | M] () -- C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\2g2pev7z.default\searchplugins\askcom.xml [2012.03.17 22:56:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.20 22:24:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.04 10:58:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.15 12:15:53 | 000,003,749 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011.10.04 10:58:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.04 10:58:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.04 10:58:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.04 10:58:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.04 10:58:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AsioReg] C:\Windows\System32\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CTHelper] C:\Windows\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-524949006-2593117432-992502673-1000..\Run: [LicenseValidator] C:\Users\Veronika\AppData\Roaming\Identities\{4FDA7033-9370-404F-AC6A-6C4767EC9A27}\LicenseValidator.exe () O4 - HKU\S-1-5-21-524949006-2593117432-992502673-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-524949006-2593117432-992502673-1000..\Run: [tmikanp] rundll32 "C:\Users\Veronika\AppData\Local\tmikanp.dll",tmikanp File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-524949006-2593117432-992502673-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2012.05.18 21:24:22 | 000,000,000 | ---D | M] O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{105D7628-2590-4530-BF68-98D405E94BBE}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE2DA20B-D2FC-4B0F-9576-E2D9FA6005D6}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.15 21:46:45 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Veronika\Desktop\OTL.exe [2012.08.15 13:00:48 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Roaming\Malwarebytes [2012.08.15 13:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.15 13:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.15 13:00:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.15 13:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.15 12:47:42 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Roaming\Avira [2012.08.15 12:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.15 12:42:27 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.08.15 12:42:27 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.08.15 12:42:27 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.08.15 12:42:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.08.15 12:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.08.15 12:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.08.15 12:20:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2012.08.15 12:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012.08.15 12:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012.08.15 12:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.08.15 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Roaming\TuneUp Software [2012.08.15 12:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.08.15 12:04:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.08.15 12:04:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.08.15 11:50:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.08.15 11:25:28 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{18F4A423-1849-4673-A095-F27A3F76F8E9} [2012.08.15 11:25:16 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{A92EC337-A167-4C39-9F11-C1CD9703DBEF} [2012.08.14 21:31:00 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{FC720E2C-2C00-481C-9438-77574DAFADBE} [2012.08.14 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{7CD7F83D-9030-4B4A-8319-70DE22A4AA03} [2012.08.14 09:27:13 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{90310B1A-D2F0-4140-91CC-6A0DE9EF0373} [2012.08.14 09:27:01 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{27EA3829-AFB1-4F09-98B4-241112FDDEF6} [2012.08.13 22:36:46 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Roaming\Sun [2012.08.13 11:39:04 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{B79FCDB8-F0A0-4D4A-8BE0-DFD664A7DCDE} [2012.08.13 11:38:48 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{4ED06A51-AB1A-42E6-9BEF-E2D5D1DF3F9C} [2012.08.13 11:38:34 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{35288D86-E1E3-4A21-90F2-2DF6959590B7} [2012.08.12 17:38:03 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{B135CE59-CD1E-43DD-AF25-F6A5932B2EC2} [2012.08.12 17:37:51 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{191AC6E4-21C6-4D15-AE6D-4CBE9A6C300D} [2012.08.11 11:26:56 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{32C80580-CCCD-4051-A177-49EC5AAC7383} [2012.08.11 11:26:43 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{F0F7063C-EB86-4A2C-BC2D-D85CC75C05FB} [2012.08.10 19:26:23 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Roaming\vlc [2012.08.10 19:22:59 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{B206127F-FA12-4B8B-966D-FA6FC0DC2999} [2012.08.10 19:22:46 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{311AF9F9-7160-40E7-B576-8A64ABC0E866} [2012.08.08 15:31:19 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Roaming\Help [2012.08.08 09:48:13 