| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: yahoo mailaccount versendet selbstständig einen linkWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.10.2012, 15:49
| #1 |
 |  yahoo mailaccount versendet selbstständig einen link Hallo zusammen, ich habe folgendes Problem: mein yahoo-mail ACC versendet Spam-mail an meine Adressliste mit nur einem link darin. Ich habe schon gesehen das einige betroffen sind von den Usern hier im Board. Der scan mit Avast hat nichts gebracht. Vll. kann mir einer von euch weiterhelfen. Danke schon im Voraus! defogger hat keine Fehlermeldung ausgegeben, die anderen 3 txt nun hier:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2012 14:17:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,01% Memory free 5,83 Gb Paging File | 4,82 Gb Available in Paging File | 82,58% Paging File free Paging file location(s): C:\pagefile.sys 4096 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97,65 Gb Total Space | 76,42 Gb Free Space | 78,25% Space Free | Partition Type: NTFS Drive D: | 97,65 Gb Total Space | 69,79 Gb Free Space | 71,47% Space Free | Partition Type: NTFS Drive E: | 97,65 Gb Total Space | 76,78 Gb Free Space | 78,62% Space Free | Partition Type: NTFS Drive F: | 172,79 Gb Total Space | 98,05 Gb Free Space | 56,75% Space Free | Partition Type: NTFS Drive G: | 1,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KAY-UWE-PC | User Name: Kay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.18 14:17:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Downloads\OTL.exe PRC - [2012.10.10 12:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2012.09.09 13:41:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- D:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2012.09.05 05:40:26 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.09.04 21:28:15 | 002,211,840 | ---- | M] () -- D:\Programme\apache2triad\mysql\bin\mysqld.exe PRC - [2012.09.04 21:28:08 | 000,339,968 | ---- | M] () -- D:\Programme\apache2triad\mail\bin\xmail.exe PRC - [2012.09.04 21:27:42 | 000,020,541 | ---- | M] (Apache Software Foundation) -- D:\Programme\apache2triad\bin\apache.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011.11.09 02:45:34 | 002,972,672 | ---- | M] () -- C:\Mouse driver\mouse_driver.exe PRC - [2010.10.05 01:54:56 | 000,147,456 | ---- | M] () -- C:\Mouse driver\wh_exec.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2002.07.22 02:10:00 | 000,577,602 | ---- | M] (Logitech Inc. ) -- C:\Programme\Logitech\iTouch\iTouch.exe ========== Modules (No Company Name) ========== MOD - [2012.10.18 09:30:34 | 001,818,112 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\12101800\algo.dll MOD - [2012.10.17 17:37:48 | 001,817,600 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\12101701\algo.dll MOD - [2012.10.10 12:06:15 | 000,460,312 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll MOD - [2012.10.10 12:06:13 | 012,435,992 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll MOD - [2012.10.10 12:06:12 | 004,005,912 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\pdf.dll MOD - [2012.10.10 12:04:57 | 000,578,072 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\libglesv2.dll MOD - [2012.10.10 12:04:55 | 000,123,928 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\libegl.dll MOD - [2012.10.10 12:04:44 | 000,156,712 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\avutil-51.dll MOD - [2012.10.10 12:04:43 | 000,275,496 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\avformat-54.dll MOD - [2012.10.10 12:04:42 | 002,168,360 | ---- | M] () -- C:\Programme\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll MOD - [2012.09.04 21:30:04 | 000,364,544 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\zendoptimizer.dll MOD - [2012.09.04 21:30:04 | 000,061,440 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_xmlrpc.dll MOD - [2012.09.04 21:30:04 | 000,032,768 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_xslt.dll MOD - [2012.09.04 21:30:03 | 000,225,280 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_sqlite.dll MOD - [2012.09.04 21:30:02 | 000,040,960 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_sockets.dll MOD - [2012.09.04 21:30:00 | 000,131,072 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_pgsql.dll MOD - [2012.09.04 21:29:59 | 000,024,576 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mime_magic.dll MOD - [2012.09.04 21:29:59 | 000,020,480 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mhash.dll MOD - [2012.09.04 21:29:58 | 001,531,904 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mbstring.dll MOD - [2012.09.04 21:29:58 | 000,036,864 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mcrypt.dll MOD - [2012.09.04 21:29:57 | 000,802,816 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_gd2.dll MOD - [2012.09.04 21:29:57 | 000,040,960 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_gettext.dll MOD - [2012.09.04 21:29:56 | 000,651,264 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_domxml.dll MOD - [2012.09.04 21:29:56 | 000,389,120 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_dba.dll MOD - [2012.09.04 21:29:56 | 000,196,608 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_curl.dll MOD - [2012.09.04 21:29:56 | 000,061,440 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_bz2.dll MOD - [2012.09.04 21:29:56 | 000,049,152 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_dbx.dll MOD - [2012.09.04 21:29:56 | 000,036,864 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_fdf.dll MOD - [2012.09.04 21:29:56 | 000,028,672 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_dbase.dll MOD - [2012.09.04 21:29:53 | 000,166,912 | ---- | M] () -- D:\Programme\apache2triad\php\bin\libmcrypt.dll MOD - [2012.09.04 21:29:53 | 000,165,643 | ---- | M] () -- D:\Programme\apache2triad\php\bin\libmhash.dll MOD - [2012.09.04 21:28:15 | 002,211,840 | ---- | M] () -- D:\Programme\apache2triad\mysql\bin\mysqld.exe MOD - [2012.09.04 21:28:11 | 000,249,856 | ---- | M] () -- D:\Programme\apache2triad\mysql\bin\libmySQL.dll MOD - [2012.09.04 21:28:10 | 000,028,672 | ---- | M] () -- D:\Programme\apache2triad\modules\mod_php.so MOD - [2012.09.04 21:28:08 | 000,339,968 | ---- | M] () -- D:\Programme\apache2triad\mail\bin\xmail.exe MOD - [2012.09.04 21:27:46 | 000,385,024 | ---- | M] () -- D:\Programme\apache2triad\bin\sablot.dll MOD - [2012.09.04 21:27:43 | 000,135,168 | ---- | M] () -- D:\Programme\apache2triad\bin\expat.dll MOD - [2011.11.09 02:45:34 | 002,972,672 | ---- | M] () -- C:\Mouse driver\mouse_driver.exe MOD - [2010.10.05 01:54:58 | 000,036,864 | ---- | M] () -- C:\Mouse driver\wh_hook.dll MOD - [2010.10.05 01:54:56 | 000,147,456 | ---- | M] () -- C:\Mouse driver\wh_exec.exe MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.10.09 13:53:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.05 05:40:26 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.09.04 21:29:29 | 000,075,207 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- D:\Programme\apache2triad\pgsql\bin\pg_ctl.exe -- (PgSql) SRV - [2012.09.04 21:28:15 | 002,211,840 | ---- | M] () [Auto | Running] -- D:\Programme\apache2triad\mysql\bin\mysqld.exe -- (MySql) SRV - [2012.09.04 21:28:08 | 000,339,968 | ---- | M] () [Auto | Running] -- D:\Programme\apache2triad\mail\bin\xmail.exe -- (XMail) SRV - [2012.09.04 21:27:46 | 000,054,272 | ---- | M] () [Auto | Stopped] -- D:\Programme\apache2triad\ftp\SlimFTPd.exe -- (SlimFTPd) SRV - [2012.09.04 21:27:42 | 000,020,541 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- D:\Programme\apache2triad\bin\apache.exe -- (Apache2SSL) SRV - [2012.09.04 21:27:42 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\Programme\apache2triad\bin\apache.exe -- (Apache2) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.10.18 12:40:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.06.19 16:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2012.04.18 19:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.09.16 19:19:16 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\whfltr2k.sys -- (whfltr2k) DRV - [2008.12.16 15:48:40 | 000,021,144 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt) DRV - [2008.12.16 15:47:00 | 000,013,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005.03.09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2002.07.10 04:10:00 | 000,011,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=hp&exp=true IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2851647.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.selectedEngine: "uTorrentBar_DE Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13" FF - prefs.js..extensions.enabledAddons: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:10.10.27.6 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: D:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: D:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: D:\Programme\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.09 13:42:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.15 17:44:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.09.28 17:01:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.10.10 12:52:20 | 000,000,000 | ---D | M] [2012.08.06 22:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Extensions [2012.09.08 12:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\extensions [2012.09.08 12:29:32 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2012.08.10 19:59:02 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.28 16:43:56 | 000,000,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\searchplugins\conduit.xml ========== Chrome ========== CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48 CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - Extension: AdBlock = C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\ CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2012.09.15 19:13:18 | 000,444,297 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15259 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avast] D:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] D:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uni mouse driver] C:\Mouse driver\mouse_driver.exe () O4 - HKLM..\Run: [uni mouse driver tilt] C:\Mouse driver\wh_exec.exe () O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. ) O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26FC5EC-2642-44C5-B980-53ACF0E27835}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.06 17:24:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011.11.14 03:19:03 | 000,000,065 | R--- | M] () - G:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{449c3b4c-e96b-11e1-b529-001617da05eb}\Shell\AutoRun\command - "" = H:\DVAP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.18 12:35:31 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.10.18 12:35:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Malwarebytes [2012.10.18 12:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.10.17 16:16:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2012.10.16 17:08:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2012.10.16 17:08:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager [2012.10.13 16:37:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVDVideoSoft [2012.10.13 15:52:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Youtube Downloader HD [2012.10.13 15:52:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Youtube Downloader HD [2012.10.13 15:52:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\OpenCandy [2012.10.10 12:52:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF-XChange