Pc hängt öfter

mädchen · 20.10.2012, 16:46

Hallo,
danke, aber hatte Mbam dann doch noch beim Pony gefunden. Lach. Man sollte auch erst mal richtig hinschauen bevor man klickt...
Habe das Anti-Malware Programm auch schon durchlaufen lassen, gefunden wurde nichts.
Die anderen Sachen mache ich heute noch.
Ach ja, ich weiß nicht was "Skriptblocking und ähnliches" ist, ob ich sowas habe und wenn ja, wo ich den Knopf zum ausschalten finde .

Hm, ich verstehe eben nichts vom Pc...aber jetzt weiß ich jedenfalls schon mal was logfiles sind.

Grüße vom mädchen

schrauber · 20.10.2012, 18:45

Hast Du nicht, also kannste den Scan einfach laufen lassen

mädchen · 22.10.2012, 08:40

Hallo schrauber,

es klappt nicht mit dem Eset Scanner. Es wird gewartet..... und gewartet..... und gewartet....., tut sich auch nach 10 Minuten nichts.
Und ich habe leider so gut wie alle Probleme die ich am Anfang hatte jetzt auch wieder.

Gruß
mädchen

schrauber · 22.10.2012, 08:42

Dann poste mal bitte ein frisches OTL logfile.

mädchen · 22.10.2012, 09:06

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.10.2012 09:48:48 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pc\Desktop\trojaner board
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,39% Memory free
4,22 Gb Paging File | 3,08 Gb Available in Paging File | 73,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 27,36 Gb Free Space | 43,10% Space Free | Partition Type: NTFS
Drive D: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 387,63 Gb Total Space | 362,61 Gb Free Space | 93,54% Space Free | Partition Type: NTFS
Drive H: | 1,84 Gb Total Space | 1,82 Gb Free Space | 99,16% Space Free | Partition Type: FAT
 
Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 11:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\trojaner board\OTL.exe
PRC - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2012.09.06 13:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\ndsvc.exe
PRC - [2011.10.09 15:57:36 | 002,572,800 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\netdrive.exe
PRC - [2011.08.08 13:31:46 | 000,828,416 | ---- | M] (ActMask Co.,Ltd - hxxp://www.all2pdf.com) -- C:\Windows\System32\PrintDisp.exe
PRC - [2011.07.20 03:44:22 | 000,099,688 | ---- | M] (Lunascape Co., LTD.) -- C:\Program Files\Lunascape\Lunascape6\Luna.exe
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe
PRC - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.28 20:11:44 | 000,014,320 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2012.08.28 20:11:34 | 000,108,528 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll
MOD - [2011.03.22 10:08:22 | 000,138,752 | ---- | M] () -- C:\Program Files\NetDrive\libexpat.dll
MOD - [2009.12.10 11:52:38 | 000,192,512 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.12.10 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.12.10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISAPI.dll
MOD - [2009.09.19 11:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.06.19 15:10:46 | 000,143,360 | ---- | M] () -- C:\Program Files\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.06.19 15:10:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Mobile Partner\SMSPlugin.dll
MOD - [2009.06.18 10:56:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.06.18 10:54:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.06.18 10:48:24 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\DialUpPlugin.dll
MOD - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
MOD - [2009.05.23 11:02:32 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\XCodec.dll
MOD - [2009.05.23 11:02:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceOperate.dll
MOD - [2009.05.23 11:02:28 | 000,155,648 | ---- | M] () -- C:\Program Files\Mobile Partner\DetectDev.dll
MOD - [2009.05.23 11:02:24 | 000,557,056 | ---- | M] () -- C:\Program Files\Mobile Partner\atcomm.dll
MOD - [2009.02.12 10:53:02 | 000,040,448 | ---- | M] () -- C:\Program Files\NetDrive\ws_ext.dll
MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Mobile Partner\isaputrace.dll
MOD - [2007.07.31 15:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\FileManager.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.19 10:38:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe -- (vToolbarUpdater13.0.0)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (WebOptimizer)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) [Auto | Running] -- C:\Program Files\NetDrive\ndsvc.exe -- (ndsvc)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (catchme)
DRV - [2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.03.25 10:21:12 | 000,049,432 | ---- | M] (MacroData Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files\NetDrive\NDFS.sys -- (ndfs)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 10:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008.07.29 01:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.05.02 07:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;amp;form=MSITDF&amp;amp;amp;pc=MAMI&amp;amp;amp;src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {288575EA-507B-42CB-97BE-ACED08F1998A}
IE - HKCU\..\SearchScopes\{288575EA-507B-42CB-97BE-ACED08F1998A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE420
IE - HKCU\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;amp;form=MSITDF&amp;amp;amp;pc=MAMI&amp;amp;amp;src=IE-SearchBox
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2011.07.14 13:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2012.07.11 10:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Netdrive] C:\Program Files\NetDrive\netdrive.exe (Bdrive Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [b1gMail-Utility] C:\Program Files\MailXXL.com Tools\BMUtil.exe ()
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DDF262-BEC7-46A7-8D06-943CB65610D4}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B5F900-DE2A-46C9-B7E6-710EF36AF2A5}: NameServer = 132.252.3.10,132.252.1.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O27 - HKLM IFEO\registrybooster.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.08 21:48:36 | 000,126,976 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.03.10 02:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.20 09:53:11 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Malwarebytes
[2012.10.20 09:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.20 09:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.20 09:53:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.20 09:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.20 09:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager
[2012.10.20 09:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.10.20 09:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.10.19 09:54:21 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.18 21:10:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.18 21:10:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\temp
[2012.10.18 21:05:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.18 20:15:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.18 20:15:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.18 20:15:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.18 20:15:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.18 20:14:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.18 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira
[2012.10.18 14:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.18 14:05:46 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.18 14:05:46 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.18 14:05:46 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.18 14:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.11 16:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.10.10 14:50:01 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\trojaner board
[2012.10.10 14:27:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 14:27:33 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 14:27:32 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.09 05:10:27 | 000,000,000 | -H-D | C] -- C:\Windows\Icons
[2012.10.07 12:50:02 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.10.07 12:50:00 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.10.07 12:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.10.07 12:49:08 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.10.07 12:47:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\TuneUp Software
[2012.10.07 12:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2012.10.07 12:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.07 12:46:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.09.23 04:15:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.23 04:15:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.23 04:15:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.23 04:15:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.23 04:15:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.23 04:15:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.23 04:15:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.23 04:15:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.22 09:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.22 08:58:10 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\AbelssoftPreloader.job
[2012.10.22 08:56:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 08:56:00 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 08:55:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.21 19:00:39 | 000,271,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.20 09:16:39 | 000,001,828 | ---- | M] () -- C:\Users\pc\Desktop\JDownloader.lnk
[2012.10.20 09:05:25 | 000,000,231 | ---- | M] () -- C:\Users\pc\Desktop\Search the Web.url
[2012.10.20 09:05:25 | 000,000,225 | ---- | M] () -- C:\Users\pc\Desktop\SweetPcFix.url
[2012.10.20 08:45:10 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.10.19 10:38:37 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.19 10:38:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.18 14:05:59 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.13 12:30:09 | 000,572,634 | ---- | M] () -- C:\Users\pc\Desktop\stui.jpg
[2012.10.11 16:56:57 | 000,001,608 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.11 16:56:56 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.11 13:01:56 | 000,006,562 | ---- | M] () -- C:\Users\pc\Desktop\vvvvc.eml
[2012.10.10 11:22:22 | 000,000,000 | ---- | M] () -- C:\Users\pc\defogger_reenable
[2012.10.09 09:39:25 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.10.09 09:39:25 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.10.09 04:58:32 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\CheckDriveBackgroundGuard.job
[2012.10.09 04:57:59 | 000,000,234 | ---- | M] () -- C:\Windows\tasks\Schirmfoto.job
[2012.10.07 18:24:56 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.07 18:24:56 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 12:49:48 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.10.07 12:49:48 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.27 17:53:45 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.27 11:22:58 | 000,000,193 | ---- | M] () -- C:\Users\pc\Documents\Dokument.rtf
[2012.09.26 11:04:43 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\WashAndGo.lnk
[2012.09.24 22:18:28 | 000,002,174 | ---- | M] () -- C:\Users\pc\Documents\semmelknödel.rtf
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.23 12:16:20 | 000,001,087 | ---- | M] () -- C:\Users\pc\Desktop\scan.lnk
[2012.09.22 17:44:19 | 000,000,485 | ---- | M] () -- C:\Users\pc\Desktop\°.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.21 19:00:23 | 000,271,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.20 09:16:39 | 000,001,828 | ---- | C] () -- C:\Users\pc\Desktop\JDownloader.lnk
[2012.10.20 09:16:31 | 000,001,792 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.10.20 09:16:31 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012.10.20 09:16:31 | 000,001,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.10.20 09:05:25 | 000,000,231 | ---- | C] () -- C:\Users\pc\Desktop\Search the Web.url
[2012.10.20 09:05:25 | 000,000,225 | ---- | C] () -- C:\Users\pc\Desktop\SweetPcFix.url
[2012.10.19 09:54:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.18 20:15:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.18 20:15:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.18 20:15:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.18 20:15:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.18 20:15:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.18 14:05:59 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.11 16:56:57 | 000,001,608 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.11 16:56:56 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.11 13:01:42 | 000,006,562 | ---- | C] () -- C:\Users\pc\Desktop\vvvvc.eml
[2012.10.10 11:22:22 | 000,000,000 | ---- | C] () -- C:\Users\pc\defogger_reenable
[2012.10.07 12:49:48 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.10.07 12:49:48 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.10.07 12:49:47 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.09.26 11:04:43 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\WashAndGo.lnk
[2012.09.24 22:18:28 | 000,002,174 | ---- | C] () -- C:\Users\pc\Documents\semmelknödel.rtf
[2012.09.23 23:10:26 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.09.23 12:12:43 | 000,001,087 | ---- | C] () -- C:\Users\pc\Desktop\scan.lnk
[2012.09.22 17:44:19 | 000,000,485 | ---- | C] () -- C:\Users\pc\Desktop\°.lnk
[2012.09.12 12:25:02 | 001,006,448 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.09.12 12:25:02 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.07.10 14:48:59 | 000,000,519 | ---- | C] () -- C:\Users\pc\pc - Verknüpfung.lnk
[2012.04.27 18:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.12 21:21:00 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2011.10.29 20:04:04 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll
[2011.10.29 20:03:43 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2011.03.13 16:17:06 | 000,000,058 | ---- | C] () -- C:\Users\pc\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.02.25 15:46:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.25 15:46:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.12.31 17:07:07 | 000,164,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.12.31 17:06:48 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 925 bytes -> C:\Users\pc\Desktop\vvvvc.eml:OECustomProperty