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{0B463461-F25D-46BD-9833-77CB24B22E24} [2012.08.08 09:48:00 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{BE0BCB27-8B3C-49E5-A35A-EDF1FA3B140E} [2012.08.07 13:21:13 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{887EA3BA-53BA-4101-9443-E1C4633BCF21} [2012.08.07 13:21:01 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{9264AE56-EE9F-4E0E-959B-C0E124B255BE} [2012.08.06 11:57:05 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{36EA925F-177D-4512-9072-04370BCDD324} [2012.08.06 11:56:53 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{B472AF0D-7CFB-4BD7-906D-FFD5F816F051} [2012.08.05 09:57:33 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{369BC469-A45E-495C-A2B4-D5C582E8B87A} [2012.08.05 09:57:20 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{B6A0BFB0-32F7-4514-BD62-B34E8AF0F74D} [2012.08.04 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{9EE4E9D0-731F-4D8F-B8D4-EC8D5AB9D884} [2012.08.04 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{AF746CEF-4586-4E64-948D-A6419DE47C3A} [2012.08.03 22:13:09 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{E2B4526C-23EA-4425-9B62-A7AF8DF5F176} [2012.08.03 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{1349269E-10C8-4477-BBCA-3B4E7E288DAB} [2012.08.03 09:34:55 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{6D86AC37-9996-40E0-94C0-CD9601A0D129} [2012.08.03 09:34:42 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{0F0EDC89-4776-4213-B4DE-3FDCD587A0E7} [2012.08.02 22:11:12 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\Chromium [2012.08.02 09:39:53 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{DAAAD1CE-B08C-45F1-AA8B-E5567443DB43} [2012.08.02 09:39:36 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{AA9C0040-9194-4B38-9BA9-071437430DDE} [2012.08.02 09:39:22 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{99800026-BE49-4FED-8ED3-A8B38D5A8B60} [2012.08.01 21:20:03 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{350338BE-79F1-4052-90AB-1B6BE9E9765C} [2012.08.01 21:19:40 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{1C516BDC-A178-470A-980B-7786C45D32BC} [2012.08.01 09:19:12 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{50DB6461-C520-4C50-809F-D968D786B6E3} [2012.08.01 09:18:53 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{3BDDBD02-80EF-4613-A133-3D76785370A8} [2012.08.01 09:18:38 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{8E0C2BF6-F018-4078-B8B3-044DC8B6580D} [2012.07.31 21:08:54 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{E5751D26-08F7-4D27-A7E3-B4DB0624F5E2} [2012.07.31 21:08:31 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{57537AC7-4987-47CE-BE99-140C0E5D6A0F} [2012.07.31 09:08:00 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{5E5BFD55-E62C-4974-A630-AEDCC7409541} [2012.07.31 09:07:47 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{827990A7-D03D-4A9D-BAC7-7A298A704175} [2012.07.30 12:31:46 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{70C6B797-1AF1-491E-8A76-3AF688CCE857} [2012.07.30 12:31:14 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{B2B64862-C766-4DC0-B642-06464DD1E444} [2012.07.29 13:35:42 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{1572DFCB-3FC9-4F4B-98B3-4E351AAEA98C} [2012.07.29 13:35:17 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{519FBD22-239C-465E-8062-9861ABEE6CDA} [2012.07.29 11:23:59 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{A0499259-EA42-40EB-8370-BC616B34D4FD} [2012.07.29 11:23:44 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{BC8997ED-0ADD-4E16-B88A-73445B8052D3} [2012.07.28 23:21:10 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{A4ECFDCE-171E-4ADA-9EB6-3C4A435030EA} [2012.07.28 23:20:47 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{A15B13BB-74F1-49DF-8BC4-B0715495971B} [2012.07.28 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{A98996C0-4071-4680-9393-E975AD71FD04} [2012.07.28 11:20:08 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{CD6989BF-D7FA-4495-AAEE-C6C92E395AD6} [2012.07.27 10:18:08 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{14DE6B0C-A131-4243-AD3E-AD83D8DEC057} [2012.07.27 10:17:56 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{20FAF13F-210D-4316-A2CE-2DB9205D86C2} [2012.07.26 12:30:23 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{69BC8297-8291-4348-BAFD-D7EF540C2161} [2012.07.26 12:30:12 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{4DD270D5-4144-4A1A-90CC-95C71390BB1C} [2012.07.25 11:16:54 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{8D94C394-0F06-4035-876C-3A6496BFF376} [2012.07.25 11:16:40 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{1CE8A80F-51A9-47F9-A7B4-B209CB81477F} [2012.07.24 09:37:04 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{30E3A73C-2550-4B9B-97DF-E9C3A3A11AAD} [2012.07.24 09:36:52 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{39B381DD-52DA-48FF-86F5-10188FC122E4} [2012.07.23 21:14:09 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Roaming\Windows Desktop Search [2012.07.23 18:44:22 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{7C64617A-9B1F-4D59-BA47-DC86F80D7361} [2012.07.23 18:44:10 