PDF Viewer [2012.10.06 18:19:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wave Editor [2012.10.05 19:03:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kay\Recent [2012.09.29 11:51:19 | 000,040,960 | ---- | C] (Nenad Hrg SoftwareOK.com) -- C:\Dokumente und Einstellungen\Kay\Desktop\StressMyPC.exe [2012.09.29 09:04:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Apple Computer [2012.09.28 18:04:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple [2012.09.28 17:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2012.09.28 17:00:29 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2012.09.28 17:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer [2012.09.28 17:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple [2012.09.28 16:59:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Apple [2012.09.28 16:59:55 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2012.09.28 16:59:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple [2012.09.28 16:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Apple Computer [2012.09.28 16:57:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe [2012.09.23 14:25:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\PhoenixViewer [2012.09.21 16:01:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mouse driver [2012.09.21 16:01:40 | 000,000,000 | ---D | C] -- C:\Mouse driver [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.18 14:16:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\defogger_reenable [2012.10.18 13:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.10.18 13:42:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.10.18 13:31:00 | 000,001,202 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-839522115-1003UA.job [2012.10.18 12:40:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.10.18 11:58:53 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2012.10.18 07:58:04 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-179605362-839522115-1003.job [2012.10.18 07:57:52 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012.10.18 07:57:48 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-179605362-839522115-1003.job [2012.10.18 07:57:32 | 000,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2012.10.18 07:57:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.10.18 07:57:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.17 18:31:00 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-839522115-1003Core.job [2012.10.17 16:26:17 | 000,126,663 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vorsicht bei gespraechen.png [2012.10.16 12:41:44 | 000,061,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vielen dank.png [2012.10.16 12:40:07 | 000,034,485 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Erinnerungen.png [2012.10.14 09:01:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.13 15:52:43 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Youtube Downloader HD.lnk [2012.10.12 18:04:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.10.11 13:45:49 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2012.10.10 12:52:18 | 000,000,700 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PDF-Viewer.lnk [2012.10.08 05:27:24 | 000,736,038 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Auge geschwollen.jpg [2012.10.06 18:19:40 | 000,000,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Wave Editor.lnk [2012.10.06 07:56:08 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.05 19:02:52 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.10.04 18:41:32 | 000,915,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PA040057.JPG [2012.09.29 12:20:31 | 000,000,056 | -H-- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\StressMyPC.ini [2012.09.28 17:00:50 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.09.24 19:42:06 | 000,000,869 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Singularity Viewer.lnk [2012.09.23 13:47:16 | 000,753,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Rettich.jpg [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.18 14:16:38 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\defogger_reenable [2012.10.17 16:26:17 | 000,126,663 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vorsicht bei gespraechen.png [2012.10.16 12:41:44 | 000,061,925 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vielen dank.png [2012.10.16 12:40:07 | 000,034,485 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Erinnerungen.png [2012.10.13 15:52:43 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Youtube Downloader HD.lnk [2012.10.10 12:52:18 | 000,000,700 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PDF-Viewer.lnk [2012.10.08 07:38:57 | 000,736,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Auge geschwollen.jpg [2012.10.06 18:19:40 | 000,000,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Wave Editor.lnk [2012.10.06 07:56:08 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.04 18:51:22 | 000,915,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PA040057.JPG [2012.09.29 11:55:05 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\StressMyPC.ini [2012.09.28 17:00:50 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk [2012.09.28 16:59:58 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.09.28 16:59:57 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk [2012.09.28 16:58:15 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.09.23 15:58:06 | 000,753,864 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Rettich.jpg [2012.09.08 12:33:39 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll [2012.09.04 21:31:35 | 000,040,652 | ---- | C] () -- C:\WINDOWS\php.ini [2012.09.04 21:31:35 | 000,002,714 | ---- | C] () -- C:\WINDOWS\my.ini [2012.09.04 21:31:35 | 000,000,227 | ---- | C] () -- C:\WINDOWS\odbc.ini [2012.09.01 09:15:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.08.25 15:02:54 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini [2012.08.19 15:21:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVAP.set [2012.08.19 15:21:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2012.08.19 08:48:17 | 000,064,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.08.10 21:04:32 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.06 18:30:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll [2012.08.06 18:25:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2012.08.06 18:21:12 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT [2012.08.06 18:14:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.08.06 18:10:43 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT [2012.08.06 17:45:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012.08.06 17:37:18 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2012.08.06 17:33:48 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.08.06 17:33:48 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.08.06 17:33:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.08.06 17:33:38 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.08.06 17:26:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.08.06 17:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.08.06 17:55:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008.04.14 07:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.15 17:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.09.09 00:32:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firebird [2012.08.06 17:59:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2012.10.16 17:11:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2012.09.15 17:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.10.13 16:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVDVideoSoft [2012.09.09 17:04:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens [2012.10.13 15:52:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\OpenCandy [2012.08.10 20:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Oracle [2012.09.08 16:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\SecondLife [2012.09.15 17:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\TestApp [2012.09.09 00:34:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\uTorrent [2012.10.13 16:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Youtube Downloader HD ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.10.2012 14:17:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 43,01% Memory free
5,83 Gb Paging File | 4,82 Gb Available in Paging File | 82,58% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,65 Gb Total Space | 76,42 Gb Free Space | 78,25% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 69,79 Gb Free Space | 71,47% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 76,78 Gb Free Space | 78,62% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 98,05 Gb Free Space | 56,75% Space Free | Partition Type: NTFS
Drive G: | 1,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: KAY-UWE-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"D:\Programme\Singularity1.7.0.2621\SLVoice.exe" = D:\Programme\Singularity1.7.0.2621\SLVoice.exe:*:Enabled:SLVoice
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Programme\Singularity1.7.0.2621\Singularity\SLVoice.exe" = D:\Programme\Singularity1.7.0.2621\Singularity\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Programme\SpacialAudio\SAMBC\SAMBC.exe" = D:\Programme\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC -- ()
"D:\Programme\Singularity Viewer 1.7.2(2956)\SLVoice.exe" = D:\Programme\Singularity Viewer 1.7.2(2956)\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"D:\Programme\Singularity Viewer 1.7.2(2956)\SLPlugin.exe" = D:\Programme\Singularity Viewer 1.7.2(2956)\SLPlugin.exe:*:Enabled:SLPlugin -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{044197D0-BA1C-4567-A8E3-A6491A6DC4EE}" = ArcSoft MediaImpression 2
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8128C40-C9AA-42BE-9BBC-BAC2AA17FCD1}" = Mining4Lindens
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Apache2Triad" = Apache2Triad: apache server bundle
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow_is1" = ffdshow v1.1.3425 [2010-05-08]
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"RealPlayer 15.0" = RealPlayer
"SAM3" = SAM3 (remove only)
"Security Task Manager" = Security Task Manager 1.8d
"Singularity" = Singularity (remove only)
"uni mouse driver" = Mouse driver v1.0
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wave Editor_is1" = Wave Editor 3.2.1.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.09.2012 05:14:29 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 07:12:49 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 07:13:29 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 09:12:26 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 09:13:06 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 11:12:35 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 11:13:16 | Computer Name = KAY-UWE-PC | Source = Avira Antivirus | ID = 4117
Description =
Error - 15.09.2012 13:53:31 | Computer Name = KAY-UWE-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.09.2012 13:53:32 | Computer Name = KAY-UWE-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SpybotSD.exe, Version 1.6.2.46, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 16.09.2012 00:37:23 | Computer Name = KAY-UWE-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Skype.exe, Version 5.10.0.116, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 15.09.2012 09:12:37 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist
bereits 8 Mal passiert.