< End of report >

--- --- ---

schrauber · 22.10.2012, 09:43

Da wären noch ein paar Einträge, die raus müssen, aber zuerst kümmern wir uns mal um das hängenbleiben.

ProcessExplorer als Ersatz für den Windows Taskmanager installieren

Lade Dir den Process Explorer als Ersatz für den Taskmanager herunter und installiere ihn, hier findest Du eine Anleitung. Das ist ein wesentlich leistungsfähigerer Ersatz für den Windows-Taskmanager. Im Menü unter "Options" kannst Du den ProcessExplorer dauerhaft als Ersatz für den Taskmanager einrichten (Replace Taskmanager). Das ist sehr empfehlenswert, weil der ProcessExplorer erheblich mehr Funktionen als der Taskmanager hat. Wenn Du diese Einstellung gemacht hast, öffnet sich mit der Tastenkombination STRG + ALT + Entf. nicht mehr der Taskmanager, sondern der ProcessExplorer. Das kann jederzeit durch Abhaken dieser Einstellung wieder rückgängig gemacht werden.

Was wir jetzt konkret brauchen: In jeder Zeile steht ein Prozess, ein paar der Zeilen sind keine richtigen Prozesse, sondern nur Pseudoprozesse für die Tätigkeit des Windos-Kernels. Im Menü View => Select Columns wird ein Dialog geöffnet, in dem Du auswählen kannst, welche Spalten mit Informationen zu den Prozessen angezeigt werden sollen. In dem gehe in das Register "Process Performance" und stelle sicher, dass dort "CPU Usage" angehakt ist, "CPU History" wäre ebenfalls sinnvoll. Unter "CPU Usage" wird der aktuelle Wert der Prozessorauslastung für jeden Prozess angezeigt (im Tabellentitel steht nur kurz "CPU"), "CPU History" blendet für jeden Prozess ein Diagramm ein, das eine Kurve mit der Prozessorauslastung für die letzte Zeit anzeigt.

Damit sollte es Dir möglich sein, zu identifizieren, welcher Prozess Deine CPU in Trab hält. Mache einen Doppelklick auf den Prozess. Du kannst von dem ganzen auch einen Screenshot machen und ihn als Anhang mit Deiner Antwort hochladen (auf "Erweitert" unter dem Textfeld klicken und über "Anhänge verwalten" auf Deinem Rechner suchen lassen und über "Hochladen" anhängen).

mädchen · 22.10.2012, 12:04

Boah, Wurm drin!
Unter Anleitung ist die Seite nicht mehr verfügbar.
Beim Process Explorer kann die Webseite nicht angezeigt werden.

