| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Check von Lap Top nach InfektionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.09.2012, 19:30
| #1 |
 |  Check von Lap Top nach Infektion Hi, hatte vor kurzem ne Infektion mit dem Bundespolizeivirus. Festnetztrechner ist nun aber clean, ebenso externe Festplatte. Habe nun den kleine Lap Top geprüft: Avast: hat nicht gefunden Malwarbytes: hat nicht gefunden OTL: OTL logfile created on: 24.09.2012 19:20:46 - Run 1 OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\KeineZweifel\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 54,77% Memory free 5,50 Gb Paging File | 3,94 Gb Available in Paging File | 71,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 187,67 Gb Total Space | 110,68 Gb Free Space | 58,98% Space Free | Partition Type: NTFS Drive D: | 30,27 Gb Total Space | 29,30 Gb Free Space | 96,81% Space Free | Partition Type: NTFS Computer Name: KEINEZWEIFEL-PC | User Name: KeineZweifel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\KeineZweifel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Users\KeineZweifel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\congstar\Internetmanager\Bin\MainApp.exe () PRC - C:\Programme\congstar\Internetmanager\Bin\mcserver.exe (ZTE) PRC - C:\Programme\congstar\Internetmanager\Bin\db_daemon.exe () PRC - C:\Programme\congstar\Internetmanager\Bin\dbus-daemon.exe () PRC - C:\Programme\congstar\Internetmanager\Bin\gconfd-2.exe () PRC - C:\Programme\congstar\Internetmanager\Bin\BMController.exe (ZTE) PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) PRC - C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\congstar\Internetmanager\Bin\MainApp.exe () MOD - C:\Programme\congstar\Internetmanager\Bin\TMobileAgent.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\audio.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\itapi.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\coder.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\log.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libctlsvr.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\pbkenabler.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\smsenabler.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\dcrenabler.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\chenabler.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\db_daemon.exe () MOD - C:\Programme\congstar\Internetmanager\Bin\dbus-daemon.exe () MOD - C:\Programme\congstar\Internetmanager\Bin\gconfd-2.exe () MOD - C:\Programme\congstar\Internetmanager\Bin\libgconfbackend-xml.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libgconf-2.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libwxdbus.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libnsqlc-0.2.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\dbus-1.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\sqlite3.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\BIOptimizationClient.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\BIXml.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\update._PyAgent.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\base._Tapi.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\base._db.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\win32gui.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\win32api.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\win32pipe.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\pywintypes25.dll () MOD - C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\base._ctrlsvr.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\base._gconf.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\base._dbus_wx.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\wx._animate.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\wx._media.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\wx._misc_.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\wx._controls_.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\wx._windows_.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\wx._gdi_.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\wx._core_.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\wxmsw28uh_html_vc.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\wxmsw28uh_media_vc.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\wxmsw28uh_adv_vc.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\wxmsw28uh_core_vc.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\wxbase28uh_net_vc.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\wxbase28uh_vc.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\zlib1.dll () MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll () MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libxml2.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libexpat.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MOD - C:\Programme\congstar\Internetmanager\Bin\_socket.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\_ssl.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\pyexpat.