| |
| |||||||
Log-Analyse und Auswertung: Trojaner TR/TDss.abx und TR/Alureon, Dateien wegWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.09.2012, 13:05
| #1 |
 |  Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Hallo zusammen, ich bin kein großer Computerfachmann, aber ich versuche es trotzdem mal in diesem Forum und hoffe, dass ich sowohl meine Problembeschreibung vernünftig hinbekomme, vor allem aber auch eure möglichen Antworten verstehe! Am Donnerstag Nachmittag meldete Avira einen Sicherheitshinweis, danach ging alles ganz schnell, innerhalb weniger Sekunden/Minuten verschwanden die meisten Icons von meinem Desktop und ein Pop-up "Write Fault Error" öffnete sich gefühlte 100x. Ich habe dann den Laptop heruntergefahren. Als ich ihn wieder hoch gefahren hab, war der Desktophintergrund schwarz und alle eigenen Dateien sind weg bzw. nicht mehr sichtbar, alle Ordner sind leer. Da ich nun gar nicht weiß, wie ich am besten vorgehe, befolge ich gerade die Schritte, die hier "für alle Hilfesuchenden" angezeigt werden. Es wäre schön, wenn ihr dazu Kommentare/Tipps abgeben könntet. OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.09.2012 13:20:12 - Run 1 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Chrissi\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,16% Memory free 6,19 Gb Paging File | 3,98 Gb Available in Paging File | 64,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 275,41 Gb Total Space | 131,63 Gb Free Space | 47,80% Space Free | Partition Type: NTFS Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32 Drive E: | 283,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CHRISSI-PC | User Name: Chrissi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.22 13:19:41 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe PRC - [2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe PRC - [2012.09.20 21:01:18 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe PRC - [2012.09.20 16:47:26 | 000,278,528 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G.exe PRC - [2012.09.20 16:25:30 | 000,381,952 | -H-- | M] () -- C:\ProgramData\SjaPfXBKSlE.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.26 09:26:46 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012.08.12 12:00:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Programme\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.05.08 20:40:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 20:40:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:40:29 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.01.11 19:27:46 | 000,212,480 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE PRC - [2011.07.13 22:14:40 | 001,761,136 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe PRC - [2011.05.28 08:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2010.10.12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.05.14 18:07:14 | 000,759,048 | -H-- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2008.11.06 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.21 13:51:47 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2008.07.25 09:25:12 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2008.01.21 04:25:31 | 000,300,032 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 04:24:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\MSAgent\AgentSvr.exe PRC - [2008.01.21 04:23:53 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2007.11.02 12:35:42 | 002,564,096 | -H-- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe PRC - [2007.11.02 12:31:24 | 000,069,632 | -H-- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.11.02 12:31:08 | 000,040,960 | -H-- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe PRC - [2007.10.18 11:34:34 | 005,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe PRC - [2006.12.19 19:23:20 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [1999.04.23 22:45:44 | 008,441,907 | R--- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office\WINWORD.EXE PRC - [1999.03.05 23:26:12 | 000,753,703 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Artgalry\ARTGALRY.EXE ========== Modules (No Company Name) ========== MOD - [2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe MOD - [2012.09.20 16:47:26 | 000,278,528 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G.exe MOD - [2012.09.20 16:25:30 | 000,381,952 | -H-- | M] () -- C:\ProgramData\SjaPfXBKSlE.exe MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\MExplorer.dll MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2012.01.27 11:02:32 | 000,569,344 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll MOD - [2011.11.01 19:32:48 | 000,573,100 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\sqlite3.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\Report.dll MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\VObject.dll MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2007.11.02 12:36:16 | 000,048,208 | -H-- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2007.11.02 12:35:42 | 002,564,096 | -H-- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe MOD - [2007.11.02 12:28:16 | 000,434,176 | -H-- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2007.11.02 12:28:04 | 001,077,248 | -H-- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2007.11.02 12:27:48 | 000,532,480 | -H-- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2007.11.02 12:27:40 | 000,061,440 | -H-- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll MOD - [2007.11.02 12:27:28 | 000,016,896 | -H-- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2007.11.02 12:27:26 | 000,013,824 | -H-- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe MOD - [1999.02.02 01:39:14 | 000,073,785 | ---- | M] () -- C:\Programme\Microsoft Office\Office\BLNMGR.DLL MOD - [1999.02.01 22:10:52 | 000,057,403 | ---- | M] () -- C:\Programme\Microsoft Office\Office\BLNMGRPS.DLL ========== Services (SafeList) ========== SRV - [2012.09.20 21:01:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 20:40:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 20:40:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.05.14 18:07:14 | 000,759,048 | -H-- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2008.07.25 09:25:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.02 12:31:08 | 000,040,960 | -H-- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2006.12.19 19:23:20 | 000,094,208 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.09.22 13:10:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 20:40:29 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:40:29 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.13 22:17:14 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86) DRV - [2011.07.13 22:17:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86) DRV - [2011.07.13 22:16:54 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.07.11 05:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.03.13 03:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007.06.25 13:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.netcologne.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.netcologne.de IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.studi-vz.de/hxxp://www [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1351351 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Chrissi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Chrissi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Epson Stylus SX430(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [r9VEbHteCG314G] C:\ProgramData\r9VEbHteCG314G.exe () O4 - HKCU..