| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.10.2012, 18:56
| #16 |
| /// the machine /// TB-Ausbilder    |  Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 Supi, dann noch den Rest 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.10.2012, 19:16
| #17 |
 | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 der scannt grad immer noch. ist echt genial von dir. du hast voll drauf. danke vielmals.machst du das hier beruflich?lg
__________________ |
|
09.10.2012, 19:19
| #18 |
| /// the machine /// TB-Ausbilder | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 wir machen das alle in unserer Freizeit
__________________
__________________ |
|
09.10.2012, 20:44
| #19 |
| | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 hat keine infizierten datein gefunden. das läuft grad. aber sieht so aus, als ob der computer gereinigt ist, oder sehe ich das falsch? OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.10.2012 21:46:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,78% Memory free 4,00 Gb Paging File | 3,20 Gb Available in Paging File | 80,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138,98 Gb Total Space | 98,92 Gb Free Space | 71,17% Space Free | Partition Type: NTFS Computer Name: JANUSCHEL | User Name: kalb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.09 13:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager\ouc.exe PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PRC - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2008.04.10 17:56:48 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.05.09 15:24:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) SRV - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\eamonm.sys -- (eamonm) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\kalb\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex) DRV - [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 21:28:45 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2010.06.17 21:28:45 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.05.26 11:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E3 43 1F 8C EE CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0C2D0630-2882-431F-AA84-3A6454B32EC2} IE - HKCU\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de IE - HKCU\..\SearchScopes\{4B1EB107-BCD3-4FB2-98E0-E70F4FC45DF9}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 20:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 19:06:32 | 000,000,000 | ---D | M] [2011.09.13 20:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Extensions [2012.10.08 18:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Firefox\Profiles\su33pu6f.default\extensions [2012.10.08 19:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Mystical Land Installer (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\NPMysticalLandInstaller.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Speed Dial = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.1_0\ CHR - Extension: Mystical Land Installer = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\ O1 HOSTS File: ([2012.10.09 16:18:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKCU..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001F3B16-5351-4CBF-A8E5-14CAB653679C}: DhcpNameServer = 10.74.83.22 193.254.160.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67AA8B79-A64D-483C-8462-B07FB5A09434}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E7A7E5-94CA-43E5-878F-6EB4F267B1F9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8724439-8D79-46A7-BEB7-CB2730586F8C}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.09 19:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.09 18:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.09 18:35:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.09 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.09 16:20:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.09 16:20:00 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\temp [2012.10.09 16:00:45 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.09 15:47:00 | 004,764,951 | R--- | C] (Swearware) -- C:\Users\kalb\Desktop\ComboFix.exe [2012.10.09 14:46:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.09 14:46:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.09 14:46:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.09 14:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.09 14:12:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.09 13:39:21 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012 [2012.10.08 19:51:46 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Roaming\Malwarebytes [2012.10.08 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.08 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Fächer [2012.10.06 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Behindertenhilfe Bergstrasse [2012.09.19 10:02:08 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys [2012.09.19 10:02:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.09.19 10:02:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.09.17 22:25:24 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Praktikum Köln(2012) [2012.09.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.17 16:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.17 16:09:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.15 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\{8AA270C9-F234-4F35-A854-5F1DFA5BD769} ========== Files - Modified Within 30 Days ========== [2012.10.09 21:42:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.09 19:55:23 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.09 19:55:23 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.09 19:48:25 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.10.09 19:48:20 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.001 [2012.10.09 19:48:02 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.09 19:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.09 19:47:40 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys [2012.10.09 18:35:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.09 16:18:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.09 15:45:28 | 004,764,951 | R--- | M] (Swearware) -- C:\Users\kalb\Desktop\ComboFix.exe [2012.10.09 15:44:40 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.10.09 13:08:40 | 197,505,467 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.09 13:07:25 