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\select.pyd () MOD - C:\Programme\congstar\Internetmanager\Bin\_ctypes.pyd () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (tcpipBM) -- C:\windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/ IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.0.100012 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.08 08:57:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.22 13:42:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.16 17:03:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 18:25:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.07 09:36:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.16 17:03:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 18:25:28 | 000,000,000 | ---D | M] [2010.11.03 22:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KeineZweifel\AppData\Roaming\mozilla\Extensions [2010.11.03 22:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KeineZweifel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.29 09:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KeineZweifel\AppData\Roaming\mozilla\Firefox\Profiles\5t847kti.default\extensions [2012.09.17 20:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.02 09:55:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.08.16 18:25:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.09.06 12:05:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.17 20:01:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2012.08.16 18:25:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.09.16 17:03:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.09 18:37:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 17:03:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.09 18:37:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.09 18:37:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.09 18:37:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.09 18:37:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\system32\npdeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: avast! WebRep = C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Skype Click to Call = C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - Startup: C:\Users\KeineZweifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\KeineZweifel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{385003C1-C35A-44C9-842A-DC50BDE3E49A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA70F586-B489-43D3-BB26-ED96600F7C58}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.20 19:29:46 | 000,000,000 | ---D | C] -- C:\Users\KeineZweifel\AppData\Roaming\Malwarebytes [2012.09.20 19:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.20 19:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.20 19:29:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.09.20 19:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.20 19:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.09.20 19:19:26 | 000,000,000 | ---D | C] -- C:\Users\KeineZweifel\AppData\Local\Google [2012.09.20 19:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.09.20 19:19:23 | 000,021,256 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2012.09.20 19:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.09.20 19:19:22 | 000,355,632 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2012.09.20 19:19:19 | 000,044,784 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys [2012.09.20 19:19:18 | 000,054,232 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2012.09.20 19:19:16 | 000,729,752 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2012.09.20 19:19:14 | 000,058,680 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2012.09.20 19:18:46 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2012.09.20 19:18:45 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2012.09.20 19:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.09.20 19:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.09.17 20:01:04 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2012.09.17 20:01:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2012.09.17 20:01:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2012.09.16 17:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.09.13 19:18:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys [2012.09.13 19:17:44 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys [2012.09.13 19:17:44 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS [2012.09.13 19:17:42 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll ========== Files - Modified Within 30 Days ========== [2012.09.24 19:32:02 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.24 19:32:02 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.24 19:25:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.09.24 19:06:16 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.09.22 14:25:59 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012.09.22 14:25:59 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012.09.22 14:07:57 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.22 14:07:57 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.22 14:00:24 | 000,425,024 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.09.22 13:59:22 | 2213,302,272 | -HS- | M] () -- C:\hiberfil.sys [2012.09.22 13:43:20 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2012.09.22 13:40:03 | 000,696,870 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.09.22 13:40:03 | 000,652,148 