\Run: [SjaPfXBKSlE.exe] C:\ProgramData\SjaPfXBKSlE.exe () O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CA42DF-4DA4-4380-B0B9-18728C41D813}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell - "" = AutoRun O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.22 13:19:37 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe [2012.09.22 13:09:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.22 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Malwarebytes [2012.09.22 13:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.22 13:09:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.22 13:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.22 13:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.22 09:14:31 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2012.09.20 16:47:35 | 000,000,000 | -H-D | C] -- C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery [2012.09.14 06:26:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.14 06:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.14 06:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.01.28 13:32:02 | 059,218,544 | -H-- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Chrissi\ElsterFormular-13.0.0.8086p.exe [2 C:\Users\Chrissi\*.tmp files -> C:\Users\Chrissi\*.tmp -> ] [1 C:\Users\Chrissi\Documents\*.tmp files -> C:\Users\Chrissi\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.22 13:26:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.22 13:19:41 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe [2012.09.22 13:18:40 | 000,000,000 | ---- | M] () -- C:\Users\Chrissi\defogger_reenable [2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe [2012.09.22 13:10:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.22 13:09:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.22 13:01:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.22 12:30:43 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.22 12:30:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.22 12:30:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.22 12:30:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.22 12:30:01 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.09.21 22:51:00 | 000,000,611 | -H-- | M] () -- C:\Users\Chrissi\Desktop\File_Recovery.lnk [2012.09.21 22:50:55 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A6916323-0D5C-4C98-A24C-DFAC802B17CD}.job [2012.09.20 16:57:53 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.20 16:57:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.20 16:57:53 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.20 16:57:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.20 16:47:37 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-r9VEbHteCG314Gr [2012.09.20 16:47:37 | 000,000,152 | -H-- | M] () -- C:\ProgramData\-r9VEbHteCG314G [2012.09.20 16:47:35 | 000,000,368 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G [2012.09.20 16:47:26 | 000,278,528 | -H-- | M] () -- C:\ProgramData\r9VEbHteCG314G.exe [2012.09.20 16:45:32 | 000,070,375 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2012.09.20 16:25:30 | 000,381,952 | -H-- | M] () -- C:\ProgramData\SjaPfXBKSlE.exe [2012.09.18 06:40:48 | 000,391,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.08 17:59:24 | 000,465,898 | -H-- | M] () -- C:\Users\Chrissi\Ticket Bahn.pdf [2012.09.07 22:08:27 | 000,078,848 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.05 17:07:02 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Chrissi.job [2012.09.05 15:28:56 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2 C:\Users\Chrissi\*.tmp files -> C:\Users\Chrissi\*.tmp -> ] [1 C:\Users\Chrissi\Documents\*.tmp files -> C:\Users\Chrissi\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.22 13:18:40 | 000,000,000 | ---- | C] () -- C:\Users\Chrissi\defogger_reenable [2012.09.22 13:17:34 | 000,050,477 | ---- | C] () -- C:\Users\Chrissi\Documents\Defogger.exe [2012.09.22 13:09:30 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.21 22:51:00 | 000,000,611 | -H-- | C] () -- C:\Users\Chrissi\Desktop\File_Recovery.lnk [2012.09.20 16:47:37 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-r9VEbHteCG314Gr [2012.09.20 16:47:37 | 000,000,152 | -H-- | C] () -- C:\ProgramData\-r9VEbHteCG314G [2012.09.20 16:47:30 | 000,000,368 | -H-- | C] () -- C:\ProgramData\r9VEbHteCG314G [2012.09.20 16:47:26 | 000,278,528 | -H-- | C] () -- C:\ProgramData\r9VEbHteCG314G.exe [2012.09.20 16:27:57 | 000,381,952 | -H-- | C] () -- C:\ProgramData\SjaPfXBKSlE.exe [2012.09.08 17:59:20 | 000,465,898 | -H-- | C] () -- C:\Users\Chrissi\Ticket Bahn.pdf [2012.04.24 18:35:07 | 000,431,054 | -H-- | C] () -- C:\Users\Chrissi\Girls'Day 1.pdf [2012.04.05 22:31:47 | 006,655,589 | -H-- | C] () -- C:\Users\Chrissi\Xperia ray.pdf [2012.01.07 13:55:19 | 019,738,624 | -H-- | C] () -- C:\Users\Chrissi\epson373282eu.exe [2012.01.07 13:54:39 | 019,914,752 | -H-- | C] () -- C:\Users\Chrissi\epson373062eu.exe [2011.10.07 18:43:33 | 000,000,680 | -H-- | C] () -- C:\Users\Chrissi\AppData\Local\d3d9caps.dat [2011.08.17 12:52:04 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Vbis4032.dll [2011.04.30 10:53:49 | 001,489,288 | -H-- | C] () -- C:\Users\Chrissi\setup_dm_Fotowelt.exe [2010.11.18 18:33:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.11.13 18:17:24 | 000,254,903 | -H-- | C] () -- C:\Users\Chrissi\AppData\Roaming\mdbu.bin [2010.10.19 11:10:47 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2010.10.03 11:39:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.10.03 11:39:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.10.03 11:39:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.10.03 11:39:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.10.03 11:39:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.10.03 11:39:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.10.03 11:39:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.10.03 11:39:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.10.03 11:39:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.10.03 11:39:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.10.03 11:39:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.10.03 11:39:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.10.03 11:39:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.10.03 11:39:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.10.03 11:39:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.10.03 11:39:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.10.03 11:39:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.10.03 11:39:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.10.03 11:39:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.08.05 10:05:30 | 000,001,115 | -H-- | C] () -- C:\Users\Chrissi\Meine Karstadt-Fotowelt.lnk [2009.05.06 16:55:00 | 000,001,024 | -H-- | C] () -- C:\Users\Chrissi\.rnd [2009.01.28 19:38:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.27 12:24:11 | 000,070,375 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.09.27 11:30:24 | 000,070,375 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.09.15 20:34:30 | 000,000,202 | -H-- | C] () -- C:\Users\Chrissi\AppData\Roaming\default.pls [2008.09.13 18:26:16 | 000,078,848 | -H-- | C] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.13 18:08:22 | 000,000,098 | -H-- | C] () -- C:\Users\Chrissi\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\l.png [2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\n.png [2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\u.png [2010.09.01 19:57:50 | 000,003,068 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png [2010.09.01 19:57:50 | 000,003,210 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png [2010.09.01 19:57:51 | 000,003,206 | ---- | M] () -- C:\Windows\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png [2010.05.05 20:05:04 | 000,003,068 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\l.png [2010.05.05 20:05:04 | 000,003,210 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\n.png [2010.05.05 20:05:04 | 000,003,206 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\client\res\paddle\u.png [2010.05.06 06:00:04 | 000,003,068 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\l.png [2010.05.06 06:00:04 | 000,003,210 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\n.png [2010.05.06 06:00:04 | 000,003,206 | -H-- | M] () -- C:\Users\Chrissi\AppData\Local\Temp\._msige52\program files\Google\Google Earth\plugin\res\paddle\u.png [2011.12.04 00:27:08 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\LocalLow\Microsoft\Silverlight\is\4bsboea4.cfx\mmrfzxpv.vgg\1\l [2009.12.13 16:19:55 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ULZ8C7KZ\a69.g.akamai.net\n [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2011.08.19 11:23:28 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\46developments [2011.07.02 18:39:34 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Audacity [2008.09.14 12:06:05 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Buhl Data Service GmbH [2011.11.16 18:21:14 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoft [2011.11.16 18:21:00 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.28 13:38:00 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\elsterformular [2012.01.10 18:37:51 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Epson [2009.01.27 15:59:29 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Phase6 [2011.12.05 23:04:17 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies [2011.12.05 22:32:09 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies Inc [2010.11.18 18:36:34 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Softland [2012.04.07 15:00:17 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Sony [2008.09.13 18:09:15 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Template [2008.09.17 19:15:49 | 000,000,000 | -H-D | M] -- C:\Users\Chrissi\AppData\Roaming\Ulead Systems ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.09.2012 13:20:12 - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Chrissi\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 28,16% Memory free
