| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bundespolizei Trojaner Windows VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.09.2012, 14:14
| #1 |
 |  Bundespolizei Trojaner Windows Vista Hallo, ich benötige eure Hilfe. Habe mir den Bundespolizei-Trojaner eingefangen. Einen vollständigen Scan mit Malwarebytes hab ich durchgeführt, hier der Bericht: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.23.01 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Sarah :: SARAH-PC [Administrator] 23.09.2012 12:46:29 mbam-log-2012-09-23 (12-46-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 493064 Laufzeit: 1 Stunde(n), 38 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Sarah\ms.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 23.09.2012 15:18:43 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,14% Memory free
6,19 Gb Paging File | 5,81 Gb Available in Paging File | 93,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 440,37 Gb Total Space | 303,42 Gb Free Space | 68,90% Space Free | Partition Type: NTFS
Drive D: | 25,38 Gb Total Space | 12,12 Gb Free Space | 47,78% Space Free | Partition Type: FAT32
Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C8F796-9ADF-4E99-93F3-08B60D22C645}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{0DA332CF-872F-47BF-85F8-7350DE4214D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0F8E4F3C-D966-4C90-AF95-CE1CF5A113E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{195EB724-B232-475A-B4F9-D0C8EB89F951}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29824C63-A79D-49D8-B01C-136748D2BF21}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2B707DF6-7970-4FBA-8557-4544A96DAFCE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{30DC5A46-9CF8-46DB-8303-EA1CC4CFEB08}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A3C84AD-03E2-41C8-8E09-A933D1C85C35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43C2F9DB-64E8-4C66-B515-26BF8D13E278}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44561D2F-69D0-48E2-A556-30A44634B5B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{518CACEC-9E2D-4A03-9096-F8CBA167E4CA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5588D3F2-CCA8-4BDB-8A06-4012AD76DA82}" = rport=137 | protocol=17 | dir=out | app=system |
"{81910756-1A98-4D0E-B3B0-8E0704D9E7AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A3AEFCA-AEF3-4784-83B4-999974D0E39A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{90E08B09-19B1-46D8-A486-6746FFE180DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{94019071-2BAB-4A82-9573-E0AAD0705EC2}" = rport=445 | protocol=6 | dir=out | app=system |
"{967CF791-5B3C-4049-88C0-09BF289805C0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9C92C930-7B8C-4EE7-BAF8-A2B89A5EC421}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A05D8F0F-035A-4C3A-AA35-2A027340D006}" = lport=62427 | protocol=6 | dir=in | name=akamai netsession interface |
"{ADDB92DA-836A-46B4-B60A-F87E081C304B}" = rport=138 | protocol=17 | dir=out | app=system |
"{B320CAC0-ED31-4AE1-BC94-E5C1AF2F3962}" = lport=139 | protocol=6 | dir=in | app=system |
"{B65C0E26-E89F-4210-BF73-296EF72A224E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C27159DC-8342-4185-A7B6-052EF5A1FEBD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CD467844-DE4F-4C05-8110-14E322C7B5A8}" = lport=138 | protocol=17 | dir=in | app=system |
"{CE8AE46F-47DB-48D1-839D-4DB954C6215F}" = lport=445 | protocol=6 | dir=in | app=system |
"{D2716C10-BD29-414D-B264-21BB7035B1B1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D8AD4DDD-5F7B-40CD-A701-670DF34894BE}" = lport=137 | protocol=17 | dir=in | app=system |
"{EC268EDE-69F6-4461-AC8F-6E89987398F9}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC329E00-C10D-42BC-80CA-53791479542E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECB2D9AD-C941-4483-8BB1-18BE74BE8723}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F0FA1B8F-1DCC-4516-88A9-C786B0013A56}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC34F516-2B56-48AD-AC47-915063116A93}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF2B312-622F-4641-A565-348455399DD2}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{1260CB21-0098-417E-B077-89F2CE6707BE}" = protocol=6 | dir=out | app=system |
"{1AEFC0B2-64D1-4479-BF89-2FD05E45D7A6}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |
"{1B8E2FFD-836D-4BCF-AC63-6539FF358C02}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\local\akamai\netsession_win.exe |
"{21FC91AD-0930-4B1C-8A16-C0EEA649D929}" = protocol=6 | dir=out | app=system |
"{229E0538-D36F-4BE8-A47C-46DE705A192C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{368F101E-48BF-4E8D-A9B3-9E323D3D634A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44CC3A59-EAC7-4E28-9798-6109B6CCEE77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FD3110A-746C-49F8-B499-404F755F022E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56B3C732-6637-4326-9DBB-C3BDF989C157}" = dir=in | app=c:\users\sarah\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{57C9EEB9-10C1-4BDE-A49F-7DC75198DFBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D499D04-22D2-498A-A19F-786E1C165FF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E6D0C49-70E8-4417-84AC-74AD1D18F721}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{66D1388C-88BC-4405-BA87-DF51A2F432DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67824839-54A5-4AF9-B458-9B064B7EB897}" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |