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{CA3F37F4-7FB2-466B-B6CE-81CBEF61A0E7} [2012.07.22 20:01:17 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{D70E0BD3-1EF7-4F82-BA5F-50AAF15700F1} [2012.07.22 20:01:05 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{001482EC-B2E3-451C-BFF2-C0F315179FF4} [2012.07.21 21:54:10 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{E48FDAC5-8139-4AA5-845C-8F947DF335B4} [2012.07.21 21:53:58 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{C0B75C92-3159-4A72-A26F-A531E693170C} [2012.07.20 22:22:30 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{E0A01B11-E848-4EB1-93C3-EBA6F5778A46} [2012.07.20 22:22:18 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{285C0744-F468-4BD8-BA52-697C92F343DC} [2012.07.20 08:59:46 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{7D72B116-C301-4FC3-ABD3-D08377495F88} [2012.07.20 08:59:34 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{54257B1A-B651-4505-994A-7815205060F2} [2012.07.19 11:31:47 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{7BA4D5CC-09FA-47C9-8772-6129FA8124BA} [2012.07.19 11:31:35 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{7CC8B7A6-DCEC-4CBC-8C84-811FDF5CDB14} [2012.07.18 11:01:52 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{984C1A64-24FA-4E5E-A06D-BC41101F56B5} [2012.07.18 11:01:35 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{EF635124-19AC-4F82-B537-FDFA7665E7CA} [2012.07.17 10:07:40 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{005B24BB-949D-4995-A16A-5329BDBE7EAD} [2012.07.17 10:07:28 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Local\{1DA28CAB-0173-48D0-BBDB-0AD7CAEB6CEB} ========== Files - Modified Within 30 Days ========== [2012.08.15 22:44:18 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 22:44:18 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.15 22:36:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.15 22:36:39 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys [2012.08.15 21:57:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.15 21:46:47 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Veronika\Desktop\OTL.exe [2012.08.15 13:00:33 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.15 12:42:39 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.14 22:57:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.14 22:57:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2012.08.15 13:00:33 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.15 12:42:39 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2011.10.07 12:12:48 | 000,015,144 | ---- | C] () -- C:\Windows\System32\HWLMSET2PS.dll [2011.09.14 16:44:13 | 000,007,627 | ---- | C] () -- C:\Users\Veronika\AppData\Local\Resmon.ResmonCfg [2011.06.07 16:54:51 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.07 16:53:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.23 19:33:58 | 000,000,096 | ---- | C] () -- C:\Users\Veronika\AppData\Local\fusioncache.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.08.2012 22:38:31 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Veronika\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 57,88% Memory free
4,00 Gb Paging File | 2,91 Gb Available in Paging File | 72,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,73 Gb Total Space | 10,56 Gb Free Space | 21,66% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 82,06 Gb Free Space | 84,03% Space Free | Partition Type: NTFS
Drive E: | 86,40 Gb Total Space | 86,28 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: VERONIKA-PC | User Name: Veronika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CA34DC8-93E8-46AC-8D22-81F13E0E9ED7}" = lport=139 | protocol=6 | dir=in | app=system |
"{113BF37B-ECCE-471D-A294-E013ACA74EC1}" = lport=57415 | protocol=17 | dir=in | name=pando media booster |
"{1387770E-4180-4884-A1A3-AFD600D1B6E3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1689CFCD-9F5E-4C72-AEA0-F665134EC0A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1FC47D8D-CA2E-40E7-9898-B9BCB935498F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FCF7306-8F4B-432A-8221-2D09848C4EFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C080AA3-5966-4287-BB0A-0E6555D2CE90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DCA9408-6CD8-4EAB-8F6C-1326928C2ACA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D30A5D1-B3A7-40B0-86BB-29DF61715684}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D64E298-ACF9-4C35-BC16-806A40C42E4F}" = lport=138 | protocol=17 | dir=in | app=system |
"{61547604-CCB0-40F1-A92D-31D08606BAF0}" = rport=138 | protocol=17 | dir=out | app=system |
"{65ED32AF-3C10-4486-9E5F-BDDA5253E970}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BABA2E5-5826-4C02-97B5-B62C91A227E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{6FBB6E4C-1F66-4E60-887F-64749EE64BD2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75ECE9DC-DEA9-4F9F-AC7B-1AA122688D2C}" = lport=137 | protocol=17 | dir=in | app=system |
"{82A6D408-CA0B-4997-A7B8-949D1D42254C}" = rport=139 | protocol=6 | dir=out | app=system |
"{87A1E6CE-830E-4013-B4F1-D0B0145A5B8A}" = rport=137 | protocol=17 | dir=out | app=system |