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.09.22 13:40:03 | 000,148,134 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.09.22 13:40:03 | 000,121,080 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.09.20 19:29:08 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 19:21:30 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.20 19:19:23 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.08.28 20:24:56 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\npdeployJava1.dll [2012.08.28 20:24:53 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll [2012.08.28 20:10:12 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2012.08.28 20:10:07 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2012.08.28 20:09:57 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe ========== Files Created - No Company Name ========== [2012.09.20 19:29:08 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 19:21:30 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.20 19:19:40 | 000,001,110 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.20 19:19:39 | 000,001,106 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.20 19:19:23 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.01.03 10:09:28 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2011.04.18 19:37:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.04 14:11:55 | 000,471,040 | ---- | C] () -- C:\windows\ssndii.exe [2010.11.04 10:42:59 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll [2010.11.04 10:42:59 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll [2010.11.03 23:04:29 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.11.03 16:33:34 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.11.03 16:33:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.05.26 16:08:05 | 000,000,000 | ---D | M] -- C:\Fotos [2010.11.03 17:30:55 | 000,000,000 | ---D | M] -- C:\fresh driver [2011.12.07 10:19:22 | 000,000,000 | ---D | M] -- C:\Guter Quatsch [2010.11.21 18:39:12 | 000,000,000 | ---D | M] -- C:\Iso Dateien [2010.11.03 22:56:47 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.04.28 18:16:58 | 000,000,000 | ---D | M] -- C:\Musik [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.09.20 19:29:01 | 000,000,000 | R--D | M] -- C:\Program Files [2012.09.20 19:29:05 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.11.03 16:33:03 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.14 16:21:06 | 000,000,000 | ---D | M] -- C:\Psychologie [2009.11.06 11:39:36 | 000,000,000 | -H-D | M] -- C:\QSTART.BAK [2010.11.03 16:33:03 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.09.22 13:56:19 | 000,000,000 | ---D | M] -- C:\Susi Datein [2012.09.24 19:27:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.11.04 14:10:52 | 000,000,000 | ---D | M] -- C:\Temp [2010.11.03 16:33:16 | 000,000,000 | R--D | M] -- C:\Users [2012.09.22 14:02:54 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2012.09.24 20:08:01 | 003,932,160 | -HS- | M] () -- C:\Users\KeineZweifel\NTUSER.DAT [2012.09.24 20:08:01 | 000,262,144 | -HS- | M] () -- C:\Users\KeineZweifel\ntuser.dat.LOG1 [2010.11.03 16:33:17 | 000,000,000 | -HS- | M] () -- C:\Users\KeineZweifel\ntuser.dat.LOG2 [2010.11.03 22:06:52 | 000,065,536 | -HS- | M] () -- C:\Users\KeineZweifel\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.11.03 22:06:52 | 000,524,288 | -HS- | M] () -- C:\Users\KeineZweifel\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.11.03 22:06:52 | 000,524,288 | -HS- | M] () -- C:\Users\KeineZweifel\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.11.03 16:33:18 | 000,000,020 | -HS- | M] () -- C:\Users\KeineZweifel\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL Extras logfile created on: 24.09.2012 19:20:46 - Run 1 OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\KeineZweifel\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 54,77% Memory free 5,50 Gb Paging File | 3,94 Gb Available in Paging File | 71,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 187,67 Gb Total Space | 110,68 Gb Free Space | 58,98% Space Free | Partition Type: NTFS Drive D: | 30,27 Gb Total Space | 29,30 Gb Free Space | 96,81% Space Free | Partition Type: NTFS Computer Name: KEINEZWEIFEL-PC | User Name: KeineZweifel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18D2E04D-2253-4AA5-B823-AD2575E208B7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2A78E864-BC5C-4CAF-B453-935979419638}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2B2F0BB2-259D-4AE9-B9AD-420E772A8EF0}" = rport=137 | protocol=17 | dir=out | app=system | "{320A37E6-4680-47D8-81DE-CAC386AFF032}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3ACD41F4-17EF-45A3-82E7-A8E78BA22E55}" = rport=445 | protocol=6 | dir=out | app=system | "{498ADB71-2C40-407D-AA91-BE82AE0CB4AF}" = lport=137 | protocol=17 | dir=in | app=system | "{4EDFB847-2081-4AB7-BE7F-819C79C92954}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{56BEFDFD-1228-401D-B087-726961B70053}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{598BC366-B610-4961-919B-C034561569E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6B809B20-7DB4-453D-9E00-E1C423FA7F98}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6DDCFF08-D7ED-4946-9A6E-FD029A9CC8EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8052B984-127D-4A65-8920-16A0F3172BE5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8E15085C-D90E-4E4B-AF8C-8457729C19C9}" = rport=138 | protocol=17 | dir=out | app=system | "{97A85C5E-C265-44D5-BFB9-D3FB7E5EF180}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9C65EF58-2872-4118-BB3A-F6138B65E00E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9D37F4C8-EE8B-4BE5-B1B4-CF2ECF2FD30E}" = lport=138 | protocol=17 | dir=in | app=system | "{AC92FFA3-21D0-4BCF-BC58-8C12E969CA1D}" = lport=445 | protocol=6 | dir=in | app=system | "{AF47E827-37E5-4371-8B77-CBCD5D48CB39}" = rport=10243 | protocol=6 | dir=out | app=system | "{B53E4FA9-E177-4E54-A001-4FCFDB150615}" = lport=2869 | protocol=6 | dir=in | app=system | "{C4569619-1121-480E-9BA6-F8A0EB3E7716}" = rport=139 | protocol=6 | dir=out | app=system | "{C4A1883F-452C-417E-81BD-468E1012A3FD}" = lport=10243 | protocol=6 | dir=in | app=system | "{CE3DB09A-4415-4102-9F92-00349322045B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{E194CE29-FB5B-4079-8255-4CF05FE1384E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{FC182C19-FEB9-41FF-ADA5-80CF1AC04933}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05655669-5D74-425D-BF70-C2BFE6D38FC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{097D874A-3DD6-4E32-9308-C1D4B2DD0911}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1A4B9959-6DC9-4BF7-A0CD-3A30DAF2B8CA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1D64F124-D0DA-48D4-B42F-15FBD9740E97}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{32DB6E72-223C-44D9-BC5A-58C9EB6285A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3CA431CF-017F-4E0B-9258-57393CCE7990}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4B349BAF-B87A-4732-98AC-ABCC9D3BA79E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{617DFF3D-6A1F-4699-B99D-A6282AF58BA2}" = protocol=6 | dir=out | app=system | "{6247F278-6965-4586-BDF8-007080460C07}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{91AA4E9E-0BDF-496B-B70F-BF5EFA4D79D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9245AF54-D982-4B34-93A7-A0D0F5D93A41}" = protocol=6 | dir=in | app=c:\users\keinezweifel\appdata\roaming\dropbox\bin\dropbox.exe | "{9594552A-B183-413C-AB46-4988B10F2C66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC29F885-5719-4125-AB35-24B804E1B067}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C0FC0B54-1EA0-4FB4-914A-A109B8461249}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C632A990-B9C0-452A-81D1-B71EBF1AB624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D5080D38-A1E6-43A4-8367-4F4E753E5BDA}" = protocol=17 | dir=in | app=c:\users\keinezweifel\appdata\roaming\dropbox\bin\dropbox.exe | "{D5B6AF31-9055-41D1-9906-1701050E7FA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D7F9EBD5-90FC-4E9D-BFF9-61973A41E52B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D8BD86B3-052F-4DF1-A00B-8B02095E9F25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E9CC2A75-8D63-48A1-876B-8E18AE2520B4}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{EF756B49-C803-4EBB-A0D4-53A1A828A352}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FAD7803E-08A7-42EA-BF43-9810F1041AEF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "TCP Query User{0E172FC3-0579-4CB1-A234-AC0865FBC690}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe | "TCP Query User{3FAC61C4-E0D1-424E-8801-F5B266527095}C:\users\keinezweifel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\keinezweifel\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{57C6BED7-65DA-4083-AB63-0707FBA999E0}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{5C202FBB-71C0-4F46-92F8-4D0040BD1EAD}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | "TCP Query User{5F3D9A51-E0F7-4A6B-ACE7-6F40D94A105A}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | "TCP Query User{A7872450-7055-4C59-BDA6-C9373B0F6B38}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | "UDP Query User{23E5EAA3-A046-458F-8A7C-16545CA11834}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{30B9EEF3-E867-4962-803D-F1562431FD41}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | "UDP Query User{359273A7-C363-45A2-8DEC-7111EB732CA0}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe | "UDP Query User{3787D7F8-B26C-4DF6-937B-5E9E466CC2F5}C:\users\keinezweifel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\keinezweifel\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{45EA93F7-0D01-4833-ACA1-E2F3CCDBB40A}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe | "UDP Query User{A22D01A5-8E09-4DF8-AE45-DB10C38A9E35}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17 "{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35 "{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93B12A27-25B5-4A0C-9601-CDF7FE495E12}_is1" = Tetris Unlimited 0.5.0 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software "{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86) "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Free Antivirus "CCleaner" = CCleaner "Emperor's Mahjong für Windows" = Emperor's Mahjong für Windows "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FastStone Capture" = FastStone Capture 5.3 "Google Chrome" = Google Chrome "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Mendeley