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP7e50.DMP [2012.10.08 17:24:20 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat [2012.10.08 14:09:37 | 000,664,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.08 14:09:37 | 000,625,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.08 14:09:37 | 000,135,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.08 14:09:37 | 000,110,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.08 14:08:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012.10.07 17:44:12 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP9b66.DMP [2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.09.17 16:09:40 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.10.09 18:35:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.09 14:46:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.09 14:46:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.09 14:46:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.09 14:46:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.09 14:46:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.09 13:07:25 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP7e50.DMP [2012.10.08 14:08:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012.10.07 17:44:12 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP9b66.DMP [2012.09.17 16:09:40 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.04.02 20:57:44 | 000,004,608 | ---- | C] () -- C:\Users\kalb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.28 23:24:27 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2012.02.28 23:24:27 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2011.11.03 01:46:25 | 000,007,630 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\.freeciv-client-rc-2.3 [2011.09.13 12:56:39 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PrintsService [2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\PreferencePane [2010.11.22 00:06:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Printers [2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Pop Flute [2010.11.22 00:02:44 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Woodwind [2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\business-inkjet [2010.11.21 18:47:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dictionaries [2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows [2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Work - Home [2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Widgets [2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\WebServer [2010.11.21 18:40:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT [2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices [2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Desktop Pictures [2010.11.21 18:33:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.05.14 18:07:21 | 000,000,092 | ---- | C] () -- C:\Users\kalb\AppData\Local\fusioncache.dat [2010.05.14 09:39:14 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.001 [2010.05.14 00:39:30 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat [2010.05.07 22:09:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.11.03 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\.freeciv [2012.08.10 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Canon [2011.02.13 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\EPSON [2010.11.22 00:12:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Nikon [2011.02.13 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Panasonic [2012.06.19 13:52:02 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Samsung [2011.09.13 12:56:29 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\ScanSoft [2011.04.17 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom [2012.10.07 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager [2012.03.14 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Unity [2011.09.14 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.09 16:20:01 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.05.02 22:23:15 | 000,000,000 | ---D | M] -- C:\$UPGRADE.~OS [2012.07.01 12:37:21 | 000,000,000 | ---D | M] -- C:\Big Fish Games [2011.07.10 17:35:39 | 000,000,000 | ---D | M] -- C:\Boot [2012.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\bwinPoker JPC [2009.10.18 15:52:54 | 000,000,000 | ---D | M] -- C:\Click to DVD 2 [2012.10.09 14:43:26 | 000,000,000 | ---D | M] -- C:\Config.Msi [2007.08.12 11:26:06 | 000,000,000 | ---D | M] -- C:\Documentation [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.05.02 20:23:09 | 000,000,000 | ---D | M] -- C:\found.000 [2007.11.04 01:18:29 | 000,000,000 | R--D | M] -- C:\MSOCache [2010.06.17 22:10:32 | 000,000,000 | ---D | M] -- C:\MyVideos [2010.04.11 14:00:24 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.09 19:51:35 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.09 19:45:48 | 000,000,000 | ---D | M] -- C:\ProgramData [2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.09 16:20:00 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.05.07 22:01:56 | 000,000,000 | ---D | M] -- C:\Recovery [2012.10.09 21:48:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.05.07 22:20:59 | 000,000,000 | ---D | M] -- C:\Temp [2010.04.05 22:47:48 | 000,000,000 | ---D | M] -- C:\Update [2010.05.07 22:02:03 | 000,000,000 | R--D | M] -- C:\Users [2007.08.12 11:36:33 | 000,000,000 | ---D | M] -- C:\WAUUPGRD [2012.10.09 16:18:49 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > < %localappdata%\*. /5 > [2012.10.08 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Diagnostics [2012.10.09 14:19:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\ElevatedDiagnostics [2012.10.08 19:23:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Microsoft [2012.10.08 18:47:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\MigWiz [2012.10.08 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\PokerStars.EU [2012.10.09 21:46:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\temp [2012.10.08 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Windows Live < End of report > Combofix Logfile: Code:
ATTFilter ComboFix 12-10-09.01 - kalb 09.10.2012 22:04:42.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2046.995 [GMT 2:00]
ausgeführt von:: c:\users\kalb\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\kalb\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ycwbbmmf.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-09 bis 2012-10-09 ))))))))))))))))))))))))))))))
.