6,19 Gb Paging File | 3,98 Gb Available in Paging File | 64,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 131,63 Gb Free Space | 47,80% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
Drive E: | 283,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: CHRISSI-PC | User Name: Chrissi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine Karstadt-Fotowelt] -- "C:\Program Files\Karstadt\Meine Karstadt-Fotowelt\Meine Karstadt-Fotowelt.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2986DBE1-539F-4A24-8605-50906E3E6605}" = lport=139 | protocol=6 | dir=in | app=system |
"{3BA6854B-406C-414D-8EAD-6876C2FB4C3B}" = rport=137 | protocol=17 | dir=out | app=system |
"{49211DFC-C1BF-429C-B248-E05E6BFB2D49}" = rport=138 | protocol=17 | dir=out | app=system |
"{5D7C00D1-76E2-4C7F-9BA9-8FCCA8BC51AE}" = rport=139 | protocol=6 | dir=out | app=system |
"{651B29D9-3424-4EC6-97C2-069145561A3E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{69BB0572-1F0F-47A3-A6BC-1C5E144EFD5C}" = lport=137 | protocol=17 | dir=in | app=system |
"{72AA26A7-DF78-41CC-A663-1EAC7C9B9F81}" = lport=445 | protocol=6 | dir=in | app=system |
"{78288CB0-BCC9-4987-AC4E-85CD408BF19E}" = rport=445 | protocol=6 | dir=out | app=system |
"{7D15ED71-D6C4-468C-8060-3E36AE15E919}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B6B37C10-3EF5-4A2B-A3DC-7AC2206877EC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E446AA6E-A891-4E50-B539-8D8C651A891F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC8B80C7-A86F-4DCC-86AD-44D8DF33C6D2}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F47084A-C3E6-4524-8008-397409F71DFD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{21A41C95-340F-4AD5-91FE-19B069C77A68}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{2481B520-747C-49E5-89DC-B27BFA2A7C97}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{289F4083-94FF-4FA0-964B-8AD17F302DA2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{29940B74-9F36-4EE6-AFEC-2731CCD30CBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46F80359-F09E-4F45-AF63-9309D9D2CC59}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4D6050F4-AE2F-45EB-BFCD-1EA0ABD83211}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{4DE66C25-8709-43BB-BFF6-13D1A3AB6FC7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{723D9645-0B50-4D20-BD0D-18EF3F7EFA42}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"{7CC1350B-04C1-4954-AFB7-FE17A95645B6}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe |
"{86DA8028-FE04-41BC-BEFE-78B2D0F6AFF6}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"{8CD10789-218B-45CE-8FB0-6B4FAAC0A31F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96EE7343-328E-460B-B372-2B36D01EE775}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{99B0D0DC-CE6B-4AE6-B59C-4F687E19E4A3}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\ucservice.exe |
"{9B1E5950-8A48-4E4B-8824-68218A65B604}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{9B72487C-ECA1-43B5-BAB8-037BA06EF652}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9CC3C7EF-F2CA-4D14-AC98-1E1B6AAF8A54}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{A7A68435-AAE2-413C-9A39-6924112AF550}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\ucgui.exe |
"{AA57ACA5-4A62-4FD2-BE7A-3C53CBAF7816}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{B6E2F143-CF8A-4098-9B9D-7EDF6064B165}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3040D99-D579-4FB0-8A2E-3A10811FC52A}" = protocol=17 | dir=in | app=c:\program files\smart technologies\education software\vantageservice.exe |
"{C7502F25-D77E-45AC-A118-9FB6F5CFC59F}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{D1402EB9-87AB-4A44-96AD-DB05CFC9067C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E61870C5-833E-4C2D-8882-BAF8A98A7CA2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EDCBDED3-ED6C-4742-B65B-ABC578A00BF7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EF32D63C-C16A-4284-A80B-9B2C907C617D}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{EFB5CCC4-CC4F-46B6-8D28-2E2A6B0FE95B}" = protocol=6 | dir=in | app=c:\program files\smart technologies\education software\smartsnmpagent.exe |
"TCP Query User{30DC8663-9DA8-4015-826C-03EA2F9AD995}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{851B0A43-F1E5-4D41-9794-B62857D68DA8}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{87CEF52A-835D-43E4-BD3B-608FE79F77BB}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9AFF63F8-4E0E-43F9-A9C8-E8E648F72199}E:\d-link.exe" = protocol=6 | dir=in | app=e:\d-link.exe |
"TCP Query User{BFBBB392-5BEB-4E7D-98BF-0D5B4BA63125}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"TCP Query User{C594A663-8F8F-40B1-9CC9-C2901980DA2C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2852B6F4-54D4-4A54-BA79-CEC08AC9DF58}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{42FF2B10-74C5-4FB4-B0B2-75390C29142D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{6E47E554-2289-4495-A86B-99308008B472}E:\d-link.exe" = protocol=17 | dir=in | app=e:\d-link.exe |
"UDP Query User{869A46F5-381E-47E0-BF06-532363643D5B}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe |
"UDP Query User{9990081F-FBD3-451B-ADE6-24882C1FDC2F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9A04AF51-AC93-4150-A75D-33EDB7332258}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E5DD7A3-BE29-430C-970B-C553F4A58C39}" = SMART Common Platform
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{1EEC3AE8-BF60-4123-9E14-8C9750256F1D}" = Sprachtrainer Red Line 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{460C1164-8857-45B4-82F0-EBBAB790D086}" = Rund um (2.0) ... Demokratie heute 5-6 NRW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{59D4F411-9675-406B-9BC1-F0D7ACBE2529}" = Rund um (2.0) ... Demokratie heute 7-8 NRW
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65B73529-4493-40AA-A82F-81CC7B8C06CF}" = Red Line 4 Sprachtrainer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E6410C-1E97-4D03-BEC2-8E83323A6BBD}" = SMART Product Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{835EB248-97A4-4B32-88A1-4AAB8527C536}" = Rund um (2.0) ... Demokratie heute 9-10 NRW
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aldi Foto Service" = Aldi Foto Service 4.6
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice 2.7
"ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Clarity recorder" = Clarity recorder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm-Fotowelt" = dm-Fotowelt
"doPDF 7 printer_is1" = doPDF 7.1 printer
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"EPSON SX430 Series Bog" = Benutzerhandbuch - Grundlagen EPSON SX430 Series
"EPSON SX430 Series Netg" = Netzwerkhandbuch EPSON SX430 Series
"EPSON SX430 Series Useg" = Benutzerhandbuch EPSON SX430 Series
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"KlassenManager 3.0" = KlassenManager 3.0
"Klett Lehrersoftware Red Line (Band 2)" = Klett Lehrersoftware Red Line (Band 2)
"Klett Lehrersoftware Red Line (Band 3)" = Klett Lehrersoftware Red Line (Band 3)
"Klett Lehrersoftware Red Line (Band 4)" = Klett Lehrersoftware Red Line (Band 4)
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Meine Karstadt-Fotowelt" = Meine Karstadt-Fotowelt
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 6.0" = RealPlayer
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.09.2012 11:46:35 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung E_FUDHAE.EXE, Version 1.0.3.0, Zeitstempel 0x4e1fad5b,
fehlerhaftes Modul sdc330Twain.ds_unloaded, Version 0.0.0.0, Zeitstempel 0x4dcc0018,
Ausnahmecode 0xc0000005, Fehleroffset 0x1010546d, Prozess-ID 0x15c0, Anwendungsstartzeit
01cd967de590e731.