Desktop" = Mendeley Desktop 1.5 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "RealPlayer 12.0" = RealPlayer "Samsung ML-2010 Series SmartPanel" = Samsung ML-2010 Series SmartPanel "Switch" = Switch Audiodatei-Konverter "SynTPDeinstKey" = Synaptics Pointing Device Driver "UltraISO_is1" = UltraISO Premium V9.36 "WavePad" = WavePad Audiobearbeitungs-Software "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "XMind" = XMind ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 18.04.2012 05:00:17 | Computer Name = KeineZweifel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7601.17514, Zeitstempel: 0x4ce792c4 Name des fehlerhaften Moduls: MSI447C.tmp, Version: 16.0.0.328, Zeitstempel: 0x4a2febfa Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a3399 ID des fehlerhaften Prozesses: 0x918 Startzeit der fehlerhaften Anwendung: 0x01cd1d41a9bb8150 Pfad der fehlerhaften Anwendung: C:\windows\system32\MsiExec.exe Pfad des fehlerhaften Moduls: C:\windows\Installer\MSI447C.tmp Berichtskennung: eac095a0-8934-11e1-a451-0c6076a83665 Error - 18.04.2012 05:02:19 | Computer Name = KeineZweifel-PC | Source = MsiInstaller | ID = 11913 Description = Error - 18.04.2012 07:21:46 | Computer Name = KeineZweifel-PC | Source = MsiInstaller | ID = 10005 Description = Error - 18.04.2012 07:22:12 | Computer Name = KeineZweifel-PC | Source = MsiInstaller | ID = 10005 Description = Error - 18.04.2012 07:27:15 | Computer Name = KeineZweifel-PC | Source = MsiInstaller | ID = 10005 Description = Error - 27.04.2012 05:45:53 | Computer Name = KeineZweifel-PC | Source = SideBySide | ID = 16842827 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error - 27.04.2012 05:47:19 | Computer Name = KeineZweifel-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe" in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 27.04.2012 05:49:54 | Computer Name = KeineZweifel-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll" in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 12.05.2012 01:45:17 | Computer Name = KeineZweifel-PC | Source = System Restore | ID = 8193 Description = Error - 12.05.2012 01:45:17 | Computer Name = KeineZweifel-PC | Source = VSS | ID = 12289 Description = [ System Events ] Error - 16.08.2012 07:49:41 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 16.08.2012 11:04:10 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error - 16.08.2012 11:04:42 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 16.08.2012 11:04:47 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 16.08.2012 12:46:07 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error - 16.08.2012 12:46:35 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 16.08.2012 12:46:35 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 01.09.2012 03:33:23 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error - 01.09.2012 03:33:49 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 01.09.2012 03:33:52 | Computer Name = KeineZweifel-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > Könnte bitte mal jemand checken, ob alles OK ist, Danke! |
|
25.09.2012, 11:20
| #2 |
| /// the machine /// TB-Ausbilder    | Check von Lap Top nach Infektion Hi,
__________________Bissl Adware, aber sonst alles top. Probleme mit der Kiste? Deinstalliere bitte alles von Java und update auf die neue Version 7 Update 7. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
|
26.09.2012, 18:52
| #3 |
| | Check von Lap Top nach Infektion Hi,
__________________hier erstmal das AdwCleaner-Ergenis: # AdwCleaner v2.003 - Datei am 09/26/2012 um 19:38:04 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : KeineZweifel - KEINEZWEIFEL-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\KeineZweifel\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Users\KeineZweifel\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Conduit Schlüssel Gefunden : HKLM\Software\Conduit Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\KeineZweifel\AppData\Roaming\Mozilla\Firefox\Profiles\5t847kti.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1229 octets] - [26/09/2012 19:38:04] ########## EOF - C:\AdwCleaner[R1].txt - [1289 octets] ########## Nö, sonst keine Problem mit der Kiste, ich hatte nur die Befürchtung das der BP-Virus vielleicht mit Daten zum Lap-Top rüber gerutscht wäre. Ist ein bißchen langsam das lap-Top, aber das schon länger. Will jetzt demnächst aber die Sandboxinstallieren, Google-Chrom..das ganze Programm wie auf dem großem Rechner auch. Dann installiere ich auch Java neu. Eine Frage: auf dem großen Rechner werde ich, wenn ich einem Link von meiner Mailbox folge, zwar auch Chrom weitergeleitet - nicht aber Sandbox-Chrom...und da rödelt Chrome eine weile rum und dann funktioniert es nicht. Ich muss dann den Link in den Sandbox-Chrom Browser direkt kopieren..ist umständlich.Kann man das ändern? (Ich hoffe es ist klar was ich meine). LG Pipotschka |
|
26.09.2012, 19:01
| #4 |
| /// the machine /// TB-Ausbilder | Check von Lap Top nach Infektion
ESET Online Scanner
Gibts Probleme mit dem laptop?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.09.2012, 19:14
| #5 |
| | Check von Lap Top nach Infektion Hi, bin gerade in Termindruck und auch die nächsten Tage nicht zuhause - nicht wundern wenn das mit der Antwort etwas dauert. Sobald ich alles durchgeführt habe, melde ich mich. LG Pipotschka |