"{90A7582C-57EF-4609-922F-A1FE25DE06B9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{95630BF6-DD6E-4873-BB05-37D519AD1EF6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{964FA644-2698-4EB7-B6AE-5FF950882CD6}" = lport=57415 | protocol=6 | dir=in | name=pando media booster |
"{99DAB2B9-A6D0-41CB-B009-998321DC4068}" = lport=57415 | protocol=6 | dir=in | name=pando media booster |
"{A3AAF76A-E106-4B59-9C08-4931415319EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AEDF27BA-9744-4A88-8327-8DF89343F810}" = lport=57415 | protocol=17 | dir=in | name=pando media booster |
"{BC6EB37F-43BA-45B0-A351-2C0AF4F48436}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C19340A6-C028-41C4-9BFC-AEB98629DB92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1B74766-D42F-4A38-9216-936CC57EEFBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB685F73-2117-4C8A-9065-35498D7761FE}" = rport=445 | protocol=6 | dir=out | app=system |
"{E21BD30B-4B7E-4F4F-83B2-7894B9B85DF6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F85183CF-6F59-40C2-A4ED-CC22F190493B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BC6C10-CFD0-4E9B-8A2C-08CD4E3E2CB6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0620F84C-33C9-4532-A6C3-548B04FE5607}" = protocol=6 | dir=out | app=system |
"{0A0FEBD9-9EFB-4032-BFD6-4CE2487805C2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{293D30B5-68A3-480B-9864-C1D6A40E779B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B69DE9C-0070-486F-B13B-C37D46F77DC7}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{40FD6F79-1DD4-4EC9-802A-EA3FCE5B6925}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43BB0588-D305-4BE0-88DD-1CD5A647941E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{565AD381-8F91-4F7E-8EEF-622FDE09FA16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{617700E9-8E81-4D15-9C64-E840E097C527}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65AFF979-C5EE-4EB3-A60C-698604E0E863}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{68EB30A7-4159-47CA-B404-362499C9D8C5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{79CA9268-FCA9-4FB7-A0B5-B807AFA43C5B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8DB31BBD-B135-469D-8723-EBD6217585C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E748257-4FB9-4F01-8505-0246E5985DD8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A4C8D534-BBAA-4285-9462-9B7E69FF505C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF235099-ABDB-46FF-8478-0848267C4E8C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0B423FC-C91F-45D2-9C86-5338506B5ACD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CED1C8D3-FFE4-4A40-92DD-0C5FD198A3CB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E5482B72-F88B-41F2-B981-F6032AD13739}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E6B75573-3746-4117-BFA8-7F21ABB92DF0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC3609F9-86FF-41DD-BC00-CB8FB166F094}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F53EB61C-9678-45B6-8125-E2A51B898A57}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F65ED250-C72E-44BA-B0DD-42C27AA3FF83}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FF68C0F6-4CC8-4ECC-9EF5-311BA66266D0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{445504CF-F14C-41E4-B776-A4BE2B820313}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{5282A822-C2BB-400B-ABD8-0C34722DDC5F}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{9E474CF4-3539-4538-8562-10119D74641E}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{E4285BFD-3B4B-4FAF-BDF0-37807C1BC877}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 267.60
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.60
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Xtra Controller
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"EPSON SX110 Series" = Druckerdeinstallation für EPSON SX110 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.06.2012 05:10:37 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.06.2012 05:10:37 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.06.2012 05:10:38 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.06.2012 05:10:38 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.06.2012 05:10:38 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.06.2012 05:10:38 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.06.2012 05:10:38 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.06.2012 05:10:38 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.06.2012 05:10:38 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 08.06.2012 04:48:37 | Computer Name = Veronika-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 01.08.2012 09:40:46 | Computer Name = Veronika-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 02.08.2012 04:19:55 | Computer Name = Veronika-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 03.08.2012 12:43:41 | Computer Name = Veronika-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 06.08.2012 11:06:52 | Computer Name = Veronika-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 08.08.2012 09:53:08 | Computer Name = Veronika-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 11.08.2012 05:26:06 | Computer Name = Veronika-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?08.?2012 um 23:30:57 unerwartet heruntergefahren.