Error - 20.09.2012 09:14:18 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.09.2012 10:47:08 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.09.2012 12:29:06 | Computer Name = Chrissi-PC | Source = VSS | ID = 8194
Description =
Error - 20.09.2012 14:09:58 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.09.2012 16:49:41 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.09.2012 06:31:18 | Computer Name = Chrissi-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.09.2012 06:32:48 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.9.0, Zeitstempel
0x493788e3, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x02020202, Prozess-ID 0xfbc, Anwendungsstartzeit
01cd98ad4f0ca7dc.
Error - 22.09.2012 06:34:06 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung appverif.exe, Version 6.2.8400.0, Zeitstempel
0x4fb70b44, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
Ausnahmecode 0xc0000022, Fehleroffset 0x00009cfc, Prozess-ID 0x15b4, Anwendungsstartzeit
01cd98adc2c7076c.
Error - 22.09.2012 06:36:10 | Computer Name = Chrissi-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung E_FUDHAE.EXE, Version 1.0.3.0, Zeitstempel 0x4e1fad5b,
fehlerhaftes Modul sdc330Twain.ds_unloaded, Version 0.0.0.0, Zeitstempel 0x4dcc0018,
Ausnahmecode 0xc0000005, Fehleroffset 0x1010546d, Prozess-ID 0x1724, Anwendungsstartzeit
01cd98adcccd502c.
[ System Events ]
Error - 21.09.2012 16:48:09 | Computer Name = Chrissi-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 20.09.2012 um 21:14:12 unerwartet heruntergefahren.
Error - 21.09.2012 16:48:14 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016
Description =
Error - 21.09.2012 16:50:11 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.09.2012 16:51:56 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 22.09.2012 02:33:43 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016
Description =
Error - 22.09.2012 02:35:20 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016
Description =
Error - 22.09.2012 06:30:10 | Computer Name = Chrissi-PC | Source = HTTP | ID = 15016
Description =
Error - 22.09.2012 06:31:19 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 22.09.2012 06:35:54 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 22.09.2012 06:38:00 | Computer Name = Chrissi-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
Ich habe ein 32 bit System, der GMER Scan läuft gerade auf dem beschädigten Laptop. Daten stelle ich dann gleich hier rein. Wie geh ich denn jetzt überhaupt weiter vor? Vielen Dank schonmal für eure Hilfe! Geändert von ChristinaXXX (22.09.2012 um 14:02 Uhr) |
|
22.09.2012, 14:56
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
22.09.2012, 17:48
| #3 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Der Log von Malwarebytes:
__________________Malwarebytes Anti-Malware (Test) 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.22.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Chrissi :: CHRISSI-PC [Administrator] Schutz: Aktiviert 22.09.2012 16:14:51 mbam-log-2012-09-22 (16-14-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 489425 Laufzeit: 2 Stunde(n), 26 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\r9VEbHteCG314G.exe (Trojan.FakeAlert) -> 5396 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|r9VEbHteCG314G (Trojan.FakeAlert) -> Daten: C:\ProgramData\r9VEbHteCG314G.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\r9VEbHteCG314G.exe (Trojan.FakeAlert) -> Löschen bei Neustart. C:\Users\Chrissi\AppData\Local\Temp\LhKTwuVKzGmvqF.exe.tmp (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Chrissi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\61247958-7b51129b (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und ältere Log-Dateien, die ich aber z.T. abgebrochen habe, als ich hier im Forum andere Schritte gelesen habe, die ich zuerst tun sollte. 012/09/22 13:09:43 +0200 CHRISSI-PC Chrissi MESSAGE Starting protection 2012/09/22 13:09:43 +0200 CHRISSI-PC Chrissi MESSAGE Protection started successfully 2012/09/22 13:09:43 +0200 CHRISSI-PC Chrissi MESSAGE Starting IP protection 2012/09/22 13:09:49 +0200 CHRISSI-PC Chrissi MESSAGE IP Protection started successfully 2012/09/22 13:09:55 +0200 CHRISSI-PC Chrissi MESSAGE Starting database refresh 2012/09/22 13:09:55 +0200 CHRISSI-PC Chrissi MESSAGE Stopping IP protection 2012/09/22 13:09:55 +0200 CHRISSI-PC Chrissi MESSAGE IP Protection stopped successfully 2012/09/22 13:09:59 +0200 CHRISSI-PC Chrissi MESSAGE Database refreshed successfully 2012/09/22 13:09:59 +0200 CHRISSI-PC Chrissi MESSAGE Starting IP protection 2012/09/22 13:10:03 +0200 CHRISSI-PC Chrissi MESSAGE IP Protection started successfully 2012/09/22 14:14:29 +0200 CHRISSI-PC Chrissi DETECTION C:\ProgramData\SjaPfXBKSlE.exe Trojan.Foury QUARANTINE 2012/09/22 14:14:29 +0200 CHRISSI-PC Chrissi ERROR Quarantine failed: DeleteFile failed with error code 5 2012/09/22 14:24:06 +0200 CHRISSI-PC Chrissi IP-BLOCK 193.169.86.61 (Type: outgoing, Port: 49241, Process: sjapfxbksle.exe) 2012/09/22 14:25:57 +0200 CHRISSI-PC Chrissi MESSAGE Starting protection 2012/09/22 14:25:57 +0200 CHRISSI-PC Chrissi MESSAGE Protection started successfully 2012/09/22 14:25:57 +0200 CHRISSI-PC Chrissi MESSAGE Starting IP protection 2012/09/22 14:26:01 +0200 CHRISSI-PC Chrissi MESSAGE IP Protection started successfully 2012/09/22 14:28:21 +0200 CHRISSI-PC Chrissi DETECTION C:\ProgramData\SjaPfXBKSlE.exe Trojan.Foury QUARANTINE 2012/09/22 14:28:25 +0200 CHRISSI-PC Chrissi MESSAGE Stopping protection 2012/09/22 14:28:29 +0200 CHRISSI-PC Chrissi MESSAGE Protection stopped successfully 2012/09/22 14:28:29 +0200 CHRISSI-PC Chrissi DETECTION C:\ProgramData\r9VEbHteCG314G.exe Trojan.FakeAlert ALLOW 2012/09/22 14:29:22 +0200 CHRISSI-PC Chrissi IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 49230, Process: r9vebhtecg314g.exe) 2012/09/22 14:29:22 +0200 CHRISSI-PC Chrissi IP-BLOCK 94.102.51.151 (Type: outgoing, Port: 49229, Process: r9vebhtecg314g.exe) 2012/09/22 14:29:22 +0200 CHRISSI-PC Chrissi IP-BLOCK 91.228.111.38 (Type: outgoing, Port: 49231, Process: r9vebhtecg314g.exe) 2012/09/22 14:29:22 +0200 CHRISSI-PC Chrissi IP-BLOCK 193.169.86.55 (Type: outgoing, Port: 49232, Process: r9vebhtecg314g.exe) 2012/09/22 14:29:22 +0200 CHRISSI-PC Chrissi IP-BLOCK 80.82.79.85 (Type: outgoing, Port: 49233, Process: r9vebhtecg314g.exe) 2012/09/22 14:29:22 +0200 CHRISSI-PC Chrissi IP-BLOCK 80.82.79.85 (Type: outgoing, Port: 49235, Process: r9vebhtecg314g.exe) 2012/09/22 14:29:43 +0200 CHRISSI-PC Chrissi DETECTION c:\programdata\sjapfxbksle.exe Trojan.Foury ALLOW 2012/09/22 14:30:50 +0200 CHRISSI-PC Chrissi DETECTION c:\programdata\sjapfxbksle.exe Trojan.Foury ALLOW 2012/09/22 14:30:54 +0200 CHRISSI-PC Chrissi DETECTION c:\programdata\sjapfxbksle.exe Trojan.Foury ALLOW 2012/09/22 14:30:54 +0200 CHRISSI-PC Chrissi DETECTION c:\programdata\sjapfxbksle.exe Trojan.Foury ALLOW 2012/09/22 14:31:10 +0200 CHRISSI-PC Chrissi DETECTION c:\programdata\sjapfxbksle.exe Trojan.Foury ALLOW 2012/09/22 14:31:54 +0200 CHRISSI-PC Chrissi DETECTION c:\programdata\sjapfxbksle.exe Trojan.Foury ALLOW 2012/09/22 14:32:08 +0200 CHRISSI-PC Chrissi DETECTION c:\programdata\sjapfxbksle.exe Trojan.Foury ALLOW 2012/09/22 16:13:54 +0200 CHRISSI-PC Chrissi MESSAGE Starting database refresh 2012/09/22 16:13:54 +0200 CHRISSI-PC Chrissi MESSAGE Stopping IP protection 2012/09/22 16:13:54 +0200 CHRISSI-PC Chrissi MESSAGE IP Protection stopped successfully 2012/09/22 16:14:06 +0200 CHRISSI-PC Chrissi MESSAGE Database refreshed successfully 2012/09/22 16:14:06 +0200 CHRISSI-PC Chrissi MESSAGE Starting IP protection 2012/09/22 16:14:10 +0200 CHRISSI-PC Chrissi MESSAGE IP Protection started successfully Malwarebytes Anti-Malware (Test) 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.22.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Chrissi :: CHRISSI-PC [Administrator] Schutz: Aktiviert 22.09.2012 16:14:51 mbam-log-2012-09-22 (16-14-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 489425 Laufzeit: 2 Stunde(n), 26 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\r9VEbHteCG314G.exe (Trojan.FakeAlert) -> 5396 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|r9VEbHteCG314G (Trojan.FakeAlert) -> Daten: C:\ProgramData\r9VEbHteCG314G.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\r9VEbHteCG314G.exe (Trojan.FakeAlert) -> Löschen bei Neustart. C:\Users\Chrissi\AppData\Local\Temp\LhKTwuVKzGmvqF.exe.tmp (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Chrissi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\61247958-7b51129b (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.65.0.1400 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.09.22.03 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Chrissi :: CHRISSI-PC [Administrator] Schutz: Aktiviert 22.09.2012 16:12:54 mbam-log-2012-09-22 (16-12-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 819 Laufzeit: 21 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
22.09.2012, 20:26