|
26.09.2012, 19:15
| #6 |
| /// the machine /// TB-Ausbilder | Check von Lap Top nach Infektion kein problem 
__________________ --> Check von Lap Top nach Infektion |
|
02.10.2012, 16:41
| #7 |
| | Check von Lap Top nach Infektion HI, das ist das Ergebnis des adcleaners: # AdwCleaner v2.003 - Datei am 10/02/2012 um 17:39:31 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : KeineZweifel - KEINEZWEIFEL-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\KeineZweifel\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Users\KeineZweifel\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Conduit Schlüssel Gefunden : HKLM\Software\Conduit Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\KeineZweifel\AppData\Roaming\Mozilla\Firefox\Profiles\5t847kti.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1358 octets] - [26/09/2012 19:38:04] AdwCleaner[R2].txt - [1289 octets] - [02/10/2012 17:39:31] ########## EOF - C:\AdwCleaner[R2].txt - [1349 octets] ########## Ssorry, das ist hier der Text nach dem Neustart # AdwCleaner v2.003 - Datei am 10/02/2012 um 17:42:01 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : KeineZweifel - KEINEZWEIFEL-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\KeineZweifel\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Users\KeineZweifel\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKLM\Software\Conduit Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\KeineZweifel\AppData\Roaming\Mozilla\Firefox\Profiles\5t847kti.default\prefs.js |
|
02.10.2012, 16:58
| #8 |
| /// the machine /// TB-Ausbilder | Check von Lap Top nach Infektion Ok dann noch der Onlinescan
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.10.2012, 11:53
| #9 |
| | Check von Lap Top nach Infektion Bitte schön: C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application C:\Users\KeineZweifel\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application wie gehts jetzt weiter? |
|
03.10.2012, 15:13
| #10 |
| /// the machine /// TB-Ausbilder | Check von Lap Top nach Infektion Supi, poste bitte ein frisches OTL log und sag mir ob du noch Probleme hast mit dem Rechner.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.10.2012, 17:39
| #11 |
| | Check von Lap Top nach Infektion "Supi" hör ich gerne :-) Hier die Otl-logfiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.10.2012 18:07:23 - Run 2 OTL by OldTimer - Version 3.2.66.2 Folder = C:\Users\KeineZweifel\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,75 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 59,06% Memory free 5,50 Gb Paging File | 4,14 Gb Available in Paging File | 75,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 187,67 Gb Total Space | 107,57 Gb Free Space | 57,32% Space Free | Partition Type: NTFS Drive D: | 30,27 Gb Total Space | 29,30 Gb Free Space | 96,81% Space Free | Partition Type: NTFS Computer Name: KEINEZWEIFEL-PC | User Name: KeineZweifel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\KeineZweifel\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Users\KeineZweifel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\congstar\Internetmanager\Bin\mcserver.exe (ZTE) PRC - C:\Programme\congstar\Internetmanager\Bin\db_daemon.exe () PRC - C:\Programme\congstar\Internetmanager\Bin\dbus-daemon.exe () PRC - C:\Programme\congstar\Internetmanager\Bin\gconfd-2.exe () PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\audio.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\itapi.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\coder.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\log.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libctlsvr.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\db_daemon.exe () MOD - C:\Programme\congstar\Internetmanager\Bin\dbus-daemon.exe () MOD - C:\Programme\congstar\Internetmanager\Bin\gconfd-2.exe () MOD - C:\Programme\congstar\Internetmanager\Bin\libgconfbackend-xml.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libgconf-2.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\dbus-1.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\sqlite3.dll () MOD - C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\zlib1.dll () MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll () MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libxml2.dll () MOD - C:\Programme\congstar\Internetmanager\Bin\libexpat.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (HSPADataCardusbser) -- C:\Windows\System32\drivers\HSPADataCardusbser.