"{680AB413-AFB4-4ADB-8359-A0B8E7D8AAB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BEA5E3B-D430-4EFA-B871-5F4175A5C471}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{80535180-D633-4CCD-BE9C-96585AFF1914}" = protocol=17 | dir=in | app=c:\users\sarah\appdata\local\akamai\netsession_win.exe |
"{8085E65B-15F8-41CD-96ED-ABBF5C7CC685}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{8C94410A-A3F7-4381-ACD2-E96710A3D3DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8F5BCF2B-6170-4754-96F5-46B0C830616C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9169F92D-6ABE-4E66-8335-EAB3E95CEEF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9432055D-489E-4DAF-A037-31ED0AB56196}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9C8BCD12-B25B-417D-BD4C-EFBDC1E705EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CA68564-57A4-446F-A6DA-F6F73A999F14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4712BF7-2AC1-4F0B-A3CC-211D9F07540A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4A0869E-D9C9-4BB6-8CBD-D37B0465FFA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8276A8F-8B82-4686-B463-A4F63BE94BAF}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{BF1FE5E3-FB60-4FDB-ADB1-128A7370F2C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C1F2CD5C-C0B6-4A5B-B854-B77B69454B1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C6C70F31-A2CB-4AA5-B8A8-6574EED8E264}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDA87ED5-B31A-49AE-90AD-FA07DD5BFD21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D3153D7B-A4B9-4E34-A30B-E3355F47D980}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D99DCABE-8B28-4BC8-9733-103741BE0D71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF76492B-1230-4A00-9966-2A00D3AF9E44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E08E3C98-AAE4-4A42-A4C0-EEF4E6BFD36D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4BEC93F-B04A-4884-9200-6134D43A5053}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4F96205-823C-4AAD-BD20-D7F81D5A842B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED2AE09F-99A1-4D0F-A730-0F612DA257BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE5F334C-3215-4B8A-89A2-ABFE252EEA46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FA6DF7E8-1197-49FE-B81F-6CBA3B025960}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{0AFD8E04-98EF-456C-AE95-C0AAAD32D154}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{3A71E2EE-C281-43B9-AC38-F3CE06AC032D}C:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{51383DAF-B5B3-40CC-9C9C-AF73EEEFABF9}C:\users\sarah\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\sarah\appdata\local\akamai\netsession_win.exe |
"TCP Query User{6A8ECE6B-0477-4E8A-AC82-B9FF0735CABA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8814EB6C-FB2E-41F5-8CC2-4BC954D5D970}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{AEFFC2E8-55BF-43EE-932F-C22CCCA2F539}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{E928371B-1473-4914-BDDA-46FC73AEA12B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{122B2F29-0E95-4D8F-9130-9B5DF86387B7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{74FCAF29-1D6D-4137-8F34-7996C754AB5F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{7EE1FA85-ED86-4CD1-8C06-F71548F28663}C:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sarah\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{90A5D88E-502F-4AC9-817A-541E9952B505}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C2006EBB-8628-49CC-B85A-05DD2F4A2665}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C853AD08-DE07-40EE-9370-C45E3B7F3C60}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F59BEB30-405A-4976-A300-9368925A096D}C:\users\sarah\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\sarah\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A78A5C61-2397-407E-A41F-0A0FFAD2572F}" = TubeBox!
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"Badaboom" = Badaboom 1.1.1.194
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DealPly" = DealPly
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.2
"GeoGebra" = GeoGebra
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"PhotoLine_is1" = PhotoLine 15.5.4.0
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PicPick" = PicPick
"PROR" = Microsoft Office Professional 2007
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"FLV Player" = FLV Player
"FoxTab PDF Creator" = FoxTab PDF Creator
"Google Chrome" = Google Chrome
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.09.2012 09:04:38 | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2012 09:04:38 | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2012 09:04:38 | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2012 09:04:38 | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2012 09:04:40 | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2012 09:04:40 | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2012 09:04:40 | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2012 09:04:40 | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.09.2012 09:08:04 | Computer Name = Sarah-PC | Source = EventSystem | ID = 4609
Description =
Error - 23.09.2012 09:08:27 | Computer Name = Sarah-PC | Source = WinMgmt | ID = 10
Description =
Error encountered while reading event logs.