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Hast du das mit den CODE-Tags überlesen, ignoriert oder nicht verstanden? 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.09.2012, 21:05
| #5 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg So, das Scannen hat nun 3 Stunden gedauert, und nun steht da das hier: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK Das ist aber sicher nicht das, was du meintest, oder??? Code:
ATTFilter C:\Users\Chrissi\AppData\Local\Temp\8ED6.tmp a variant of Win32/Kryptik.AMDF trojan
C:\Users\Chrissi\AppData\Local\Temp\D049.tmp a variant of Win32/Kryptik.AMDF trojan
C:\Users\Chrissi\AppData\Local\Temp\Graphics_Media_Accelerator_Driver.exe a variant of Win32/Kryptik.AMDF trojan
C:\Users\Chrissi\AppData\Local\Temp\NERO1003370\Toolbar.exe Win32/Toolbar.AskSBar application
Operating memory a variant of Win32/Adware.HDDRescue.AB application
Sorry, das mit den CODE-Tags hab ich tatsächlich erst jetzt im Nachhinein verstanden! ;-) Dann hier nochmal die Malwarebytes logs: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.22.03 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Chrissi :: CHRISSI-PC [Administrator] Schutz: Aktiviert 22.09.2012 16:12:54 mbam-log-2012-09-22 (16-12-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 819 Laufzeit: 21 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.22.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Chrissi :: CHRISSI-PC [Administrator] Schutz: Aktiviert 22.09.2012 16:14:51 mbam-log-2012-09-22 (16-14-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 489425 Laufzeit: 2 Stunde(n), 26 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\r9VEbHteCG314G.exe (Trojan.FakeAlert) -> 5396 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|r9VEbHteCG314G (Trojan.FakeAlert) -> Daten: C:\ProgramData\r9VEbHteCG314G.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\r9VEbHteCG314G.exe (Trojan.FakeAlert) -> Löschen bei Neustart. C:\Users\Chrissi\AppData\Local\Temp\LhKTwuVKzGmvqF.exe.tmp (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Chrissi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\61247958-7b51129b (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.22.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Chrissi :: CHRISSI-PC [Administrator] Schutz: Aktiviert 22.09.2012 16:14:51 mbam-log-2012-09-22 (16-14-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 489425 Laufzeit: 2 Stunde(n), 26 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\r9VEbHteCG314G.exe (Trojan.FakeAlert) -> 5396 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|r9VEbHteCG314G (Trojan.FakeAlert) -> Daten: C:\ProgramData\r9VEbHteCG314G.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\r9VEbHteCG314G.exe (Trojan.FakeAlert) -> Löschen bei Neustart. C:\Users\Chrissi\AppData\Local\Temp\LhKTwuVKzGmvqF.exe.tmp (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Chrissi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\61247958-7b51129b (Trojan.Foury) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Vielen Dank! Vielen Dank an diese gesamte Seite für eure Hinweise zum Umgang mit Trojanern etc. und an cosinus im Besonderen für deine Hilfe. Ich habe heute nochmal Malwarebyte drüber laufen lassen, da ist nichts mehr gefunden worden. Habe mich dann gerade auf die Suche nach meinen Dateien gemacht (mithilfe von Punkt 3 hier im Forum, Daten retten) und festgestellt, dass die einfach nur versteckt waren. Also bei "Eigenschaften" der jeweiligen Ordner war da ein Häkchen bei "versteckt" gesetzt. Bilder, Musik und sonstige Dokumente sind also wieder da! (Jippiiiieh!!!) Der Desktophintergrund ist allerdings noch schwarz und sämtliche Startprogramme fehlen auch noch. Gibt es dafür auch so einen "einfachen" Trick, wo ich irgendwo vielleicht nur ein Häkchen setzen muss, um das alles rückgängig zu machen?? Und meine Hauptsorge ist: Wie kann ich sicher sein, dass kein Trojaner mehr unterschwellig irgendwo versteckt ist? Gibt es irgendwas, dass ich nochmal scannen lassen sollte?? Trau mich z.B. gar nicht, meine externe Festplatte anzuschließen, noch sind da nämlich alle Daten gesichert drauf, aber nachher greift der Trojaner, falls er doch noch im System ist, darauf auch noch zu... Könnt ihr mir da nochmal helfen bitte?? Geändert von ChristinaXXX (22.09.2012 um 21:14 Uhr) |
|
23.09.2012, 16:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Trojaner TR/TDss.abx und TR/Alureon, Dateien weg |
|
23.09.2012, 17:08
| #7 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Danke, ich werde das probieren... Allerdings hängt mein Laptop jetzt waaaahnsinnig... Egal, was ich anklicke, er braucht eine Ewigkeit, um irgendetwas auszuführen... Code:
ATTFilter # AdwCleaner v2.002 - Datei am 09/23/2012 um 18:16:11 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Chrissi - CHRISSI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chrissi\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\Softonic_Deutsch
Ordner Gefunden : C:\Users\Chrissi\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Chrissi\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Chrissi\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Chrissi\AppData\LocalLow\Softonic_Deutsch
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Softonic_Deutsch
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Deutsch Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6C91D0C-2B31-41EF-ACFA-3416ABEDD2BE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6C91D0C-2B31-41EF-ACFA-3416ABEDD2BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{488FD4B9-2725-430B-9B5C-B243B19CC624}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D6C91D0C-2B31-41EF-ACFA-3416ABEDD2BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT1351351
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{488FD4B9-2725-430B-9B5C-B243B19CC624}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch Toolbar
Schlüssel Gefunden : HKLM\Software\Softonic_Deutsch
Schlüssel Gefunden : HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19088
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6275 octets] - [23/09/2012 18:16:11]
########## EOF - C:\AdwCleaner[R1].txt - [6335 octets] ##########
|
|
23.09.2012, 18:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2012, 19:21
| #9 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien wegCode:
ATTFilter # AdwCleaner v2.002 - Datei am 09/23/2012 um 20:14:10 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Chrissi - CHRISSI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Chrissi\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Softonic_Deutsch
Ordner Gelöscht : C:\Users\Chrissi\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Chrissi\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Chrissi\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Chrissi\AppData\LocalLow\Softonic_Deutsch
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Softonic_Deutsch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6C91D0C-2B31-41EF-ACFA-3416ABEDD2BE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6C91D0C-2B31-41EF-ACFA-3416ABEDD2BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{488FD4B9-2725-430B-9B5C-B243B19CC624}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D6C91D0C-2B31-41EF-ACFA-3416ABEDD2BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1351351
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{488FD4B9-2725-430B-9B5C-B243B19CC624}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_Deutsch Toolbar