Error - 12.08.2012 12:10:26 | Computer Name = Veronika-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 13.08.2012 16:01:34 | Computer Name = Veronika-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 15.08.2012 06:31:00 | Computer Name = Veronika-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 15.08.2012 08:12:41 | Computer Name = Veronika-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
MfG Geändert von ED_Ed (15.08.2012 um 21:50 Uhr) |
|
15.08.2012, 22:17
| #4 |
| /// Helfer-Team | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (MSICDSetup) -- G:\CDriver.sys File not found
DRV - (cpuz135) -- C:\Windows\Temp\cpuz135\cpuz135_x32.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=APN10381&gct=hp
IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\SearchScopes\{2E6E926A-0784-49D4-A2E3-EB2548C6AFFF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NRO3&o=APN10381&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABG&apn_dtid=^YYYYYY^YY^DE&apn_uid=fe0c77b1-e868-4900-afbf-6fea8952bcef&apn_sauid=07FE641F-E9C3-4EE3-882A-729D5DF2E0CA
IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={365C618A-DFBA-496B-8ED4-38413BAB1997}&mid=d8d24821d8c347d0a6d3d1530bbf30cb-d8f9ee1bfa9103739eb8b3ac735456f225d9f062&lang=de&ds=AVG&pr=pr&d=2012-08-15 12:15:58&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://de.ask.com/?l=dis&o=APN10381&gct=hp"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO3&o=APN10381&locale=de_DE&apn_uid=fe0c77b1-e868-4900-afbf-6fea8952bcef&apn_ptnrs=%5EABG&apn_sauid=07FE641F-E9C3-4EE3-882A-729D5DF2E0CA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-524949006-2593117432-992502673-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-21-524949006-2593117432-992502673-1000..\Run: [LicenseValidator] C:\Users\Veronika\AppData\Roaming\Identities\{4FDA7033-9370-404F-AC6A-6C4767EC9A27}\LicenseValidator.exe ()
O4 - HKU\S-1-5-21-524949006-2593117432-992502673-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-524949006-2593117432-992502673-1000..\Run: [tmikanp] rundll32 "C:\Users\Veronika\AppData\Local\tmikanp.dll",tmikanp File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-524949006-2593117432-992502673-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2012.05.18 21:24:22 | 000,000,000 | ---D | M]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.08.15 12:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.08.15 12:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.08.15 12:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.08.15 12:04:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.15 12:04:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.08.15 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\Veronika\AppData\Roaming\TuneUp Software
[2012.08.15 21:57:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
16.08.2012, 08:39
| #5 |
| | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dllCode:
ATTFilter All processes killed
========== OTL ==========
Service VGPU stopped successfully!
Service VGPU deleted successfully!
File System32\drivers\rdvgkmd.sys File not found not found.
Service tsusbhub stopped successfully!
Service tsusbhub deleted successfully!
File system32\drivers\tsusbhub.sys File not found not found.
Service Synth3dVsc stopped successfully!
Service Synth3dVsc deleted successfully!
File System32\drivers\synth3dvsc.sys File not found not found.
Service MSICDSetup stopped successfully!
Service MSICDSetup deleted successfully!
File G:\CDriver.sys File not found not found.
Service cpuz135 stopped successfully!
Service cpuz135 deleted successfully!
File C:\Windows\Temp\cpuz135\cpuz135_x32.sys File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-524949006-2593117432-992502673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2E6E926A-0784-49D4-A2E3-EB2548C6AFFF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E6E926A-0784-49D4-A2E3-EB2548C6AFFF}\ not found.
Registry key HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
HKU\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.ask.com/?l=dis&o=APN10381&gct=hp" removed from browser.startup.homepage
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO3&o=APN10381&locale=de_DE&apn_uid=fe0c77b1-e868-4900-afbf-6fea8952bcef&apn_ptnrs=%5EABG&apn_sauid=07FE641F-E9C3-4EE3-882A-729D5DF2E0CA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Windows\CurrentVersion\Run\\LicenseValidator deleted successfully.
C:\Users\Veronika\AppData\Roaming\Identities\{4FDA7033-9370-404F-AC6A-6C4767EC9A27}\LicenseValidator.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Programme\Pando Networks\Media Booster\PMB.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Windows\CurrentVersion\Run\\tmikanp deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\AVG2012\log folder moved successfully.
C:\ProgramData\AVG2012\IDS\config folder moved successfully.
C:\ProgramData\AVG2012\IDS folder moved successfully.
C:\ProgramData\AVG2012 folder moved successfully.
C:\ProgramData\MFAData\logs folder moved successfully.
C:\ProgramData\MFAData folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities 2012 folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics folder moved successfully.
C:\ProgramData\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\ProgramData\TuneUp Software\TU2012 folder moved successfully.