< End of report >
OTL.txt: Code:
ATTFilter OTL logfile created on: 23.09.2012 15:18:42 - Run 1 OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Sarah\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,14% Memory free 6,19 Gb Paging File | 5,81 Gb Available in Paging File | 93,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 303,42 Gb Free Space | 68,90% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,12 Gb Free Space | 47,78% Space Free | Partition Type: FAT32 Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll () SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UI Assistant Service) -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe () SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (uxddrv) -- G:\uxddrv86.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (MBB Incorporated) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (geyekrxncpvdiq) -- C:\Windows\System32\drivers\geyekrrieetjvm.sys () DRV - (WINIO) -- C:\Windows\System32\WinIo.sys () DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys () DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&tt=2912_5&babsrc=HP_ss&mntrId=245fb41d0000000000000022fa23b3e0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=2912_5&babsrc=SP_ss&mntrId=245fb41d0000000000000022fa23b3e0 IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = hxxp://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://search.yahoo.com/search?fr=chr-panda&q={searchTerms}&ei=UTF-8&type=PCAFSI1190 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..extensions.enabledAddons: {C9B68337-E93A-44EA-94DC-CB300EC06444}:5.30.4 FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.60 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Sarah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.26 18:37:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.13 21:08:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 21:07:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.13 21:08:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.13 21:07:59 | 000,000,000 | ---D | M] [2009.07.20 12:54:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions [2012.09.11 11:33:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions [2012.08.25 12:29:39 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.07.30 15:42:03 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.29 15:46:44 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.08.25 12:29:46 | 000,000,000 | ---D | M] (ST-de3 Community Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.01.02 01:47:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.03.15 23:09:45 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2012.07.28 20:05:37 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.07.19 16:54:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\ffxtlbr@babylon.com [2009.09.18 16:29:04 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\moveplayer@movenetworks.com [2012.07.16 17:34:37 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\hjt4u3bf.default\extensions\plugin@yontoo.com [2010.03.15 20:44:04 | 000,001,840 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\bing.xml [2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\conduit.xml [2009.12.29 21:38:51 | 000,002,055 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\daemon-search.xml [2012.09.23 15:12:04 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-1.xml [2011.03.24 22:00:59 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-10.xml [2011.05.05 08:41:29 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-11.xml [2011.06.30 15:53:50 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-12.xml [2011.08.24 18:22:55 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-13.xml [2011.10.13 19:42:37 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-14.xml [2011.11.09 19:06:18 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-15.xml [2011.11.26 13:11:08 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-16.xml [2012.01.13 19:19:06 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-17.xml [2012.01.22 12:52:00 | 000,000,950 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-18.xml [2010.06.26 11:44:43 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-2.xml [2010.07.24 20:58:13 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-3.xml [2010.09.09 14:04:59 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-4.xml [2010.09.20 08:51:21 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-5.xml [2010.10.28 15:24:07 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-6.xml [2010.11.12 16:37:23 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-7.xml [2010.12.12 12:30:35 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-8.xml [2011.02.24 18:03:27 | 000,000,961 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin-9.xml [2010.03.26 14:51:05 | 000,000,955 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\hjt4u3bf.default\searchplugins\icqplugin.xml [2012.09.13 21:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.09.13 21:07:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.09.13 21:07:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.13 21:08:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.26 18:36:35 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.16 17:34:44 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.08.30 17:53:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sarah\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: getPlusPlus for Adobe 16260 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Sarah\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: FLV Runner = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala\2.3.15.10_0\ CHR - Extension: Babylon Toolbar = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\ CHR - Extension: DealPly = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: Default = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1\ CHR - Extension: avast! WebRep = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Wajam = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\ CHR - Extension: Yontoo = C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe (SONIX) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [gwvwfwtwgvvvxey] C:\ProgramData\gwvwfwtw.exe () O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A42317-615A-44E7-9C55-EA9E3D1644BF}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O32 - AutoRun File - [2009.07.04 12:00:54 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ] O33 - MountPoints2\{dca509cf-2beb-11df-9de9-001f1618750a}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MUSIK_2.vbs O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.23 15:17:21 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2012.09.23 12:45:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes [2012.09.23 12:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.23 12:45:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.23 12:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.17 18:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\vtlwnbxqgoouocj [2012.09.16 16:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.16 16:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.16 16:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.09.16 16:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012.09.16 16:27:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.09.13 21:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.11 20:07:23 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Avira [2012.09.11 20:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.09.11 20:01:12 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.09.11 20:01:12 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.09.11 20:01:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.11 20:01:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.09.11 20:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.09.11 20:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.09.11 12:08:51 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Desktop\Die Sims [2012.09.11 11:09:52 | 000,000,000 | ---D | C] -- C:\UserData [2012.09.11 11:04:58 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [2012.09.11 11:04:58 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [2012.09.11 11:04:58 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [2012.09.11 11:04:58 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys [2012.09.11 11:04:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB [2012.09.11 11:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick [2012.09.11 11:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\1&1 Surf-Stick [2012.09.01 14:07:45 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Skype [2012.09.01 14:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.01 14:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.01 14:07:23 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.01 14:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype ========== Files - Modified Within 30 Days ========== [2012.09.23 15:17:23 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2012.09.23 15:07:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.23 15:04:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.23 15:04:35 | 000,096,781 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.09.23 15:02:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.23 15:02:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.23 12:45:20 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.23 12:29:53 | 000,096,781 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.09.18 22:15:36 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job [2012.09.17 21:07:05 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-494165459-3435025325-3623417751-1000.job [2012.09.17 20:36:06 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000UA.job [2012.09.17 18:11:26 | 000,076,348 | ---- | M] () -- C:\ProgramData\abfvcizfgbxvbpr [2012.09.17 18:11:16 | 000,082,432 | ---- | M] () -- C:\ProgramData\gwvwfwtw.exe [2012.09.16 16:39:20 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.16 15:58:34 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job [2012.09.16 13:15:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-494165459-3435025325-3623417751-1000Core.job [2012.09.13 20:37:09 | 000,002,477 | ---- | M] () -- C:\Users\Sarah\Desktop\TubeBox! starten.lnk [2012.09.12 14:29:28 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.12 14:29:28 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.12 14:29:28 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.12 14:29:28 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.11 16:49:10 | 002,324,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.11 12:18:33 | 000,002,681 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office Word 2007.lnk [2012.09.11 12:18:17 | 000,002,687 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office Excel 2007.lnk [2012.09.11 12:17:45 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat [2012.09.11 12:15:55 | 000,000,374 | ---- | M] () -- C:\Users\Sarah\Desktop\Bilder.lnk [2012.09.11 11:04:30 | 000,001,543 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.07 20:26:05 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.09.07 20:26:05 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.09.07 20:26:05 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.03 18:20:33 | 000,346,743 | ---- | M] () -- C:\Users\Sarah\Documents\image0005.jpg [2012.09.03 18:17:11 | 000,358,647 | ---- | M] () -- C:\Users\Sarah\Documents\image0004.jpg [2012.09.03 18:15:29 | 000,331,282 | ---- | M] () -- C:\Users\Sarah\Documents\image0001.jpg [2012.09.01 14:07:26 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.09.23 12:45:20 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.17 21:07:05 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-494165459-3435025325-3623417751-1000.job [2012.09.17 20:52:03 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml [2012.09.17 18:11:24 | 000,082,432 | ---- | C] () -- C:\ProgramData\gwvwfwtw.exe [2012.09.17 18:11:18 | 000,076,348 | ---- | C] () -- C:\ProgramData\abfvcizfgbxvbpr [2012.09.16 16:39:20 | 000,001,628 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.11 12:18:33 | 000,002,681 | ---- | C] () -- C:\Users\Sarah\Desktop\Microsoft Office Word 2007.lnk [2012.09.11 12:18:17 | 000,002,687 | ---- | C] () -- C:\Users\Sarah\Desktop\Microsoft Office Excel 2007.lnk [2012.09.11 12:17:45 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat [2012.09.11 12:15:55 | 000,000,374 | ---- | C] () -- C:\Users\Sarah\Desktop\Bilder.lnk [2012.09.11 11:04:15 | 000,001,543 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk [2012.09.03 18:20:10 | 000,346,743 | ---- | C] () -- C:\Users\Sarah\Documents\image0005.jpg [2012.09.03 18:16:54 | 000,358,647 | ---- | C] () -- C:\Users\Sarah\Documents\image0004.jpg [2012.09.03 17:48:02 | 000,331,282 | ---- | C] () -- C:\Users\Sarah\Documents\image0001.jpg [2012.09.01 14:07:26 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.07.29 23:18:16 | 000,007,168 | -H-- | C] () -- C:\Users\Sarah\photothumb.db [2012.07.29 20:05:19 | 000,921,654 | ---- | C] () -- C:\Users\Sarah\hd.bmp [2012.02.01 21:59:16 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.03.10 05:52:28 | 000,000,680 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat [2009.12.24 21:38:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.07.04 11:02:06 | 000,008,192 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.02 15:15:39 | 000,096,781 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.03.02 15:15:37 | 000,096,781 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Geändert von chelito (23.09.2012 um 14:37 Uhr) |
| Themen zu Bundespolizei Trojaner Windows Vista |
| administrator, anti-malware, autostart, babylon toolbar, benötige, bericht, bösartige, conduit, dateien, dealply, durchgeführt, erfolgreich, explorer, gelöscht, iminent toolbar, install.exe, limited.com/facebook, malwarebytes, minute, origin, picasa, plug-in, quarantäne, registrierung, scan, search the web, service, service pack 2, speicher, trojan.agent, trojaner, tubebox, usb 2.0, version, vista, wajam, windows, windows vista, wscript.exe, yontoo |
Baum-Darstellung