Grüße mädchen

schrauber · 22.10.2012, 12:12

Versuch mal das hier

Process Explorer

mädchen · 22.10.2012, 12:54

Au weia,
ich weiß weder was eine CPU ist noch wie man einen screenshot macht. Aber jetzt habe ich das Vista snipping tool kennengelernt ! Hoffentlich ist das so richtig. Mehr kann ich jetzt leider nicht machen, habe gleich einen Termin.
Melde mich heute nachmittag wieder.LG

mädchen

schrauber · 22.10.2012, 13:04

LAss das Tool mal offen udn schau in dem Moment, wo der PC hängt, ob irgend ein Prozess extrem viel CPU-Auslastung verursacht.

mädchen · 22.10.2012, 15:34

Armer schrauber,
du hast es nicht leicht mit mir! Ich habe das mit dem Doppelklick auf den Prozess übersehen.

Habe eben einen Prozess doppelgeklickt und hatte dann ein Fenster mit einigen Schaltflächen...........oh Gott..........ist das peinlich.......was brauchst du davon?Alles was angezeigt werden kann?Und : wieviel ist denn extrem viel?
Ach ich nehm einfach den höchsten Wert den ich finde.....ich fühl mich so hilflos........

mädchen

Also die höchsten Werte haben System Idle Process, WmiPrvSE.exe,Luna.exe,procexp.exe,svchost.exe.
Ich hoffe ich habe das richtig abgeschrieben,das springt da alles so schnell um , so schnell kann ich gar nicht gucken.

schrauber · 22.10.2012, 17:41

Öffne mal bitte OTL, bei Extra Registrierung auf Benutze Safe List stellen und Scan Button drücken. Poste bitte beide Logfiles

mädchen · 22.10.2012, 21:10

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.10.2012 21:42:32 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pc\Desktop\trojaner board
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,45% Memory free
4,22 Gb Paging File | 2,92 Gb Available in Paging File | 69,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 29,17 Gb Free Space | 45,95% Space Free | Partition Type: NTFS
Drive D: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 387,63 Gb Total Space | 362,61 Gb Free Space | 93,54% Space Free | Partition Type: NTFS
Drive H: | 1,84 Gb Total Space | 1,82 Gb Free Space | 99,16% Space Free | Partition Type: FAT
 
Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 11:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\trojaner board\OTL.exe
PRC - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2012.09.06 13:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.08 14:39:22 | 000,056,720 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2012.07.08 14:39:22 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2012.07.02 11:18:42 | 000,525,776 | ---- | M] (Abelssoft) -- C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\ndsvc.exe
PRC - [2011.10.09 15:57:36 | 002,572,800 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\netdrive.exe
PRC - [2011.08.08 13:31:46 | 000,828,416 | ---- | M] (ActMask Co.,Ltd - hxxp://www.all2pdf.com) -- C:\Windows\System32\PrintDisp.exe
PRC - [2011.07.20 03:44:22 | 000,099,688 | ---- | M] (Lunascape Co., LTD.) -- C:\Program Files\Lunascape\Lunascape6\Luna.exe
PRC - [2011.07.08 17:12:13 | 000,403,968 | ---- | M] () -- C:\Program Files\MailXXL.com Tools\BMUtil.exe
PRC - [2011.05.09 01:07:54 | 000,703,392 | ---- | M] (Abelssoft GmbH) -- C:\Program Files\Schirmfoto\schirmfoto.exe
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe
PRC - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.24 15:27:06 | 000,014,320 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2native.dll
MOD - [2012.09.24 15:25:46 | 000,108,528 | ---- | M] () -- C:\Program Files\Java\jre6\bin\jp2iexp.dll
MOD - [2012.07.08 14:39:22 | 000,114,064 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\InstallerExtensions.dll
MOD - [2012.07.08 14:39:22 | 000,018,832 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cwebpage.dll
MOD - [2012.07.08 14:39:16 | 000,136,592 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\locale\de\de.dll
MOD - [2012.07.02 11:18:42 | 000,585,680 | ---- | M] () -- C:\Program Files\CheckDrive\AbScheduler.dll
MOD - [2012.07.02 11:18:42 | 000,013,776 | ---- | M] () -- C:\Program Files\CheckDrive\AbMessages.dll
MOD - [2012.06.15 09:24:57 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012.06.14 10:47:16 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 10:46:37 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.14 08:37:18 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.14 08:32:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.14 08:31:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.14 08:30:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.14 08:25:40 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.14 08:24:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.07.08 17:12:13 | 000,403,968 | ---- | M] () -- C:\Program Files\MailXXL.com Tools\BMUtil.exe
MOD - [2011.05.09 01:07:54 | 000,585,632 | ---- | M] () -- C:\Program Files\Schirmfoto\AbScheduler.dll
MOD - [2011.05.09 01:07:54 | 000,180,128 | ---- | M] () -- C:\Program Files\Schirmfoto\AbBugReporter.dll
MOD - [2011.05.09 01:07:54 | 000,177,056 | ---- | M] () -- C:\Program Files\Schirmfoto\SchirmfotoCommon.dll
MOD - [2011.05.09 01:07:54 | 000,104,352 | ---- | M] () -- C:\Program Files\Schirmfoto\Cropper.dll
MOD - [2011.05.09 01:07:54 | 000,049,056 | ---- | M] () -- C:\Program Files\Schirmfoto\AbCommons.dll
MOD - [2011.05.09 01:07:54 | 000,028,576 | ---- | M] () -- C:\Program Files\Schirmfoto\AbSettingsKeeper.dll
MOD - [2011.05.09 01:07:54 | 000,010,144 | ---- | M] () -- C:\Program Files\Schirmfoto\AbUpdateBugReporter.dll
MOD - [2011.03.22 10:08:22 | 000,138,752 | ---- | M] () -- C:\Program Files\NetDrive\libexpat.dll
MOD - [2009.12.10 11:52:38 | 000,192,512 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.12.10 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.12.10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISAPI.dll
MOD - [2009.09.19 11:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.06.19 15:10:46 | 000,143,360 | ---- | M] () -- C:\Program Files\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.06.19 15:10:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Mobile Partner\SMSPlugin.dll
MOD - [2009.06.18 10:56:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.06.18 10:54:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.06.18 10:48:24 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\DialUpPlugin.dll
MOD - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
MOD - [2009.05.23 11:02:32 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\XCodec.dll
MOD - [2009.05.23 11:02:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceOperate.dll
MOD - [2009.05.23 11:02:28 | 000,155,648 | ---- | M] () -- C:\Program Files\Mobile Partner\DetectDev.dll
MOD - [2009.05.23 11:02:24 | 000,557,056 | ---- | M] () -- C:\Program Files\Mobile Partner\atcomm.dll
MOD - [2009.03.30 06:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.12 10:53:02 | 000,040,448 | ---- | M] () -- C:\Program Files\NetDrive\ws_ext.dll
MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Mobile Partner\isaputrace.dll
MOD - [2007.07.31 15:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\FileManager.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.19 10:38:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe -- (vToolbarUpdater13.0.0)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (WebOptimizer)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) [Auto | Running] -- C:\Program Files\NetDrive\ndsvc.exe -- (ndsvc)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (catchme)
DRV - [2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.03.25 10:21:12 | 000,049,432 | ---- | M] (MacroData Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files\NetDrive\NDFS.sys -- (ndfs)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 10:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008.07.29 01:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.05.02 07:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;amp;form=MSITDF&amp;amp;amp;pc=MAMI&amp;amp;amp;src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {288575EA-507B-42CB-97BE-ACED08F1998A}
IE - HKCU\..\SearchScopes\{288575EA-507B-42CB-97BE-ACED08F1998A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE420
IE - HKCU\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;amp;form=MSITDF&amp;amp;amp;pc=MAMI&amp;amp;amp;src=IE-SearchBox
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2011.07.14 13:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2012.07.11 10:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Netdrive] C:\Program Files\NetDrive\netdrive.exe (Bdrive Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [b1gMail-Utility] C:\Program Files\MailXXL.com Tools\BMUtil.exe ()
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DDF262-BEC7-46A7-8D06-943CB65610D4}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B5F900-DE2A-46C9-B7E6-710EF36AF2A5}: NameServer = 132.252.3.10,132.252.1.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.08 21:48:36 | 000,126,976 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.03.10 02:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.22 10:14:33 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.10.22 10:14:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.10.22 10:14:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.10.20 09:53:11 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Malwarebytes
[2012.10.20 09:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.20 09:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.20 09:53:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.20 09:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.20 09:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager
[2012.10.20 09:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.10.20 09:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.10.19 09:54:21 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.18 21:10:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.18 21:10:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\temp
[2012.10.18 21:05:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.18 20:15:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.18 20:15:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.18 20:15:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.18 20:15:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.18 20:14:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.18 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira
[2012.10.18 14:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.18 14:05:46 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.18 14:05:46 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.18 14:05:46 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.18 14:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.11 16:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.10.10 14:50:01 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\trojaner board
[2012.10.10 14:27:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 14:27:33 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 14:27:32 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.09 05:10:27 | 000,000,000 | -H-D | C] -- C:\Windows\Icons
[2012.10.07 12:50:02 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.10.07 12:50:00 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.10.07 12:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.10.07 12:49:08 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.10.07 12:47:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\TuneUp Software
[2012.10.07 12:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2012.10.07 12:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.07 12:46:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.09.23 04:15:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.23 04:15:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.23 04:15:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.23 04:15:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.23 04:15:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.23 04:15:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.23 04:15:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.23 04:15:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.22 21:50:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.10.22 21:44:03 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.22 21:38:48 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.22 21:36:31 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.22 21:36:23 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\AbelssoftPreloader.job
[2012.10.22 21:36:20 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\CheckDriveBackgroundGuard.job
[2012.10.22 21:36:20 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.10.22 21:36:20 | 000,000,234 | ---- | M] () -- C:\Windows\tasks\Schirmfoto.job
[2012.10.22 21:36:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 21:36:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 21:35:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.22 18:17:53 | 000,000,172 | ---- | M] () -- C:\Users\pc\Desktop\3.rtf
[2012.10.22 16:09:23 | 000,000,207 | ---- | M] () -- C:\Users\pc\Desktop\Dokument2.rtf
[2012.10.22 12:52:06 | 000,000,200 | ---- | M] () -- C:\Users\pc\Desktop\Dokument.rtf
[2012.10.21 19:00:39 | 000,271,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.20 09:16:39 | 000,001,828 | ---- | M] () -- C:\Users\pc\Desktop\JDownloader.lnk
[2012.10.20 09:05:25 | 000,000,231 | ---- | M] () -- C:\Users\pc\Desktop\Search the Web.url
[2012.10.20 09:05:25 | 000,000,225 | ---- | M] () -- C:\Users\pc\Desktop\SweetPcFix.url
[2012.10.19 10:38:37 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.19 10:38:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.18 14:05:59 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.13 12:30:09 | 000,572,634 | ---- | M] () -- C:\Users\pc\Desktop\stui.jpg
[2012.10.11 16:56:57 | 000,001,608 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.11 16:56:56 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.11 13:01:56 | 000,006,562 | ---- | M] () -- C:\Users\pc\Desktop\vvvvc.eml
[2012.10.10 11:22:22 | 000,000,000 | ---- | M] () -- C:\Users\pc\defogger_reenable
[2012.10.09 09:39:25 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.10.07 12:49:48 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.10.07 12:49:48 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.27 17:53:45 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.27 11:22:58 | 000,000,193 | ---- | M] () -- C:\Users\pc\Documents\Dokument.rtf
[2012.09.26 11:04:43 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\WashAndGo.lnk
[2012.09.24 22:18:28 | 000,002,174 | ---- | M] () -- C:\Users\pc\Documents\semmelknödel.rtf
[2012.09.24 15:32:24 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.09.24 15:32:20 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.09.24 15:23:41 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.09.24 15:23:37 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.09.24 15:23:26 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.23 12:16:20 | 000,001,087 | ---- | M] () -- C:\Users\pc\Desktop\scan.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.22 18:17:53 | 000,000,172 | ---- | C] () -- C:\Users\pc\Desktop\3.rtf
[2012.10.22 15:41:33 | 000,000,207 | ---- | C] () -- C:\Users\pc\Desktop\Dokument2.rtf
[2012.10.22 12:52:06 | 000,000,200 | ---- | C] () -- C:\Users\pc\Desktop\Dokument.rtf
[2012.10.21 19:00:23 | 000,271,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.20 09:16:39 | 000,001,828 | ---- | C] () -- C:\Users\pc\Desktop\JDownloader.lnk
[2012.10.20 09:16:31 | 000,001,792 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.10.20 09:16:31 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012.10.20 09:16:31 | 000,001,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.10.20 09:05:25 | 000,000,231 | ---- | C] () -- C:\Users\pc\Desktop\Search the Web.url
[2012.10.20 09:05:25 | 000,000,225 | ---- | C] () -- C:\Users\pc\Desktop\SweetPcFix.url
[2012.10.19 09:54:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.18 20:15:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.18 20:15:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.18 20:15:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.18 20:15:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.18 20:15:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.18 14:05:59 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.11 16:56:57 | 000,001,608 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.11 16:56:56 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.11 13:01:42 | 000,006,562 | ---- | C] () -- C:\Users\pc\Desktop\vvvvc.eml
[2012.10.10 11:22:22 | 000,000,000 | ---- | C] () -- C:\Users\pc\defogger_reenable
[2012.10.07 12:49:48 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.10.07 12:49:48 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.10.07 12:49:47 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.09.26 11:04:43 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\WashAndGo.lnk
[2012.09.24 22:18:28 | 000,002,174 | ---- | C] () -- C:\Users\pc\Documents\semmelknödel.rtf
[2012.09.23 23:10:26 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.09.23 12:12:43 | 000,001,087 | ---- | C] () -- C:\Users\pc\Desktop\scan.lnk
[2012.09.12 12:25:02 | 001,006,448 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.09.12 12:25:02 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.07.10 14:48:59 | 000,000,519 | ---- | C] () -- C:\Users\pc\pc - Verknüpfung.lnk
[2012.04.27 18:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.12 21:21:00 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2011.10.29 20:04:04 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll
[2011.10.29 20:03:43 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2011.03.13 16:17:06 | 000,000,058 | ---- | C] () -- C:\Users\pc\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.02.25 15:46:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.25 15:46:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.12.31 17:07:07 | 000,164,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.12.31 17:06:48 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 925 bytes -> C:\Users\pc\Desktop\vvvvc.eml:OECustomProperty