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbnmea) -- C:\Windows\System32\drivers\HSPADataCardusbnmea.sys (HSPADataCard Incorporated) DRV - (HSPADataCardusbmdm) -- C:\Windows\System32\drivers\HSPADataCardusbmdm.sys (HSPADataCard Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (tcpipBM) -- C:\windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. ) DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Lenovo Deutschland: Computer, Notebooks, Tablets & Mehr [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.0.100012 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\congstar\Internetmanager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.08 08:57:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.22 13:42:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.16 17:03:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 18:25:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.07 09:36:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.16 17:03:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.16 18:25:28 | 000,000,000 | ---D | M] [2010.11.03 22:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KeineZweifel\AppData\Roaming\mozilla\Extensions [2010.11.03 22:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KeineZweifel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.08.29 09:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KeineZweifel\AppData\Roaming\mozilla\Firefox\Profiles\5t847kti.default\extensions [2012.09.17 20:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.02 09:55:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012.08.16 18:25:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.09.06 12:05:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.17 20:01:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2012.08.16 18:25:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2012.09.16 17:03:20 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.09 18:37:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 17:03:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.09 18:37:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.09 18:37:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.09 18:37:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.09 18:37:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\windows\system32\npdeployJava1.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: avast! WebRep = C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Skype Click to Call = C:\Users\KeineZweifel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - Startup: C:\Users\KeineZweifel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\KeineZweifel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{385003C1-C35A-44C9-842A-DC50BDE3E49A}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA70F586-B489-43D3-BB26-ED96600F7C58}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.02 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.02 17:58:25 | 002,322,184 | ---- | C] (ESET) -- C:\Users\KeineZweifel\Desktop\esetsmartinstaller_enu.exe [2012.09.26 18:50:27 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\OxpsConverter.exe [2012.09.24 19:09:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012.09.24 19:09:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012.09.24 19:09:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012.09.24 19:09:43 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2012.09.24 19:09:42 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2012.09.24 19:09:37 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012.09.24 19:09:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012.09.24 19:09:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012.09.20 19:29:46 | 000,000,000 | ---D | C] -- C:\Users\KeineZweifel\AppData\Roaming\Malwarebytes [2012.09.20 19:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.20 19:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.20 19:29:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012.09.20 19:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.20 19:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.09.20 19:19:26 | 000,000,000 | ---D | C] -- C:\Users\KeineZweifel\AppData\Local\Google [2012.09.20 19:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.09.20 19:19:23 | 000,021,256 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2012.09.20 19:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.09.20 19:19:22 | 000,355,632 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2012.09.20 19:19:19 | 000,044,784 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr2.sys [2012.09.20 19:19:18 | 000,054,232 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2012.09.20 19:19:16 | 000,729,752 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2012.09.20 19:19:14 | 000,058,680 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2012.09.20 19:18:46 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2012.09.20 19:18:45 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2012.09.20 19:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.09.20 19:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.09.17 20:01:04 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe [2012.09.17 20:01:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe [2012.09.17 20:01:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe [2012.09.16 17:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.09.13 19:18:45 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\RNDISMP.sys [2012.09.13 19:17:44 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\netio.sys [2012.09.13 19:17:44 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\FWPKCLNT.SYS [2012.09.13 19:17:42 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10level9.dll ========== Files - Modified Within 30 Days ========== [2012.10.03 17:35:03 | 000,000,394 | ---- | M] () -- C:\windows\tasks\ReclaimerUpdateXML_KeineZweifel.job [2012.10.03 17:25:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.10.03 