C:\ProgramData\TuneUp Software folder moved successfully.
C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.
C:\ProgramData\Common Files folder moved successfully.
C:\Users\Veronika\AppData\Roaming\TuneUp Software\TU2012\TuningIndex folder moved successfully.
C:\Users\Veronika\AppData\Roaming\TuneUp Software\TU2012\StartUp Manager folder moved successfully.
C:\Users\Veronika\AppData\Roaming\TuneUp Software\TU2012\Dashboard folder moved successfully.
C:\Users\Veronika\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Veronika\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Veronika\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Veronika\Desktop\cmd.bat deleted successfully.
C:\Users\Veronika\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Veronika
->Temp folder emptied: 34334940 bytes
->Temporary Internet Files folder emptied: 132427780 bytes
->Java cache emptied: 364728 bytes
->FireFox cache emptied: 80153537 bytes
->Flash cache emptied: 191968 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2258691 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 238,00 mb
OTL by OldTimer - Version 3.2.57.0 log created on 08162012_093136
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2009.07.14 03:14:23 | 000,093,696 | ---- | M] (Microsoft Corporation) C:\Windows\System32\mctadmin.exe : MD5=BBA1A5B86134F496B926DDAF247DB871
Registry entries deleted on Reboot...
|
|
16.08.2012, 12:19
| #6 |
| /// Helfer-Team | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll |
|
16.08.2012, 22:01
| #7 |
| | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll Das fenster mit den RUnDLL problem ist weg, hab auch die Tage den PC nicht richtig benutzt nur kurz angemacht und das gemacht was du mir geschrieben hast =), aber abstürzen tut er erstma auch nicht mehr, dann kann ich ja bald wieder Zocken =D Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.16.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Veronika :: VERONIKA-PC [Administrator] Schutz: Aktiviert 16.08.2012 22:14:26 mbam-log-2012-08-16 (22-14-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 274771 Laufzeit: 30 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.Proxy) -> Daten: C:\Users\Veronika\AppData\Roaming\Identities \{0F381FBF-683F-415E-9997-DE6A0FD88055}\LicenseValidator.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Veronika\AppData\Roaming\Identities\{0F381FBF-683F-415E-9997-DE6A0FD88055}\LicenseValidator.exe (Trojan.Proxy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/16/2012 at 23:05:12
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Veronika - VERONIKA-PC
# Boot Mode : Normal
# Running from : C:\Users\Veronika\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Veronika\AppData\Local\AskToolbar
Folder Found : C:\Users\Veronika\AppData\Local\OpenCandy
Folder Found : C:\Users\Veronika\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Veronika\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\2g2pev7z.default\extensions\toolbar@ask.com
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\2g2pev7z.default\searchplugins\Askcom.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\IGearSettings
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\2g2pev7z.default\prefs.js
Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[R1].txt - [3577 octets] - [16/08/2012 23:05:12]
########## EOF - C:\AdwCleaner[R1].txt - [3705 octets] ##########
Geändert von ED_Ed (16.08.2012 um 22:07 Uhr) |
|
17.08.2012, 00:55
| #8 |
| /// Helfer-Team | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
|
17.08.2012, 10:24
| #9 |
| | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dllCode:
ATTFilter # AdwCleaner v1.801 - Logfile created 08/17/2012 at 11:21:05
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Veronika - VERONIKA-PC
# Boot Mode : Normal
# Running from : C:\Users\Veronika\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Veronika\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Veronika\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Veronika\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Veronika\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\2g2pev7z.default\extensions\toolbar@ask.com
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\2g2pev7z.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\2g2pev7z.default\prefs.js
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[R1].txt - [3706 octets] - [16/08/2012 23:05:12]
AdwCleaner[S1].txt - [3589 octets] - [17/08/2012 11:21:05]
########## EOF - C:\AdwCleaner[S1].txt - [3717 octets] ##########
Code:
ATTFilter Emsisoft Anti-Malware - Version 6.6
Letztes Update: 17.08.2012 11:45:19
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\
Archiv Scan: An
ADS Scan: An
Scan Beginn: 17.08.2012 11:45:35
c:\program files\downloadmanager gefunden: Trace.File.mediapipe!E1
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll gefunden: Adware.Win32.Yontoo.AMN!E1
C:\Users\Veronika\AppData\Local\Temp\YontooSetup-Silent.exe gefunden: Adware.Win32.Yontoo.AMN!E1