Error - 15.09.2012 09:13:06 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem
Fehler beendet: 1 (0x1).
Error - 15.09.2012 09:13:16 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist
bereits 9 Mal passiert.
Error - 15.09.2012 11:12:46 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist
bereits 10 Mal passiert.
Error - 15.09.2012 11:13:16 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem
Fehler beendet: 1 (0x1).
Error - 15.09.2012 11:13:26 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Avira Echtzeit Scanner" wurde unerwartet beendet. Dies ist
bereits 11 Mal passiert.
Error - 26.09.2012 13:58:51 | Computer Name = KAY-UWE-PC | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000040, 2. Parameter 00730000,
3. Parameter 80000000, 4. Parameter 00000000.
Error - 26.09.2012 13:58:56 | Computer Name = KAY-UWE-PC | Source = System Error | ID = 1003
Description = Fehlercode 000000c2, 1. Parameter 00000040, 2. Parameter 00000000,
3. Parameter 80000000, 4. Parameter 00000000.
Error - 18.10.2012 01:58:06 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "SlimFTPd" konnte sich nicht als ".\apache2triad" mit dem
aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie
sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 18.10.2012 01:58:06 | Computer Name = KAY-UWE-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2Triad SlimFTPd Server" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-18 16:15:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 WDC_WD5000AAKB-00H8A0 rev.05.04E05
Running: zknlyfvq.exe; Driver: C:\DOKUME~1\Kay\LOKALE~1\Temp\pwldafow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB3832708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB39057C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB383311C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB3874401]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB383DF28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB383DF74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB383E0F6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB3873DB5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB383DE96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB383DFB8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB383DEDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB3833310]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB383E0B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB3833A9C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB3832756]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB3874AC7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB3874D7D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB38370E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB3874932]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB387479D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB39058AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB38323BE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB38327A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB3837456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB3834464]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB383DF52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB383DF96]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB383E11A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB3874111]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB383DEBC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB3836C5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB383E03A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB383DF06]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB3836E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB383E0D4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB3905A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB3874618]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB3834330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB387446A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB3833EDA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB391130E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB3873428]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB38327F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3832840]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB383391C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3832448]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB38325F8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB3874BCE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB383259E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB3833BFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB3833D5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3832668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB3833632]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB3833794]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB383288E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB3833160]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [F2, 27, 83, B3, 40, 28, 83, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [FE, 3B, 83, B3, 5A, 3D, 83, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL B3834AF1 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6A073C0, 0x9B091A, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP B3838A6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 3625 BF80CF90 5 Bytes JMP B383895E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP B3838918 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP B38375AA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 199A BF820E6C 5 Bytes JMP B3837FCA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP B38376E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP B3838BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP B383881E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP B3838DE0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP B3837756 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 113C6 BF84928E 5 Bytes JMP B3837FB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2E60 BF852720 5 Bytes JMP B383808C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP B3837592 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP B3838D3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP B3838B20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP B38389A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 3617 BF88FFB6 5 Bytes JMP B3837C00 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP B3837DC0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF8ADD61 5 Bytes JMP B38380A4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP B3837B40 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP B3837E06 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP B3837866 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP B383748C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 9006 BF8F4FC9 5 Bytes JMP B3837FE2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP B383793E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP B3837A6A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP B3837682 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP B3837812 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP B3837F20 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP B3838C96 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\Dokumente und Einstellungen\Kay\Desktop\zknlyfvq.exe[124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Dokumente und Einstellungen\Kay\Desktop\zknlyfvq.exe[124] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\RunDLL32.exe[192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\RunDLL32.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[212] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[212] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe[252] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Logitech\iTouch\iTouch.exe[284] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Logitech\iTouch\iTouch.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[408] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[408] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[520] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[576] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[820] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[928] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[928] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\AvastSvc.exe[1192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\AvastSvc.exe[1192] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text D:\Programme\AVAST Software\Avast\AvastSvc.exe[1192] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\Real\RealPlayer\update\realsched.exe[1224] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\Real\RealPlayer\update\realsched.exe[1224] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text D:\Programme\Real\RealPlayer\update\realsched.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\avastUI.exe[1240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\AVAST Software\Avast\avastUI.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Mouse driver\mouse_driver.exe[1244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Mouse driver\mouse_driver.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Mouse driver\wh_exec.exe[1264] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Mouse driver\wh_exec.exe[1264] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1316] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\apache2triad\bin\apache.exe[1484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\apache2triad\bin\apache.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[1576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\apache2triad\mysql\bin\mysqld.exe[1612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\apache2triad\mysql\bin\mysqld.exe[1612] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\Spybot - Search & Destroy\TeaTimer.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\apache2triad\mail\bin\XMail.exe[1988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\apache2triad\mail\bin\XMail.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text D:\Programme\apache2triad\bin\apache.exe[2292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text D:\Programme\apache2triad\bin\apache.exe[2292] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3148] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3308] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3308] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3348] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3916] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9271AA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[3916] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@iamiohjolindhfbmbe 0x69 0x61 0x6F 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@hagiedkckaafcfag 0x69 0x61 0x62 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@iaijoeafkjhhhnlefj 0x63 0x61 0x6E 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@dbndaelnnndpmmilipfblhnloplhdgfcchnmjcjb 0x68 0x61 0x62 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@jbndaelnnndpmmilipfbmgjngffenjjlbgieedacmacpmbfndjep 0x68 0x61 0x62 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB645807-DA50-885D-DE3E-DF19C02E20F3}@dbndaelnnndpmmilipfbcikfebfghemolfeekjgc 0x62 0x61 0x67 0x63 ...
---- EOF - GMER 1.0.15 ----
was ich noch vergessen habe, Malwarebytes Anti-Malware lässt sich zwar inst. aber nicht ausführen oder aktualisieren! das Fenster öffnet sich kurz und verschwindet nach dem anklicken wieder  Geändert von Style73 (18.10.2012 um 15:54 Uhr) |
|
19.10.2012, 12:57
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | yahoo mailaccount versendet selbstständig einen link Das schon probiert => http://www.trojaner-board.de/82699-m...tet-nicht.html
__________________Ggf im Zusammenhang mit dem random installer probieren, falls man schon Probleme bei der Installation bzw. beim Download hat => http://malwarebytes.org/mbam-download-exe-random.php
__________________ |
|
20.10.2012, 09:36
| #3 |
| | yahoo mailaccount versendet selbstständig einen link Selbst wenn ich es mit OTH - OTHelper - Kill All Processes mache funktioniert es nicht, inst. klappt aber sobald ich scannen will oder aktuallisieren geht Malwarebytes einfach aus!