Schlüssel Gelöscht : HKLM\Software\Softonic_Deutsch
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19088
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Chrissi\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6404 octets] - [23/09/2012 18:16:11]
AdwCleaner[S1].txt - [6489 octets] - [23/09/2012 20:14:10]
########## EOF - C:\AdwCleaner[S1].txt - [6549 octets] ##########
|
|
23.09.2012, 19:40
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2012, 20:07
| #11 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Was genau meinst du mit normaler Modus von Windows? Also soweit funktioniert das meiste, was ich so feststellen konnte, aber es ist noch nicht wieder alles so, wie es war. Einige Desktop-Icons fehlen noch (ein paar sind wieder aufgetaucht, nachdem ich im Desktop-Ordner das "versteckt" weggeklickt habe. Die Recovery-Festplatte wird mir noch als leer angezeigt, obwohl ich sehen kann, dass sie ca. zur Hälfte belegt ist. Im Startmenü unter "alle Programme" sind keine leeren Ordner, da ist eigentlich soweit alles wieder da. Aber das eigentliche Startmenü ist noch leer; also in der weißen Hälfte werden mir die letzten Programme jetzt angezeigt; aber rechts in dem grauen Bereich stehen nur "Favoriten", "zuletzt verwendet" und "Computer". Vielen Dank für deine ganze Hilfe!!! |
|
24.09.2012, 12:31
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Das Startmenü wurde von der Ransomware gelöscht, wenn überhaupt kannst du mit unhide noch was wiederherstellen. Wenn nicht bist du ohne Backup angeschmiert Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 14:42
| #13 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Wow, du bist mein persönlicher Held!!! Soweit ich das sehe, scheint alles wieder da zu sein! Alle Desktop-Icons, im Startmenü auch und die Recover-Festplatte enthält auch wieder Ordner... Wahnsinn; vielen, vielen Dank! Ist denn dann jetzt wohl alles wieder in Ordnung, oder muss ich Angst haben, dass immernoch was von dem Trojaner irgendwo schlummert? Trau mich nämlich gar nicht, meine externe Festplatte anzuschließen (da sind nämlich fast noch mehr Daten als auf meinem Laptop)... |
|
24.09.2012, 19:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 21:12
| #15 |
| | Trojaner TR/TDss.abx und TR/Alureon, Dateien weg OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.09.2012 21:30:19 - Run 2 OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\Chrissi\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,57% Memory free 6,20 Gb Paging File | 4,79 Gb Available in Paging File | 77,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 275,41 Gb Total Space | 171,60 Gb Free Space | 62,31% Space Free | Partition Type: NTFS Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32 Computer Name: CHRISSI-PC | User Name: Chrissi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.24 21:28:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.12 12:00:58 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.31 15:00:22 | 000,445,624 | ---- | M] (Sony) -- C:\Programme\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.05.08 20:40:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 20:40:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:40:29 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.01.11 19:27:46 | 000,212,480 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHAE.EXE PRC - [2011.07.13 22:14:40 | 001,761,136 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTBoardService.exe PRC - [2010.10.12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2009.04.11 08:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.12.12 08:31:10 | 001,840,424 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.11.06 01:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFDE.EXE PRC - [2008.10.21 13:51:47 | 000,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2008.07.25 09:25:12 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 04:25:32 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.11.02 12:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe PRC - [2007.11.02 12:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe PRC - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe PRC - [2007.10.18 11:34:34 | 005,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe PRC - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.05.24 11:50:32 | 000,203,776 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\MExplorer.dll MOD - [2012.04.30 11:57:42 | 000,067,072 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2012.01.27 11:02:32 | 000,569,344 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll MOD - [2011.11.01 19:32:48 | 000,573,100 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\sqlite3.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\Report.dll MOD - [2010.01.11 16:44:54 | 000,053,248 | ---- | M] () -- C:\Programme\Sony\Sony PC Companion\VObject.dll MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.11.02 12:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll MOD - [2007.11.02 12:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe MOD - [2007.11.02 12:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll MOD - [2007.11.02 12:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll MOD - [2007.11.02 12:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll MOD - [2007.11.02 12:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll MOD - [2007.11.02 12:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll MOD - [2007.11.02 12:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll MOD - [2007.11.02 12:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe ========== Services (SafeList) ========== SRV - [2012.09.20 21:01:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 20:40:29 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 20:40:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.05.14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2008.07.25 09:25:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv) SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2006.12.19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 20:40:29 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:40:29 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.07.13 22:17:14 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86) DRV - [2011.07.13 22:17:02 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86) DRV - [2011.07.13 22:16:54 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.07.11 05:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.10 11:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2008.03.13 03:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607) DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007.06.25 13:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.netcologne.de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.netcologne.de IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.studi-vz.de/hxxp://www [Binary data over 200 bytes] IE - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spiegel.de/ IE - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Chrissi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\9.0.597.98\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Chrissi\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe File not found O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMART Board Service] C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001..\Run: [Epson Stylus SX430(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001..\Run: [EPSON SX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001..