C:\Users\Veronika\AppData\Local\Temp\YontooIEClient.dll gefunden: Adware.Win32.Yontoo.AMN!E1
C:\Users\Veronika\AppData\Local\Temp\is357113909\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe gefunden: Malware.Win32.AMN!E1
C:\Program Files\Yontoo\YontooIEClient.dll gefunden: Adware.Win32.Yontoo.AMN!E1
Gescannt 567694
Gefunden 6
Scan Ende: 17.08.2012 12:02:31
Scan Zeit: 0:16:56
Geändert von ED_Ed (17.08.2012 um 11:13 Uhr) |
|
17.08.2012, 15:18
| #10 |
| /// Helfer-Team | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
17.08.2012, 22:31
| #11 |
| | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dllCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36509a5b08f5ef4f8d19bfe159c78a51
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-17 09:22:18
# local_time=2012-08-17 11:22:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 209201 209201 0 0
# compatibility_mode=5893 16776574 100 94 347979 96867738 0 0
# compatibility_mode=8192 67108863 100 0 1370 1370 0 0
# scanned=84852
# found=9
# cleaned=9
# scan_time=1991
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Veronika\AppData\Local\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Veronika\AppData\Local\Temp\YontooLayers.crx Win32/Adware.Yontoo.C application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Veronika\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Veronika\AppData\Roaming\Identities\{C00B2FD5-9461-4375-8D2C-485BEE5A97F3}\LicenseValidator.exe a variant of Win32/Injector.VFT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\2g2pev7z.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Veronika\Downloads\DownloadAcceleratorSetup(1).exe a variant of Win32/InstallCore.AN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Veronika\Downloads\DownloadAcceleratorSetup.exe a variant of Win32/InstallCore.AN application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\08162012_093136\C_Users\Veronika\AppData\Roaming\Identities\{4FDA7033-9370-404F-AC6A-6C4767EC9A27}\LicenseValidator.exe a variant of Win32/Injector.VFH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
|
|
18.08.2012, 14:53
| #12 |
| /// Helfer-Team | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
18.08.2012, 21:53
| #13 |
| | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll C:\ComboFix.txt Code:
ATTFilter ComboFix 12-08-18.03 - Veronika 18.08.2012 22:28:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2046.1067 [GMT 2:00]
ausgeführt von:: c:\users\Veronika\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Veronika\AppData\Roaming\Help\coredb\storage
c:\users\Veronika\Desktop\Internet Explorer.lnk
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-18 bis 2012-08-18 ))))))))))))))))))))))))))))))
.
.
2012-08-18 20:36 . 2012-08-18 20:37 -------- d-----w- c:\users\Veronika\AppData\Local\temp
2012-08-18 20:36 . 2012-08-18 20:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-18 20:36 . 2012-08-18 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-18 10:03 . 2012-08-18 10:03 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-18 10:03 . 2012-08-18 10:03 -------- d-----w- c:\programdata\McAfee
2012-08-18 10:03 . 2012-08-18 10:03 -------- d-----w- c:\program files\McAfee Security Scan
2012-08-17 09:42 . 2012-08-17 20:16 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-08-17 09:31 . 2012-08-17 10:11 -------- d-----w- c:\program files\Yontoo
2012-08-17 09:31 . 2012-08-17 20:23 -------- d-----w- c:\programdata\Tarma Installer
2012-08-17 09:25 . 2012-08-17 09:31 608 ----a-w- C:\user.js
2012-08-17 09:24 . 2012-08-17 09:24 -------- d-----w- c:\users\Veronika\AppData\Roaming\Babylon
2012-08-17 09:24 . 2012-08-17 09:24 -------- d-----w- c:\programdata\Babylon
2012-08-16 07:31 . 2012-08-16 07:31 -------- d-----w- C:\_OTL
2012-08-15 11:00 . 2012-08-15 11:00 -------- d-----w- c:\users\Veronika\AppData\Roaming\Malwarebytes
2012-08-15 11:00 . 2012-08-15 11:00 -------- d-----w- c:\programdata\Malwarebytes
2012-08-15 11:00 . 2012-08-15 11:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-15 11:00 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 10:47 . 2012-08-15 10:47 -------- d-----w- c:\users\Veronika\AppData\Roaming\Avira
2012-08-15 10:42 . 2012-07-18 16:04 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-15 10:42 . 2012-07-18 16:04 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-15 10:42 . 2012-07-18 16:04 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-15 10:42 . 2012-08-15 10:42 -------- d-----w- c:\programdata\Avira
2012-08-15 10:42 . 2012-08-15 10:42 -------- d-----w- c:\program files\Avira
2012-08-15 10:20 . 2012-08-15 10:22 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-15 10:14 . 2012-08-15 10:14 -------- d-----w- c:\program files\AVG
2012-08-12 16:14 . 2012-08-13 20:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD311D52-5FB6-4F54-B0F2-E0D47CF54D14}\offreg.dll
2012-08-10 17:35 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD311D52-5FB6-4F54-B0F2-E0D47CF54D14}\mpengine.dll