.
2012-10-09 20:12 . 2012-10-09 20:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 17:51 . 2012-10-09 17:51 -------- d-----w- c:\program files\ESET
2012-10-09 16:35 . 2012-10-09 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-09 16:35 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-09 14:20 . 2012-10-09 20:13 -------- d-----w- c:\users\kalb\AppData\Local\temp
2012-10-09 12:54 . 2012-10-09 14:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3E9535A-F890-45AB-80BB-E88A2B26F7B8}\offreg.dll
2012-10-09 12:48 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A3E9535A-F890-45AB-80BB-E88A2B26F7B8}\mpengine.dll
2012-10-08 17:51 . 2012-10-08 17:51 -------- d-----w- c:\users\kalb\AppData\Roaming\Malwarebytes
2012-10-08 17:51 . 2012-10-08 17:51 -------- d-----w- c:\programdata\Malwarebytes
2012-09-26 09:11 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-19 08:02 . 2012-09-19 08:02 181344 ----a-w- c:\windows\system32\drivers\ssudobex.sys
2012-09-19 08:02 . 2012-09-19 08:02 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-09-19 08:02 . 2012-09-19 08:02 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-09-19 08:02 . 2012-09-19 08:02 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-09-19 08:02 . 2012-09-19 08:02 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-09-17 14:09 . 2012-09-17 14:09 -------- d-----w- c:\program files\Common Files\Skype
2012-09-17 14:09 . 2012-09-17 14:09 -------- d-----r- c:\program files\Skype
2012-09-17 10:32 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-17 10:32 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-17 10:32 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-17 10:32 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-17 10:32 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-17 10:32 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-17 10:32 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 17:47 . 2012-08-15 12:28 2345984 ----a-w- c:\windows\system32\win32k.sys
2011-09-03 06:18 . 2011-09-13 18:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-24 39408]
"HW_OPENEYE_OUC_Telekom Internet Manager"="c:\program files\Telekom\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2009-05-26 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-26 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-26 88608]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"DataCardMonitor"="c:\program files\Telekom\InternetManager_H\DataCardMonitor.exe" [2011-04-17 253952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
.
c:\users\kalb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-4-10 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 11:12]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 11:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://www.google.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\kalb\AppData\Roaming\Mozilla\Firefox\Profiles\su33pu6f.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2086349673-4076395582-134452066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2086349673-4076395582-134452066-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-09 22:17:11
ComboFix-quarantined-files.txt 2012-10-09 20:17
ComboFix2.txt 2012-10-09 14:19
ComboFix3.txt 2012-10-09 13:02
.
Vor Suchlauf: 21 Verzeichnis(se), 105.814.376.448 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 105.772.908.544 Bytes frei
.