\Run: [SjaPfXBKSlE.exe] C:\ProgramData\SjaPfXBKSlE.exe File not found O4 - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1541561756-3189364277-4046548892-1001\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CA42DF-4DA4-4380-B0B9-18728C41D813}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell - "" = AutoRun O33 - MountPoints2\{11dc2fd2-7fbb-11e1-af93-001f1603fd04}\Shell\AutoRun\command - "" = F:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.24 15:07:59 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Chrissi\Desktop\unhide.exe [2012.09.24 07:22:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.09.24 07:22:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.09.24 07:22:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.09.23 14:14:06 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.09.23 14:12:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.09.22 18:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.22 13:19:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe [2012.09.22 13:09:33 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Malwarebytes [2012.09.22 13:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.22 13:09:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.22 13:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.22 13:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.22 09:14:31 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware [2012.09.20 16:47:35 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Recovery [2012.09.14 06:26:50 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.14 06:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.14 06:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.01.28 13:32:02 | 059,218,544 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Users\Chrissi\ElsterFormular-13.0.0.8086p.exe [2 C:\Users\Chrissi\*.tmp files -> C:\Users\Chrissi\*.tmp -> ] [1 C:\Users\Chrissi\Documents\*.tmp files -> C:\Users\Chrissi\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.24 21:31:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.24 21:28:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chrissi\Desktop\OTL.exe [2012.09.24 21:27:26 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.24 21:27:26 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.24 21:27:26 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.24 21:27:26 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.24 21:21:50 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.24 21:21:18 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.24 21:21:18 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.24 21:21:11 | 000,070,375 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.24 21:21:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.24 21:20:10 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2012.09.24 18:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.24 15:08:05 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Chrissi\Desktop\unhide.exe [2012.09.24 15:06:07 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A6916323-0D5C-4C98-A24C-DFAC802B17CD}.job [2012.09.24 14:51:57 | 000,391,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.23 18:09:30 | 000,512,737 | ---- | M] () -- C:\Users\Chrissi\Desktop\adwcleaner.exe [2012.09.23 13:39:02 | 000,000,104 | ---- | M] () -- C:\Users\Chrissi\Desktop\Internet Explorer - Verknüpfung.lnk [2012.09.22 14:19:55 | 000,302,592 | ---- | M] () -- C:\Users\Chrissi\Desktop\99ect7i2.exe [2012.09.22 13:18:40 | 000,000,000 | ---- | M] () -- C:\Users\Chrissi\defogger_reenable [2012.09.22 13:17:35 | 000,050,477 | ---- | M] () -- C:\Users\Chrissi\Documents\Defogger.exe [2012.09.22 13:09:30 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.21 22:51:00 | 000,000,611 | ---- | M] () -- C:\Users\Chrissi\Desktop\File_Recovery.lnk [2012.09.20 16:47:37 | 000,000,152 | ---- | M] () -- C:\ProgramData\-r9VEbHteCG314Gr [2012.09.20 16:47:37 | 000,000,152 | ---- | M] () -- C:\ProgramData\-r9VEbHteCG314G [2012.09.20 16:47:35 | 000,000,368 | ---- | M] () -- C:\ProgramData\r9VEbHteCG314G [2012.09.14 06:26:50 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.08 17:59:24 | 000,465,898 | ---- | M] () -- C:\Users\Chrissi\Ticket Bahn.pdf [2012.09.07 22:08:27 | 000,078,848 | ---- | M] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.05 17:07:02 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Chrissi.job [2012.09.05 15:28:56 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2 C:\Users\Chrissi\*.tmp files -> C:\Users\Chrissi\*.tmp -> ] [1 C:\Users\Chrissi\Documents\*.tmp files -> C:\Users\Chrissi\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.24 15:36:49 | 000,002,544 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk [2012.09.24 15:36:49 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Netzwerkhandbuch EPSON SX430 Series.lnk [2012.09.24 15:36:49 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Benutzerhandbuch EPSON SX430 Series.lnk [2012.09.24 15:36:49 | 000,002,169 | ---- | C] () -- C:\Users\Public\Desktop\Benutzerhandbuch - Grundlagen EPSON SX430 Series.lnk [2012.09.24 15:36:49 | 000,002,111 | ---- | C] () -- C:\Users\Public\Desktop\Epson Stylus SX210_SX410_TX210_TX410 Handbuch.lnk [2012.09.24 15:36:49 | 000,002,091 | ---- | C] () -- C:\Users\Public\Desktop\SMART Notebook 10.lnk [2012.09.24 15:36:49 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.09.24 15:36:49 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk [2012.09.24 15:36:49 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2012.09.24 15:36:49 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.24 15:36:49 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.09.24 15:36:49 | 000,001,766 | ---- | C] () -- C:\Users\Public\Desktop\Media Go.lnk [2012.09.24 15:36:49 | 000,001,765 | ---- | C] () -- C:\Users\Public\Desktop\Rund um (2.0) ....lnk [2012.09.24 15:36:49 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk [2012.09.24 15:36:49 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.09.24 15:36:49 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2012.09.24 15:36:49 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.24 15:36:49 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2012.09.24 15:36:49 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2012.09.24 15:36:49 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.09.24 15:36:49 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Meine Karstadt-Fotowelt.lnk [2012.09.24 15:36:49 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Google Desktop.lnk [2012.09.24 15:36:49 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk [2012.09.24 15:36:49 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.09.24 15:36:49 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular 2008-2009.lnk [2012.09.24 15:36:49 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk [2012.09.24 15:36:49 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk [2012.09.24 15:36:49 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\CEWE FOTOSCHAU.lnk [2012.09.24 15:36:49 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector smart recovery.lnk [2012.09.24 15:36:49 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\dm-Fotowelt.lnk [2012.09.24 15:36:49 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Aldi Foto Service.lnk [2012.09.24 15:36:49 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\grafstat4.lnk [2012.09.24 15:36:49 | 000,000,797 | ---- | C] () -- C:\Users\Public\Desktop\Lehrersoftware Red Line.lnk [2012.09.24 15:36:49 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2012.09.24 15:02:25 | 000,000,919 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.09.23 18:13:22 | 000,512,737 | ---- | C] () -- C:\Users\Chrissi\Desktop\adwcleaner.exe [2012.09.23 14:12:45 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.09.23 13:39:02 | 000,000,104 | ---- | C] () -- C:\Users\Chrissi\Desktop\Internet Explorer - Verknüpfung.lnk [2012.09.22 14:19:53 | 000,302,592 | ---- | C] () -- C:\Users\Chrissi\Desktop\99ect7i2.exe [2012.09.22 13:18:40 | 000,000,000 | ---- | C] () -- C:\Users\Chrissi\defogger_reenable [2012.09.22 13:17:34 | 000,050,477 | ---- | C] () -- C:\Users\Chrissi\Documents\Defogger.exe [2012.09.22 13:09:30 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.21 22:51:00 | 000,000,611 | ---- | C] () -- C:\Users\Chrissi\Desktop\File_Recovery.lnk [2012.09.20 16:47:37 | 000,000,152 | ---- | C] () -- C:\ProgramData\-r9VEbHteCG314Gr [2012.09.20 16:47:37 | 000,000,152 | ---- | C] () -- C:\ProgramData\-r9VEbHteCG314G [2012.09.20 16:47:30 | 000,000,368 | ---- | C] () -- C:\ProgramData\r9VEbHteCG314G [2012.09.08 17:59:20 | 000,465,898 | ---- | C] () -- C:\Users\Chrissi\Ticket Bahn.pdf [2012.04.24 18:35:07 | 000,431,054 | ---- | C] () -- C:\Users\Chrissi\Girls'Day 1.pdf [2012.04.05 22:31:47 | 006,655,589 | ---- | C] () -- C:\Users\Chrissi\Xperia ray.pdf [2012.01.07 13:55:19 | 019,738,624 | ---- | C] () -- C:\Users\Chrissi\epson373282eu.exe [2012.01.07 13:54:39 | 019,914,752 | ---- | C] () -- C:\Users\Chrissi\epson373062eu.exe [2011.10.07 18:43:33 | 000,000,680 | ---- | C] () -- C:\Users\Chrissi\AppData\Local\d3d9caps.dat [2011.08.17 12:52:04 | 000,063,488 | ---- | C] () -- C:\Windows\System32\Vbis4032.dll [2011.04.30 10:53:49 | 001,489,288 | ---- | C] () -- C:\Users\Chrissi\setup_dm_Fotowelt.exe [2010.11.18 18:33:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.11.13 18:17:24 | 000,254,903 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\mdbu.bin [2010.10.19 11:10:47 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gif89.dll [2010.10.03 11:39:10 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.10.03 11:39:10 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.10.03 11:39:10 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.10.03 11:39:10 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.10.03 11:39:10 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.10.03 11:39:10 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.10.03 11:39:10 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.10.03 11:39:10 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.10.03 11:39:10 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.10.03 11:39:10 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.10.03 11:39:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.10.03 11:39:10 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.10.03 11:39:10 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.10.03 11:39:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.10.03 11:39:10 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.10.03 11:39:10 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.10.03 11:39:10 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.10.03 11:39:10 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.10.03 11:39:10 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.08.05 10:05:30 | 000,001,115 | ---- | C] () -- C:\Users\Chrissi\Meine Karstadt-Fotowelt.lnk [2009.05.06 16:55:00 | 000,001,024 | ---- | C] () -- C:\Users\Chrissi\.rnd [2009.01.28 19:38:26 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.27 12:24:11 | 000,070,375 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.09.27 11:30:24 | 000,070,375 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.09.15 20:34:30 | 000,000,202 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\default.pls [2008.09.13 18:26:16 | 000,078,848 | ---- | C] () -- C:\Users\Chrissi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.09.13 18:08:22 | 000,000,098 | ---- | C] () -- C:\Users\Chrissi\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.08.19 11:23:28 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\46developments [2011.07.02 18:39:34 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Audacity [2008.09.14 12:06:05 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Buhl Data Service GmbH [2011.11.16 18:21:14 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoft [2011.11.16 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.28 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\elsterformular [2012.01.10 18:37:51 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Epson [2009.01.27 15:59:29 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Phase6 [2011.12.05 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies [2011.12.05 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies Inc [2010.11.18 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Softland [2012.04.07 15:00:17 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Sony [2008.09.13 18:09:15 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Template [2008.09.17 19:15:49 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Ulead Systems ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.08.19 11:23:28 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\46developments [2008.09.13 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Adobe [2011.06.06 15:44:27 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Apple Computer [2011.07.02 18:39:34 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Audacity [2012.04.23 15:09:36 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Avira [2008.09.14 12:06:05 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Buhl Data Service GmbH [2010.09.25 19:45:46 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\CyberLink [2010.04.10 10:35:36 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\DivX [2011.11.16 18:21:14 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoft [2011.11.16 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.28 13:38:00 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\elsterformular [2012.01.10 18:37:51 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Epson [2008.09.13 15:55:47 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Google [2008.09.13 10:20:08 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Identities [2010.10.03 11:39:07 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\InstallShield [2008.09.13 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Macromedia [2012.09.22 13:09:33 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Media Center Programs [2012.01.11 21:41:34 | 000,000,000 | --SD | M] -- C:\Users\Chrissi\AppData\Roaming\Microsoft [2008.09.21 17:56:21 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Microsoft Web Folders [2010.04.23 14:30:52 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Move Networks [2009.01.27 15:27:04 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Mozilla [2008.12.14 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Nero [2009.01.27 15:59:29 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Phase6 [2009.12.03 18:49:36 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Real [2009.01.27 15:26:40 | 000,000,000 | R--D | M] -- C:\Users\Chrissi\AppData\Roaming\SecuROM [2012.09.14 06:55:37 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Skype [2011.11.15 19:49:00 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\skypePM [2011.12.05 23:04:17 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies [2011.12.05 22:32:09 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\SMART Technologies Inc [2010.11.18 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Softland [2012.04.07 15:00:17 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Sony [2008.09.13 18:09:15 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Template [2008.09.17 19:15:49 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\Ulead Systems [2009.01.04 12:05:22 | 000,000,000 | ---D | M] -- C:\Users\Chrissi\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.04.23 14:30:52 | 000,144,053 | ---- | M] () -- C:\Users\Chrissi\AppData\Roaming\Move Networks\uninstall.exe [2009.02.12 20:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Chrissi\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2010.02.23 16:21:14 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Chrissi\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.05.24 22:42:40 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Chrissi\AppData\Roaming\Real\Update\setup3.10\setup.exe [2010.09.09 14:16:28 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Chrissi\AppData\Roaming\Real\Update\setup3.12\setup.exe [2011.01.30 17:31:25 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Chrissi\AppData\Roaming\Real\Update\setup3.13\setup.exe [2012.07.02 15:28:10 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Chrissi\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.10\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2008.01.21 04:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll < End of report > |
|
| Themen zu Trojaner TR/TDss.abx und TR/Alureon, Dateien weg |
| antivir, bonjour, browser, conduit, dateien weg, demokratie, downloader, flash player, homepage, hotkey.sys, install.exe, intranet, launch, ntdll.dll, plug-in, pum.hijack.startmenu, realtek, security, senden, softonic deutsch toolbar, software, svchost.exe, tr/tdss.abx, trojan.fakealert, trojan.foury, trojaner, win32/adware.hddrescue.ab, win32/kryptik.amdf, win32/toolbar.asksbar, xperia |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