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 22.10.2012 21:42:32 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pc\Desktop\trojaner board
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,45% Memory free
4,22 Gb Paging File | 2,92 Gb Available in Paging File | 69,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 29,17 Gb Free Space | 45,95% Space Free | Partition Type: NTFS
Drive D: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 387,63 Gb Total Space | 362,61 Gb Free Space | 93,54% Space Free | Partition Type: NTFS
Drive H: | 1,84 Gb Total Space | 1,82 Gb Free Space | 99,16% Space Free | Partition Type: FAT
 
Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DAFA34-45E8-46A6-843F-AF34F4467C9C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{1CBD7845-0288-4425-BA04-97252E840043}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{226CBE0F-9F1C-4B84-A7A8-097A9C328133}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{2F8FE96A-37FC-48FC-A274-7179176F6E5E}" = protocol=6 | dir=in | app=c:\users\pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{30A19E42-C52D-4250-AA47-B5CC06F25C75}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{36DFF524-B990-4A6C-9DD8-A35391AF6005}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{55E9438A-EA76-4F28-B6FC-6D4B06A6EE3A}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{570FE284-895B-425F-98A0-58F43085550D}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{6B5F328B-B609-45E4-B1F0-10A4A8981D6B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{6CFC040B-44EC-400C-9A72-FE2A642E6067}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{7406A79B-7E27-41B4-89EF-A91417F64737}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{779F3503-F364-4FE7-9CE1-37D85F63A158}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{79957D25-5AAE-4D80-BCD0-5FF98F001471}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{822A9053-E4C8-4229-A730-70E667EB0997}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{9395F2EB-E730-41D8-AE48-44C71B493927}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{96151931-4520-43E4-A689-52E226F4F082}" = protocol=17 | dir=in | app=c:\users\pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B18D5A65-90AB-4F84-B3D4-CF4A2BCD1A3C}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{B652535E-06B3-4831-A7FC-7D3B0C31336C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{B6569463-37A6-457C-B2CF-CA6BA5D3D665}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{CF8C0B69-02D6-4BF4-8F2D-3E3452DFAECC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{DB981E26-B54D-42DC-980D-44D30D7A2EA1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{DC710067-43A4-4852-BEE0-693EEF7CABBF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{E02E6A6E-55B2-47CC-9DAF-A872D61B3CFD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F34F597B-25CF-41E3-AB7E-9B2E4155FDA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F4CF3062-B85A-47D4-AD86-9AEB657CE2B9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{83523A5E-6197-4677-9AB9-1354342A3F07}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5825ABB3-A8F9-4ED4-B057-F4799EC1B792}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1" = Uniblue RegistryBooster
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"5513-1208-7298-9440" = JDownloader 0.9
"AbAlarm_is1" = AbAlarm
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DealBulldog Toolbar Toolbar" = DealBulldog Toolbar Toolbar
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Lunascape6" = Lunascape6 (All Users)
"MailXXL.com" = MailXXL.com Tools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"MyKeyFinder_is1" = MyKeyFinder
"NetDrive" = NetDrive
"Schirmfoto_is1" = Schirmfoto
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WashAndGo_is1" = WashAndGo
"WNLT" = Web Optimizer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.10.2012 11:54:35 | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.10.2012 15:37:06 | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.10.2012 11:55:35 | Computer Name = pc-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.161.154.243 für die Netzwerkkarte mit der Netzwerkadresse
 001E101FA1F5 wurde durch den DHCP-Server 10.49.195.162 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 22.10.2012 11:56:49 | Computer Name = pc-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 22.10.2012 15:39:56 | Computer Name = pc-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

--- --- ---

Tschuldigung, habe mal wieder einen Fehler gemacht, die Programme vorher nicht geschlossen. Ich mach neue OTLS...

mädchen

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.10.2012 22:30:58 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pc\Desktop\trojaner board
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,63% Memory free
4,22 Gb Paging File | 2,94 Gb Available in Paging File | 69,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 29,16 Gb Free Space | 45,93% Space Free | Partition Type: NTFS
Drive D: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 387,63 Gb Total Space | 362,61 Gb Free Space | 93,54% Space Free | Partition Type: NTFS
Drive H: | 1,84 Gb Total Space | 1,82 Gb Free Space | 99,16% Space Free | Partition Type: FAT
 
Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.10 11:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pc\Desktop\trojaner board\OTL.exe
PRC - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.19 11:29:44 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2012.09.06 13:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.08 14:39:22 | 000,056,720 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2012.07.08 14:39:22 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2012.07.02 11:18:42 | 000,525,776 | ---- | M] (Abelssoft) -- C:\Program Files\CheckDrive\CheckDriveBackgroundGuard.exe
PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\ndsvc.exe
PRC - [2011.10.09 15:57:36 | 002,572,800 | ---- | M] (Bdrive Inc.) -- C:\Program Files\NetDrive\netdrive.exe
PRC - [2011.08.08 13:31:46 | 000,828,416 | ---- | M] (ActMask Co.,Ltd - hxxp://www.all2pdf.com) -- C:\Windows\System32\PrintDisp.exe
PRC - [2011.07.08 17:12:13 | 000,403,968 | ---- | M] () -- C:\Program Files\MailXXL.com Tools\BMUtil.exe
PRC - [2011.05.09 01:07:54 | 000,703,392 | ---- | M] (Abelssoft GmbH) -- C:\Program Files\Schirmfoto\schirmfoto.exe
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) -- C:\Windows\System32\PrintCtrl.exe
PRC - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.05.07 10:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.08 14:39:22 | 000,114,064 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\InstallerExtensions.dll
MOD - [2012.07.08 14:39:22 | 000,018,832 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cwebpage.dll
MOD - [2012.07.08 14:39:16 | 000,136,592 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\locale\de\de.dll
MOD - [2012.07.02 11:18:42 | 000,585,680 | ---- | M] () -- C:\Program Files\CheckDrive\AbScheduler.dll
MOD - [2012.07.02 11:18:42 | 000,013,776 | ---- | M] () -- C:\Program Files\CheckDrive\AbMessages.dll
MOD - [2012.06.15 09:24:57 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012.06.14 10:47:16 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 10:46:37 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.14 08:37:18 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.14 08:32:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.14 08:31:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.14 08:30:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.14 08:25:40 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.14 08:24:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011.07.08 17:12:13 | 000,403,968 | ---- | M] () -- C:\Program Files\MailXXL.com Tools\BMUtil.exe
MOD - [2011.05.09 01:07:54 | 000,585,632 | ---- | M] () -- C:\Program Files\Schirmfoto\AbScheduler.dll
MOD - [2011.05.09 01:07:54 | 000,180,128 | ---- | M] () -- C:\Program Files\Schirmfoto\AbBugReporter.dll
MOD - [2011.05.09 01:07:54 | 000,177,056 | ---- | M] () -- C:\Program Files\Schirmfoto\SchirmfotoCommon.dll
MOD - [2011.05.09 01:07:54 | 000,104,352 | ---- | M] () -- C:\Program Files\Schirmfoto\Cropper.dll
MOD - [2011.05.09 01:07:54 | 000,049,056 | ---- | M] () -- C:\Program Files\Schirmfoto\AbCommons.dll
MOD - [2011.05.09 01:07:54 | 000,028,576 | ---- | M] () -- C:\Program Files\Schirmfoto\AbSettingsKeeper.dll
MOD - [2011.05.09 01:07:54 | 000,010,144 | ---- | M] () -- C:\Program Files\Schirmfoto\AbUpdateBugReporter.dll
MOD - [2011.03.22 10:08:22 | 000,138,752 | ---- | M] () -- C:\Program Files\NetDrive\libexpat.dll
MOD - [2009.12.10 11:52:38 | 000,192,512 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll
MOD - [2009.12.10 11:51:36 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceMgrPlugin.dll
MOD - [2009.12.10 11:40:20 | 000,991,232 | ---- | M] () -- C:\Program Files\Mobile Partner\NDISAPI.dll
MOD - [2009.09.19 11:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\Mobile Partner\NetInfoPlugin.dll
MOD - [2009.06.19 15:10:46 | 000,143,360 | ---- | M] () -- C:\Program Files\Mobile Partner\LocaleMgrPlugin.dll
MOD - [2009.06.19 15:10:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Mobile Partner\SMSPlugin.dll
MOD - [2009.06.18 10:56:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Mobile Partner\NotifyServicePlugin.dll
MOD - [2009.06.18 10:54:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Mobile Partner\ConfigFilePlugin.dll
MOD - [2009.06.18 10:48:24 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\DialUpPlugin.dll
MOD - [2009.05.25 13:09:40 | 000,114,688 | ---- | M] () -- C:\Program Files\Mobile Partner\Mobile Partner.exe
MOD - [2009.05.23 11:02:32 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\XCodec.dll
MOD - [2009.05.23 11:02:30 | 000,061,440 | ---- | M] () -- C:\Program Files\Mobile Partner\DeviceOperate.dll
MOD - [2009.05.23 11:02:28 | 000,155,648 | ---- | M] () -- C:\Program Files\Mobile Partner\DetectDev.dll
MOD - [2009.05.23 11:02:24 | 000,557,056 | ---- | M] () -- C:\Program Files\Mobile Partner\atcomm.dll
MOD - [2009.03.30 06:42:12 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.12 10:53:02 | 000,040,448 | ---- | M] () -- C:\Program Files\NetDrive\ws_ext.dll
MOD - [2007.08.23 16:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Mobile Partner\isaputrace.dll
MOD - [2007.07.31 15:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Mobile Partner\FileManager.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.19 10:38:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.07 12:48:08 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.0.0\ToolbarUpdater.exe -- (vToolbarUpdater13.0.0)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.19 11:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.13 15:26:52 | 001,006,448 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (WebOptimizer)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.09 15:57:49 | 002,089,472 | ---- | M] (Bdrive Inc.) [Auto | Running] -- C:\Program Files\NetDrive\ndsvc.exe -- (ndsvc)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.04.29 05:04:12 | 000,069,632 | ---- | M] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) [Auto | Running] -- C:\Windows\System32\PrintCtrl.exe -- (Printer Control)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (catchme)
DRV - [2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.19 10:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.03.25 10:21:12 | 000,049,432 | ---- | M] (MacroData Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files\NetDrive\NDFS.sys -- (ndfs)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 10:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2008.07.29 01:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.05.02 07:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;amp;form=MSITDF&amp;amp;amp;pc=MAMI&amp;amp;amp;src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {288575EA-507B-42CB-97BE-ACED08F1998A}
IE - HKCU\..\SearchScopes\{288575EA-507B-42CB-97BE-ACED08F1998A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE420
IE - HKCU\..\SearchScopes\{7C788BE1-99B0-40CD-B58C-788705E205E2}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&amp;amp;amp;form=MSITDF&amp;amp;amp;pc=MAMI&amp;amp;amp;src=IE-SearchBox
IE - HKCU\..\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}: "URL" = hxxp://www.ask.com/web?o=15710&l=dis&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={8EAAC8C9-1A84-11E2-AEA6-001E101F3315}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2011.07.14 13:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pc\AppData\Roaming\mozilla\Extensions
[2012.07.11 10:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: No name found = C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Netdrive] C:\Program Files\NetDrive\netdrive.exe (Bdrive Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PrintDisp] C:\Windows\System32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [b1gMail-Utility] C:\Program Files\MailXXL.com Tools\BMUtil.exe ()
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/pro/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59DDF262-BEC7-46A7-8D06-943CB65610D4}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B5F900-DE2A-46C9-B7E6-710EF36AF2A5}: NameServer = 132.252.3.10,132.252.1.7
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.08 21:48:36 | 000,126,976 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.03.10 02:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.22 10:14:33 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.10.22 10:14:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.10.22 10:14:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.10.20 09:53:11 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Malwarebytes
[2012.10.20 09:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.20 09:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.20 09:53:04 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.20 09:53:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.20 09:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadManager
[2012.10.20 09:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.10.20 09:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.10.19 09:54:21 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.18 21:10:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.18 21:10:31 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Local\temp
[2012.10.18 21:05:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.18 20:15:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.18 20:15:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.18 20:15:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.18 20:15:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.18 20:14:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.18 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\Avira
[2012.10.18 14:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.18 14:05:46 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.18 14:05:46 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.18 14:05:46 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.18 14:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.11 16:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.10.10 14:50:01 | 000,000,000 | ---D | C] -- C:\Users\pc\Desktop\trojaner board
[2012.10.10 14:27:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.10 14:27:33 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.10 14:27:32 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.09 05:10:27 | 000,000,000 | -H-D | C] -- C:\Windows\Icons
[2012.10.07 12:50:02 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012.10.07 12:50:00 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012.10.07 12:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012.10.07 12:49:08 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.10.07 12:47:43 | 000,000,000 | ---D | C] -- C:\Users\pc\AppData\Roaming\TuneUp Software
[2012.10.07 12:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2012.10.07 12:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.07 12:46:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.09.23 04:15:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.09.23 04:15:44 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.09.23 04:15:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.09.23 04:15:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.09.23 04:15:44 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.09.23 04:15:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.09.23 04:15:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.09.23 04:15:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.22 21:50:00 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.10.22 21:44:03 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.22 21:38:48 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.22 21:36:31 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.22 21:36:23 | 000,000,260 | ---- | M] () -- C:\Windows\tasks\AbelssoftPreloader.job
[2012.10.22 21:36:20 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\CheckDriveBackgroundGuard.job
[2012.10.22 21:36:20 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2012.10.22 21:36:20 | 000,000,234 | ---- | M] () -- C:\Windows\tasks\Schirmfoto.job
[2012.10.22 21:36:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 21:36:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.22 21:35:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.22 18:17:53 | 000,000,172 | ---- | M] () -- C:\Users\pc\Desktop\3.rtf
[2012.10.22 16:09:23 | 000,000,207 | ---- | M] () -- C:\Users\pc\Desktop\Dokument2.rtf
[2012.10.22 12:52:06 | 000,000,200 | ---- | M] () -- C:\Users\pc\Desktop\Dokument.rtf
[2012.10.21 19:00:39 | 000,271,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.20 09:16:39 | 000,001,828 | ---- | M] () -- C:\Users\pc\Desktop\JDownloader.lnk
[2012.10.20 09:05:25 | 000,000,231 | ---- | M] () -- C:\Users\pc\Desktop\Search the Web.url
[2012.10.20 09:05:25 | 000,000,225 | ---- | M] () -- C:\Users\pc\Desktop\SweetPcFix.url
[2012.10.19 10:38:37 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.19 10:38:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.10.18 14:05:59 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.13 12:30:09 | 000,572,634 | ---- | M] () -- C:\Users\pc\Desktop\stui.jpg
[2012.10.11 16:56:57 | 000,001,608 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.11 16:56:56 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.11 13:01:56 | 000,006,562 | ---- | M] () -- C:\Users\pc\Desktop\vvvvc.eml
[2012.10.10 11:22:22 | 000,000,000 | ---- | M] () -- C:\Users\pc\defogger_reenable
[2012.10.09 09:39:25 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.10.07 12:49:48 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.10.07 12:49:48 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.10.07 12:48:09 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012.10.01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.27 17:53:45 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.27 11:22:58 | 000,000,193 | ---- | M] () -- C:\Users\pc\Documents\Dokument.rtf
[2012.09.26 11:04:43 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\WashAndGo.lnk
[2012.09.24 22:18:28 | 000,002,174 | ---- | M] () -- C:\Users\pc\Documents\semmelknödel.rtf
[2012.09.24 15:32:24 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.09.24 15:32:20 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.09.24 15:23:41 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.09.24 15:23:37 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.09.24 15:23:26 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.23 12:16:20 | 000,001,087 | ---- | M] () -- C:\Users\pc\Desktop\scan.lnk
 