- - End Of File - - 04E9A428828EC0B538FD4BAEB40E8B3F
|
|
10.10.2012, 06:52
| #20 |
| /// the machine /// TB-Ausbilder | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{001F3B16-5351-4CBF-A8E5-14CAB653679C}: DhcpNameServer = 10.74.83.22 193.254.160.1
:Commands
[emptytemp]
[resethosts]
Und ein frisches OTL log bitte
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2012, 12:00
| #21 |
| | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s %windir%\installer\*. /5 %localappdata%\*. /5 CREATERESTOREPOINT |
|
10.10.2012, 12:03
| #22 |
| /// the machine /// TB-Ausbilder | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 was willst du mir damit sagen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2012, 12:12
| #23 |
| | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 weiß nich. sorry. kenn mich ja nich aus. war das ergebnis nachm fixen. Hier wie gefordert:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.10.2012 13:01:05 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,70% Memory free 4,00 Gb Paging File | 3,29 Gb Available in Paging File | 82,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 138,98 Gb Total Space | 98,83 Gb Free Space | 71,11% Space Free | Partition Type: NTFS Computer Name: JANUSCHEL | User Name: kalb | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.09 13:20:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012\OTL.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.08.19 10:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager\ouc.exe PRC - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe PRC - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2008.04.10 17:56:48 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007.04.03 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2007.02.04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe PRC - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.05.09 15:24:26 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008.09.16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) SRV - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007.12.17 15:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007.01.11 15:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\eamonm.sys -- (eamonm) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\kalb\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudobex.sys -- (ssudobex) DRV - [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.06.17 21:28:45 | 000,573,440 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95bda.sys -- (hcw95bda) DRV - [2010.06.17 21:28:45 | 000,015,616 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw95rc.sys -- (hcw95rc) DRV - [2009.12.15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2009.12.15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.07 08:49:40 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2009.10.07 08:47:56 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.05.26 11:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.08.03 05:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 E3 43 1F 8C EE CA 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0C2D0630-2882-431F-AA84-3A6454B32EC2} IE - HKCU\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de IE - HKCU\..\SearchScopes\{4B1EB107-BCD3-4FB2-98E0-E70F4FC45DF9}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7SUNC_de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 20:48:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.08 19:06:32 | 000,000,000 | ---D | M] [2011.09.13 20:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Extensions [2012.10.08 18:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kalb\AppData\Roaming\mozilla\Firefox\Profiles\su33pu6f.default\extensions [2012.10.08 19:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.09.03 08:18:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.03 02:19:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.03 02:19:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.03 02:19:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.03 02:19:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.03 02:19:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.92\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Mystical Land Installer (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\NPMysticalLandInstaller.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Unity Player (Enabled) = C:\Users\kalb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Speed Dial = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.1_0\ CHR - Extension: Mystical Land Installer = C:\Users\kalb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\ O1 HOSTS File: ([2012.10.10 12:57:11 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.) O4 - HKCU..\Run: [HW_OPENEYE_OUC_Telekom Internet Manager] C:\Program Files\Telekom\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67AA8B79-A64D-483C-8462-B07FB5A09434}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85E7A7E5-94CA-43E5-878F-6EB4F267B1F9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8724439-8D79-46A7-BEB7-CB2730586F8C}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 12:56:20 | 000,000,000 | ---D | C] -- C:\_OTL [2012.10.09 22:17:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.09 22:17:19 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.09 22:02:05 | 004,764,951 | R--- | C] (Swearware) -- C:\Users\kalb\Desktop\ComboFix.exe [2012.10.09 19:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.09 18:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.09 18:35:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.09 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.09 16:20:00 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\temp [2012.10.09 14:46:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.09 14:46:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.09 14:46:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.09 