2012-08-10 17:26 . 2012-08-10 17:26 -------- d-----w- c:\users\Veronika\AppData\Roaming\vlc
2012-08-02 20:11 . 2012-08-02 20:11 -------- d-----w- c:\users\Veronika\AppData\Local\Chromium
2012-07-23 19:14 . 2012-07-23 19:14 -------- d-----w- c:\users\Veronika\AppData\Roaming\Windows Desktop Search
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 10:03 . 2012-05-27 18:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-18 10:03 . 2011-06-07 14:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 05:05 . 2012-07-12 08:44 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-12 08:44 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-12 08:44 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 09:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:03 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:03 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:03 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 09:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 09:03 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 09:03 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 09:02 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 09:02 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-12 08:44 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-12 08:44 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-12 08:44 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-12 08:44 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-12 08:44 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2011-04-22 14:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-20 20:24 . 2011-04-22 14:00 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AsioReg"="CTASIO.DLL" [2007-04-09 79872]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-16 10820200]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
.
R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/?affID=110819&tt=3312_4&babsrc=HP_ss&mntrId=e670bee5000000000000001a4d5bd938
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\2g2pev7z.default\
FF - prefs.js: browser.search.selectedEngine -
FF - user.js: extentions.y2layers.installId - cfa6af7c-9b55-41b2-9307-223de473f6ad
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=3312_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - e670bee5000000000000001a4d5bd938
FF - user.js: extensions.BabylonToolbar.instlDay - 15569
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.611:31
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-524949006-2593117432-992502673-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-18 22:43:02
ComboFix-quarantined-files.txt 2012-08-18 20:43
.
Vor Suchlauf: 7 Verzeichnis(se), 11.071.283.200 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 10.917.515.264 Bytes frei
.
- - End Of File - - CA257A654545455EB1EB56D69EDB26B0
C:\Qoobox\Add-Remove Programs.txt Code:
ATTFilter Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.1) - Deutsch Avira Free Antivirus D3DX10 Der Herr der Ringe Online v03.02.04.8010 Druckerdeinstallation für EPSON SX110 Series Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Java(TM) 6 Update 31 Junk Mail filter update Logitech Gaming Software Malwarebytes Anti-Malware Version 1.62.0.1300 McAfee Security Scan Plus Mesh Runtime Messenger Companion Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Office Word Viewer 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 14.0.1 (x86 de) Mozilla Maintenance Service MSVCRT NVIDIA 3D Vision Treiber 267.60 NVIDIA Grafiktreiber 267.60 NVIDIA HD-Audiotreiber 1.2.22.1 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX-Systemsoftware 9.10.0514 NVIDIA Stereoscopic 3D Driver NVIDIA Systemsteuerung 267.60 NVIDIA Update 1.3.5 NVIDIA Update Components Pando Media Booster Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) TeamSpeak 3 Client Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.11 (32-Bit) Xtra Controller Yontoo 1.10.02 MfG Ed |
|
19.08.2012, 16:56
| #14 |
| /// Helfer-Team | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
|
19.08.2012, 20:02
| #15 |
| | RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll Danke dir für deine Hilfe, nun soll ich bestimmt Adobe Reader die neuste version runter laden ? PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 14.0.1 ist aktuell Flash (11,3,300,271) ist aktuell. Java (1,7,0,6) ist aktuell. Adobe Reader 10,1,1,33 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 10,1,3 Zurück Tools: StartSeite PluginCheck Secunia Online Scan Weiterführendes: Java Updaten und Einstellen Secunia Personal Software Inspector (PSI) Family: TR/Agent |
|
| Themen zu RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll |
| appdata, arten, beim starten, beitrag, dll, dll problem, favoriten, gefunde, hoffe, modul, problem, problem beim starten von c, problem beim starten von c:, rundll, seite, starte, starten, tagen, users, wieder weg, zwischen |
Linear-Darstellung