17:18:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.03 08:49:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.10.02 19:18:05 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.02 17:58:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\KeineZweifel\Desktop\esetsmartinstaller_enu.exe [2012.10.02 17:51:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.02 17:51:34 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.02 17:45:09 | 000,000,404 | ---- | M] () -- C:\windows\tasks\RNUpgradeHelperLogonPrompt_KeineZweifel.job [2012.10.02 17:44:00 | 000,000,398 | ---- | M] () -- C:\windows\tasks\ReclaimerUpdateFiles_KeineZweifel.job [2012.10.02 17:43:36 | 2213,302,272 | -HS- | M] () -- C:\hiberfil.sys [2012.10.01 19:25:16 | 000,002,324 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.30 10:11:45 | 000,652,148 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012.09.30 10:11:45 | 000,121,080 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012.09.30 10:11:44 | 000,696,870 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012.09.30 10:11:44 | 000,148,134 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012.09.26 19:37:28 | 000,513,501 | ---- | M] () -- C:\Users\KeineZweifel\Desktop\adwcleaner.exe [2012.09.22 14:25:59 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe [2012.09.22 14:25:59 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012.09.22 14:00:24 | 000,425,024 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012.09.22 13:43:20 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2012.09.20 19:29:08 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 19:19:23 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.10.02 17:34:53 | 000,000,404 | ---- | C] () -- C:\windows\tasks\RNUpgradeHelperLogonPrompt_KeineZweifel.job [2012.10.02 17:34:51 | 000,000,398 | ---- | C] () -- C:\windows\tasks\ReclaimerUpdateFiles_KeineZweifel.job [2012.10.02 17:34:47 | 000,000,394 | ---- | C] () -- C:\windows\tasks\ReclaimerUpdateXML_KeineZweifel.job [2012.09.26 19:36:35 | 000,513,501 | ---- | C] () -- C:\Users\KeineZweifel\Desktop\adwcleaner.exe [2012.09.20 19:29:08 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 19:21:30 | 000,002,324 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.09.20 19:19:40 | 000,001,110 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.20 19:19:39 | 000,001,106 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.20 19:19:23 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2012.01.03 10:09:28 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2011.04.18 19:37:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.11.04 14:11:55 | 000,471,040 | ---- | C] () -- C:\windows\ssndii.exe [2010.11.04 10:42:59 | 000,001,025 | ---- | C] () -- C:\windows\System32\sysprs7.dll [2010.11.04 10:42:59 | 000,000,205 | ---- | C] () -- C:\windows\System32\lsprst7.dll [2010.11.03 23:04:29 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Ne, keine Probleme mit dem Rechner. Haben wir dann alles? Und alles gut?? Frage: was mache ich mit Windows Defender - trotz avast aktivieren oder nicht? und den anderen Programmen die nun auf dem Laptop sind: adwCleaner, Otl und Eset? Malbytesware kann ich ja einmal im Monat laufen lassen, oder? LG Pipotschka |
|
03.10.2012, 18:18
| #12 |
| /// the machine /// TB-Ausbilder | Check von Lap Top nach Infektion Ja MBAM kannste so behalten, rest entfernen wir gleich. Defender würde ich aus lassen. Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.0.100012
:Commands
[emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.10.2012, 19:56
| #13 |
| | Check von Lap Top nach Infektion so, bitteschön All processes killed ========== OTL ========== Prefs.js: toolbar@ask.com:3.14.0.100012 removed from extensions.enabledItems ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: KeineZweifel ->Temp folder emptied: 1621557 bytes ->Temporary Internet Files folder emptied: 56578272 bytes ->Java cache emptied: 6116054 bytes ->FireFox cache emptied: 74286648 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 540 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 59583 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 132,00 mb OTL by OldTimer - Version 3.2.66.2 log created on 10032012_194324 Files\Folders moved on Reboot... File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
04.10.2012, 06:23
| #14 |
| /// the machine /// TB-Ausbilder | Check von Lap Top nach Infektion AdwCleaner öffnen > Uninstall OTL öffnen > Button Bereinigung drücken Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.10.2012, 08:16
| #15 |
| | Check von Lap Top nach Infektion Hi, OK, werde mein Lap Top so sichern, wie den großer (Sandbox, Chrome, Sekunia) - dann habe ich alles auf einem Stand. Wie bekomme ich das Eset vom PC runter? Oder soll das drauf bleiben? |
|
| Themen zu Check von Lap Top nach Infektion |
| .dll, antivirus, autorun, bho, c:\windows\system32\cmd.exe, defender, desktop, downloader, error, excel, explorer, firefox, flash player, format, helper, home, install.exe, lenovo, logfile, microsoft office 2003, msiexec.exe, msiinstaller, plug-in, realtek, registry, required, richtlinie, rundll, scan, software, svchost.exe, taskhost.exe, udp, usb 2.0, windows, winlogon.exe, wlansvc |
.
Linear-Darstellung