14:12:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.09 14:12:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.09 13:39:21 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Scannreport OTL 09.19.2012 [2012.10.08 19:51:46 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Roaming\Malwarebytes [2012.10.08 19:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.08 18:06:59 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Fächer [2012.10.06 14:29:51 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Behindertenhilfe Bergstrasse [2012.09.19 10:02:08 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys [2012.09.19 10:02:06 | 000,181,344 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.09.19 10:02:06 | 000,083,168 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.09.17 22:25:24 | 000,000,000 | ---D | C] -- C:\Users\kalb\Desktop\Praktikum Köln(2012) [2012.09.17 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.17 16:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.17 16:09:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.15 12:21:40 | 000,000,000 | ---D | C] -- C:\Users\kalb\AppData\Local\{8AA270C9-F234-4F35-A854-5F1DFA5BD769} ========== Files - Modified Within 30 Days ========== [2012.10.10 13:05:36 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 13:05:36 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 12:59:10 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.001 [2012.10.10 12:58:30 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.10.10 12:58:23 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.10 12:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.10 12:58:07 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys [2012.10.10 12:57:11 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.10.09 22:00:44 | 004,764,951 | R--- | M] (Swearware) -- C:\Users\kalb\Desktop\ComboFix.exe [2012.10.09 21:42:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.09 18:35:38 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.09 15:44:40 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.10.09 13:08:40 | 197,505,467 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.09 13:07:25 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP7e50.DMP [2012.10.08 17:24:20 | 000,054,932 | ---- | M] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat [2012.10.08 14:09:37 | 000,664,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.08 14:09:37 | 000,625,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.08 14:09:37 | 000,135,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.08 14:09:37 | 000,110,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.08 14:08:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012.10.07 17:44:12 | 000,131,072 | -H-- | M] () -- C:\Windows\DUMP9b66.DMP [2012.09.19 10:02:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudobex.sys [2012.09.19 10:02:06 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2012.09.19 10:02:06 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2012.09.17 16:09:40 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk ========== Files Created - No Company Name ========== [2012.10.09 18:35:38 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.09 14:46:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.09 14:46:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.09 14:46:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.09 14:46:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.09 14:46:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.09 13:07:25 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP7e50.DMP [2012.10.08 14:08:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2012.10.07 17:44:12 | 000,131,072 | -H-- | C] () -- C:\Windows\DUMP9b66.DMP [2012.09.17 16:09:40 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.04.02 20:57:44 | 000,004,608 | ---- | C] () -- C:\Users\kalb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.28 23:24:27 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2012.02.28 23:24:27 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2011.11.03 01:46:25 | 000,007,630 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\.freeciv-client-rc-2.3 [2011.09.13 12:56:39 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PrintsService [2010.11.22 00:06:17 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\PreferencePane [2010.11.22 00:06:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Printers [2010.11.22 00:02:44 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Pop Flute [2010.11.22 00:02:44 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Woodwind [2010.11.21 18:47:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\business-inkjet [2010.11.21 18:47:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Dictionaries [2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows [2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Work - Home [2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\Widgets [2010.11.21 18:40:08 | 000,000,268 | RH-- | C] () -- C:\Users\kalb\AppData\Roaming\WebServer [2010.11.21 18:40:08 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT [2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Devices [2010.11.21 18:40:08 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Desktop Pictures [2010.11.21 18:33:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT [2010.05.14 18:07:21 | 000,000,092 | ---- | C] () -- C:\Users\kalb\AppData\Local\fusioncache.dat [2010.05.14 09:39:14 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.001 [2010.05.14 00:39:30 | 000,054,932 | ---- | C] () -- C:\Users\kalb\AppData\Roaming\nvModes.dat [2010.05.07 22:09:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.11.03 01:50:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\.freeciv [2012.08.10 13:44:58 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Canon [2011.02.13 16:19:21 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\EPSON [2010.11.22 00:12:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Nikon [2011.02.13 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Panasonic [2012.06.19 13:52:02 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Samsung [2011.09.13 12:56:29 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\ScanSoft [2011.04.17 19:45:56 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom [2012.10.07 17:46:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Telekom Internet Manager [2012.03.14 22:33:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Unity [2011.09.14 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.09 22:17:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.05.02 22:23:15 | 000,000,000 | ---D | M] -- C:\$UPGRADE.