========== Files Created - No Company Name ==========
 
[2012.10.22 18:17:53 | 000,000,172 | ---- | C] () -- C:\Users\pc\Desktop\3.rtf
[2012.10.22 15:41:33 | 000,000,207 | ---- | C] () -- C:\Users\pc\Desktop\Dokument2.rtf
[2012.10.22 12:52:06 | 000,000,200 | ---- | C] () -- C:\Users\pc\Desktop\Dokument.rtf
[2012.10.21 19:00:23 | 000,271,760 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.20 09:16:39 | 000,001,828 | ---- | C] () -- C:\Users\pc\Desktop\JDownloader.lnk
[2012.10.20 09:16:31 | 000,001,792 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.10.20 09:16:31 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012.10.20 09:16:31 | 000,001,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.10.20 09:05:25 | 000,000,231 | ---- | C] () -- C:\Users\pc\Desktop\Search the Web.url
[2012.10.20 09:05:25 | 000,000,225 | ---- | C] () -- C:\Users\pc\Desktop\SweetPcFix.url
[2012.10.19 09:54:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.18 20:15:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.18 20:15:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.18 20:15:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.18 20:15:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.18 20:15:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.18 14:05:59 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.11 16:56:57 | 000,001,608 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.11 16:56:56 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.11 13:01:42 | 000,006,562 | ---- | C] () -- C:\Users\pc\Desktop\vvvvc.eml
[2012.10.10 11:22:22 | 000,000,000 | ---- | C] () -- C:\Users\pc\defogger_reenable
[2012.10.07 12:49:48 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.10.07 12:49:48 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012.10.07 12:49:47 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012.09.26 11:04:43 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\WashAndGo.lnk
[2012.09.24 22:18:28 | 000,002,174 | ---- | C] () -- C:\Users\pc\Documents\semmelknödel.rtf
[2012.09.23 23:10:26 | 000,000,294 | ---- | C] () -- C:\Windows\tasks\WebReg Deskjet F300 series.job
[2012.09.23 12:12:43 | 000,001,087 | ---- | C] () -- C:\Users\pc\Desktop\scan.lnk
[2012.09.12 12:25:02 | 001,006,448 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.09.12 12:25:02 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.07.10 14:48:59 | 000,000,519 | ---- | C] () -- C:\Users\pc\pc - Verknüpfung.lnk
[2012.04.27 18:29:20 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.12 21:21:00 | 000,000,680 | ---- | C] () -- C:\Users\pc\AppData\Local\d3d9caps.dat
[2011.10.29 20:04:04 | 001,391,616 | ---- | C] () -- C:\Windows\System32\ActPDF.dll
[2011.10.29 20:03:43 | 000,691,200 | ---- | C] () -- C:\Windows\System32\PrintLog.exe
[2011.03.13 16:17:06 | 000,000,058 | ---- | C] () -- C:\Users\pc\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.02.25 15:46:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.25 15:46:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.12.31 17:07:07 | 000,164,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.12.31 17:06:48 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 925 bytes -> C:\Users\pc\Desktop\vvvvc.eml:OECustomProperty

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 22.10.2012 22:30:58 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\pc\Desktop\trojaner board
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,63% Memory free
4,22 Gb Paging File | 2,94 Gb Available in Paging File | 69,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 63,48 Gb Total Space | 29,16 Gb Free Space | 45,93% Space Free | Partition Type: NTFS
Drive D: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 387,63 Gb Total Space | 362,61 Gb Free Space | 93,54% Space Free | Partition Type: NTFS
Drive H: | 1,84 Gb Total Space | 1,82 Gb Free Space | 99,16% Space Free | Partition Type: FAT
 