__________________ |
|
21.10.2012, 12:03
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | yahoo mailaccount versendet selbstständig einen link Schonmal den abgesicherten Modus mit Netwerktreibern getestet?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.10.2012, 13:54
| #5 |
| | yahoo mailaccount versendet selbstständig einen link So nun hab ich das endlich hinbekommen, Malwarebytes konnte sogar ein update machen, was vorher im abgesicherten Modus auch nicht ging, hatte es da aber schon einmal durchlaufen lassen,die beiden Logs anbei. Avast hat nun auch was endeckt aber sofort entfert (hoffe ich mal) Seit Mittwoch hat es auch keine erneuten Sendungen über meinen Mail-ACC gegeben. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.09.29.05 Windows XP Service Pack 3 x86 NTFS (Safe Mode) Internet Explorer 6.0.2900.5512 Administrator :: KAY-UWE-PC [administrator] 21.10.2012 15:25:16 mbam-log-2012-10-21 (18-34-33).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 570542 Time elapsed: 2 hour(s), 40 minute(s), Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens\Miners\rpcminer-cpu.exe (PUP.BitCoinMiner) -> No action taken. D:\Programme\Paragon Software\Alles Mounter\WinPM\Resource\GER_RC.dll (Trojan.Agent) -> No action taken. F:\von FP C Windows 7\Kay\AppData\Roaming\Mining4Lindens\Miners\rpcminer-cpu.exe (PUP.BitCoinMiner) -> No action taken. (end) Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.10.23.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Administrator :: KAY-UWE-PC [administrator] 23.10.2012 09:46:31 mbam-log-2012-10-23 (14-33-45).txt Scan type: Full scan (C:\|D:\|E:\|F:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 531412 Time elapsed: 1 hour(s), 19 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens\Miners\rpcminer-cpu.exe (PUP.BitCoinMiner) -> No action taken. F:\von FP C Windows 7\Kay\AppData\Roaming\Mining4Lindens\Miners\rpcminer-cpu.exe (PUP.BitCoinMiner) -> No action taken. (end) Geändert von Style73 (23.10.2012 um 14:00 Uhr) |
|
23.10.2012, 20:15
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | yahoo mailaccount versendet selbstständig einen link Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\Installer\*. /s
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Installer\*. /s
CREATERESTOREPOINT
__________________ --> yahoo mailaccount versendet selbstständig einen link |
|
23.10.2012, 21:48
| #7 |
| | yahoo mailaccount versendet selbstständig einen link Dankeschön für den Hinweis, werde ich beachten in Zukunft und für die schnelle Antwort, hoffe ich hab alles richtig gemacht OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.10.2012 22:36:14 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Kay\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 81,40% Memory free
5,83 Gb Paging File | 5,38 Gb Available in Paging File | 92,15% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,65 Gb Total Space | 81,98 Gb Free Space | 83,95% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 75,29 Gb Free Space | 77,09% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 76,88 Gb Free Space | 78,73% Space Free | Partition Type: NTFS
Drive F: | 172,79 Gb Total Space | 98,33 Gb Free Space | 56,91% Space Free | Partition Type: NTFS
Drive G: | 1,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 39,08 Mb Total Space | 22,35 Mb Free Space | 57,19% Space Free | Partition Type: FAT
Drive I: | 3,70 Gb Total Space | 2,14 Gb Free Space | 57,81% Space Free | Partition Type: FAT32
Drive J: | 36,04 Mb Total Space | 36,04 Mb Free Space | 99,98% Space Free | Partition Type: FAT
Computer Name: KAY-UWE-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.23 22:31:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kay\Desktop\OTL (1).exe
PRC - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012.09.09 13:41:48 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- D:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.09.04 21:28:15 | 002,211,840 | ---- | M] () -- D:\Programme\apache2triad\mysql\bin\mysqld.exe
PRC - [2012.09.04 21:28:08 | 000,339,968 | ---- | M] () -- D:\Programme\apache2triad\mail\bin\xmail.exe
PRC - [2012.09.04 21:27:42 | 000,020,541 | ---- | M] (Apache Software Foundation) -- D:\Programme\apache2triad\bin\apache.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- D:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.11.09 02:45:34 | 002,972,672 | ---- | M] () -- C:\Mouse driver\mouse_driver.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.10.05 01:54:56 | 000,147,456 | ---- | M] () -- C:\Mouse driver\wh_exec.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.07.22 02:10:00 | 000,577,602 | ---- | M] (Logitech Inc. ) -- C:\Programme\Logitech\iTouch\iTouch.exe