~OS [2012.07.01 12:37:21 | 000,000,000 | ---D | M] -- C:\Big Fish Games [2011.07.10 17:35:39 | 000,000,000 | ---D | M] -- C:\Boot [2012.10.08 19:03:38 | 000,000,000 | ---D | M] -- C:\bwinPoker JPC [2009.10.18 15:52:54 | 000,000,000 | ---D | M] -- C:\Click to DVD 2 [2012.10.09 14:43:26 | 000,000,000 | ---D | M] -- C:\Config.Msi [2007.08.12 11:26:06 | 000,000,000 | ---D | M] -- C:\Documentation [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.05.02 20:23:09 | 000,000,000 | ---D | M] -- C:\found.000 [2007.11.04 01:18:29 | 000,000,000 | R--D | M] -- C:\MSOCache [2010.06.17 22:10:32 | 000,000,000 | ---D | M] -- C:\MyVideos [2010.04.11 14:00:24 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.09 19:51:35 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.09 19:45:48 | 000,000,000 | ---D | M] -- C:\ProgramData [2007.07.20 14:57:47 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.09 22:17:22 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.05.07 22:01:56 | 000,000,000 | ---D | M] -- C:\Recovery [2012.10.10 13:05:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.05.07 22:20:59 | 000,000,000 | ---D | M] -- C:\Temp [2010.04.05 22:47:48 | 000,000,000 | ---D | M] -- C:\Update [2010.05.07 22:02:03 | 000,000,000 | R--D | M] -- C:\Users [2007.08.12 11:36:33 | 000,000,000 | ---D | M] -- C:\WAUUPGRD [2012.10.09 22:17:19 | 000,000,000 | ---D | M] -- C:\Windows [2012.10.10 12:56:20 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > < %localappdata%\*. /5 > [2012.10.08 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Diagnostics [2012.10.09 14:19:20 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\ElevatedDiagnostics [2012.10.08 19:23:13 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Microsoft [2012.10.08 18:47:48 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\MigWiz [2012.10.08 16:29:39 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\PokerStars.EU [2012.10.10 13:01:04 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\temp [2012.10.08 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\kalb\AppData\Local\Windows Live < > [2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2010.05.24 13:12:34 | 000,001,090 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.05.24 13:12:37 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < End of report > |
|
10.10.2012, 12:14
| #24 |
| /// the machine /// TB-Ausbilder | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 Das war das Ergebnis nach dem Fixen? o.O Schau mal bitte unter C:\OTL, da sind TExtdateien mit Datum in Namen, poste mal das letzte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2012, 12:16
| #25 |
| | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A8214D94-1C7F-4B5B-8419-DEEA53AD04D5}\ not found. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{001F3B16-5351-4CBF-A8E5-14CAB653679C}\\DhcpNameServer| /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: kalb ->Temp folder emptied: 5594551 bytes ->Temporary Internet Files folder emptied: 54551527 bytes ->Java cache emptied: 25114735 bytes ->FireFox cache emptied: 75393732 bytes ->Google Chrome cache emptied: 349009304 bytes ->Apple Safari cache emptied: 5657600 bytes ->Flash cache emptied: 538 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 608 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 491,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 10102012_125620 ups, da ist wohl was schief gegangen.jetzt müsste es passen: Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
10.10.2012, 12:28
| #26 |
| /// the machine /// TB-Ausbilder | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 Gudd, das schaut schon eher nach nem Fix Logfile aus Wie läuft der Rechner? Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2012, 12:37
| #27 |
| | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 nein, läuft alles einwandfrei. ist der virus nun weg? und kannst d mir einen tipp geben, welches antivirusprogramm gut und günstig ist(am besten umsonst) vielen dank lg jan |
|
10.10.2012, 13:06
| #28 |
| /// the machine /// TB-Ausbilder | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 Jepp, nur noch einmal fixen Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{0C2D0630-2882-431F-AA84-3A6454B32EC2}: "URL" = hxxp://startsear.ch/?aff=1&src=sp&cf=68346eae-f732-11e0-939b-001a801851dd&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope =
:Commands
[emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2012, 15:23
| #29 |
| | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 was ein mist. nachdem ich deinen anweisungen gefolgt bin und der computer runterfuhr, startete der rechner wieder verpixelt und der virus ist wieder voll aktiv. beim hochfahren hat er sich dann aufgehängt und ich kann wieder mal nur den abgesicherten modus nutzen. lg |
|
10.10.2012, 15:28
| #30 |
| /// the machine /// TB-Ausbilder | Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Virenprogamme stürzen beim Scan ab(bei datei: recycle.bin s-1-5-21-20....rhodoqf2 |
| abgesicherten, altes, antivirus, bildschirm, blauer, blauer bildschirm, data, datei, down, folge, laden, malwarebytes, modus, morgen, neustart, nicht mehr, nod32, pixel, problem, recycle.bin, runter, scan, stürzen, windows, windows 7 |
.
Linear-Darstellung