Computer Name: PC-PC | User Name: pc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DAFA34-45E8-46A6-843F-AF34F4467C9C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{1CBD7845-0288-4425-BA04-97252E840043}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{226CBE0F-9F1C-4B84-A7A8-097A9C328133}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{2F8FE96A-37FC-48FC-A274-7179176F6E5E}" = protocol=6 | dir=in | app=c:\users\pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{30A19E42-C52D-4250-AA47-B5CC06F25C75}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{36DFF524-B990-4A6C-9DD8-A35391AF6005}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{55E9438A-EA76-4F28-B6FC-6D4B06A6EE3A}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{570FE284-895B-425F-98A0-58F43085550D}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{6B5F328B-B609-45E4-B1F0-10A4A8981D6B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{6CFC040B-44EC-400C-9A72-FE2A642E6067}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{7406A79B-7E27-41B4-89EF-A91417F64737}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{779F3503-F364-4FE7-9CE1-37D85F63A158}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{79957D25-5AAE-4D80-BCD0-5FF98F001471}" = protocol=17 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{822A9053-E4C8-4229-A730-70E667EB0997}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{9395F2EB-E730-41D8-AE48-44C71B493927}" = protocol=6 | dir=in | app=c:\program files\netdrive\ndsvc.exe | 
"{96151931-4520-43E4-A689-52E226F4F082}" = protocol=17 | dir=in | app=c:\users\pc\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B18D5A65-90AB-4F84-B3D4-CF4A2BCD1A3C}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{B652535E-06B3-4831-A7FC-7D3B0C31336C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{B6569463-37A6-457C-B2CF-CA6BA5D3D665}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{CF8C0B69-02D6-4BF4-8F2D-3E3452DFAECC}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{DB981E26-B54D-42DC-980D-44D30D7A2EA1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{DC710067-43A4-4852-BEE0-693EEF7CABBF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{E02E6A6E-55B2-47CC-9DAF-A872D61B3CFD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F34F597B-25CF-41E3-AB7E-9B2E4155FDA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F4CF3062-B85A-47D4-AD86-9AEB657CE2B9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{83523A5E-6197-4677-9AB9-1354342A3F07}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5825ABB3-A8F9-4ED4-B057-F4799EC1B792}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1" = YouTube Song Downloader
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1" = CheckDrive
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E55B3271-7CA8-4D0C-AE06-69A24856E997}_is1" = Uniblue RegistryBooster
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"5513-1208-7298-9440" = JDownloader 0.9
"AbAlarm_is1" = AbAlarm
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DealBulldog Toolbar Toolbar" = DealBulldog Toolbar Toolbar
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Lunascape6" = Lunascape6 (All Users)
"MailXXL.com" = MailXXL.com Tools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"MyKeyFinder_is1" = MyKeyFinder
"NetDrive" = NetDrive
"Schirmfoto_is1" = Schirmfoto
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WashAndGo_is1" = WashAndGo
"WNLT" = Web Optimizer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.10.2012 11:54:35 | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.10.2012 15:37:06 | Computer Name = pc-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 22.10.2012 11:55:35 | Computer Name = pc-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 10.161.154.243 für die Netzwerkkarte mit der Netzwerkadresse
 001E101FA1F5 wurde durch den DHCP-Server 10.49.195.162 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 22.10.2012 11:56:49 | Computer Name = pc-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 22.10.2012 15:39:56 | Computer Name = pc-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

--- --- ---

schrauber · 23.10.2012, 07:24

Downloade dir bitte Windows Repair (All In One) von hier.

Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
Klicke auf Step 2 und drücke unter Check Disk auf Do It.
Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.
Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.
Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
Hake Restart System when Finished an.
Drücke Start.

mädchen · 23.10.2012, 09:02

Hallo,
mh,auf der Windows Repair Seite sind unter Installer sechs Download-Buttons und unter Portable nochmal vier. Zwei davon sind direct download. Welche(n) muss ich nehmen?

LG (du machst dir eine Mühe mit mir, is ja toll )
mädchen

20.10.2012, 18:45	#17
schrauber /// the machine /// TB-Ausbilder	Pc hängt öfter Hast Du nicht, also kannste den Scan einfach laufen lassen __________________ __________________

22.10.2012, 08:42	#19
schrauber /// the machine /// TB-Ausbilder	Pc hängt öfter Dann poste mal bitte ein frisches OTL logfile. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

22.10.2012, 12:12	#23
schrauber /// the machine /// TB-Ausbilder	Pc hängt öfter Versuch mal das hier Process Explorer __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

22.10.2012, 13:04	#25
schrauber /// the machine /// TB-Ausbilder	Pc hängt öfter LAss das Tool mal offen udn schau in dem Moment, wo der PC hängt, ob irgend ein Prozess extrem viel CPU-Auslastung verursacht. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

22.10.2012, 17:41	#27
schrauber /// the machine /// TB-Ausbilder	Pc hängt öfter Öffne mal bitte OTL, bei Extra Registrierung auf Benutze Safe List stellen und Scan Button drücken. Poste bitte beide Logfiles __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Pc hängt öfter

Plagegeister aller Art und deren Bekämpfung: Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Pc hängt öfter

Ähnliche Themen: Pc hängt öfter

22.10.2012, 08:40	#18
mädchen	Pc hängt öfter Hallo schrauber, es klappt nicht mit dem Eset Scanner. Es wird gewartet..... und gewartet..... und gewartet....., tut sich auch nach 10 Minuten nichts. Und ich habe leider so gut wie alle Probleme die ich am Anfang hatte jetzt auch wieder. Gruß mädchen __________________

22.10.2012, 12:04	#22
mädchen	Pc hängt öfter Boah, Wurm drin! Unter Anleitung ist die Seite nicht mehr verfügbar. Beim Process Explorer kann die Webseite nicht angezeigt werden. Grüße mädchen

22.10.2012, 12:54	#24
mädchen	Pc hängt öfter Au weia, ich weiß weder was eine CPU ist noch wie man einen screenshot macht. Aber jetzt habe ich das Vista snipping tool kennengelernt ! Hoffentlich ist das so richtig. Mehr kann ich jetzt leider nicht machen, habe gleich einen Termin. Melde mich heute nachmittag wieder.LG mädchen Miniaturansicht angehängter Grafiken

23.10.2012, 09:02	#30
mädchen	Pc hängt öfter Hallo, mh,auf der Windows Repair Seite sind unter Installer sechs Download-Buttons und unter Portable nochmal vier. Zwei davon sind direct download. Welche(n) muss ich nehmen? LG (du machst dir eine Mühe mit mir, is ja toll ) mädchen