========== Modules (No Company Name) ==========
MOD - [2012.10.23 14:11:24 | 001,821,696 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\12102301\algo.dll
MOD - [2012.10.23 10:09:49 | 001,821,696 | ---- | M] () -- D:\Programme\AVAST Software\Avast\defs\12102300\algo.dll
MOD - [2012.09.04 21:30:04 | 000,364,544 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\zendoptimizer.dll
MOD - [2012.09.04 21:30:04 | 000,061,440 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_xmlrpc.dll
MOD - [2012.09.04 21:30:04 | 000,032,768 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_xslt.dll
MOD - [2012.09.04 21:30:03 | 000,225,280 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_sqlite.dll
MOD - [2012.09.04 21:30:02 | 000,040,960 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_sockets.dll
MOD - [2012.09.04 21:30:00 | 000,131,072 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_pgsql.dll
MOD - [2012.09.04 21:29:59 | 000,024,576 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mime_magic.dll
MOD - [2012.09.04 21:29:59 | 000,020,480 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mhash.dll
MOD - [2012.09.04 21:29:58 | 001,531,904 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mbstring.dll
MOD - [2012.09.04 21:29:58 | 000,036,864 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_mcrypt.dll
MOD - [2012.09.04 21:29:57 | 000,802,816 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_gd2.dll
MOD - [2012.09.04 21:29:57 | 000,040,960 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_gettext.dll
MOD - [2012.09.04 21:29:56 | 000,651,264 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_domxml.dll
MOD - [2012.09.04 21:29:56 | 000,389,120 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_dba.dll
MOD - [2012.09.04 21:29:56 | 000,196,608 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_curl.dll
MOD - [2012.09.04 21:29:56 | 000,061,440 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_bz2.dll
MOD - [2012.09.04 21:29:56 | 000,049,152 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_dbx.dll
MOD - [2012.09.04 21:29:56 | 000,036,864 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_fdf.dll
MOD - [2012.09.04 21:29:56 | 000,028,672 | ---- | M] () -- D:\Programme\apache2triad\php\extensions\php_dbase.dll
MOD - [2012.09.04 21:29:53 | 000,166,912 | ---- | M] () -- D:\Programme\apache2triad\php\bin\libmcrypt.dll
MOD - [2012.09.04 21:29:53 | 000,165,643 | ---- | M] () -- D:\Programme\apache2triad\php\bin\libmhash.dll
MOD - [2012.09.04 21:28:15 | 002,211,840 | ---- | M] () -- D:\Programme\apache2triad\mysql\bin\mysqld.exe
MOD - [2012.09.04 21:28:11 | 000,249,856 | ---- | M] () -- D:\Programme\apache2triad\mysql\bin\libmySQL.dll
MOD - [2012.09.04 21:28:10 | 000,028,672 | ---- | M] () -- D:\Programme\apache2triad\modules\mod_php.so
MOD - [2012.09.04 21:28:08 | 000,339,968 | ---- | M] () -- D:\Programme\apache2triad\mail\bin\xmail.exe
MOD - [2012.09.04 21:27:46 | 000,385,024 | ---- | M] () -- D:\Programme\apache2triad\bin\sablot.dll
MOD - [2012.09.04 21:27:43 | 000,135,168 | ---- | M] () -- D:\Programme\apache2triad\bin\expat.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.11.09 02:45:34 | 002,972,672 | ---- | M] () -- C:\Mouse driver\mouse_driver.exe
MOD - [2010.10.05 01:54:58 | 000,036,864 | ---- | M] () -- C:\Mouse driver\wh_hook.dll
MOD - [2010.10.05 01:54:56 | 000,147,456 | ---- | M] () -- C:\Mouse driver\wh_exec.exe
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- D:\Programme\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.10.09 13:53:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012.09.04 21:29:29 | 000,075,207 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- D:\Programme\apache2triad\pgsql\bin\pg_ctl.exe -- (PgSql)
SRV - [2012.09.04 21:28:15 | 002,211,840 | ---- | M] () [Auto | Running] -- D:\Programme\apache2triad\mysql\bin\mysqld.exe -- (MySql)
SRV - [2012.09.04 21:28:08 | 000,339,968 | ---- | M] () [Auto | Running] -- D:\Programme\apache2triad\mail\bin\xmail.exe -- (XMail)
SRV - [2012.09.04 21:27:46 | 000,054,272 | ---- | M] () [Auto | Stopped] -- D:\Programme\apache2triad\ftp\SlimFTPd.exe -- (SlimFTPd)
SRV - [2012.09.04 21:27:42 | 000,020,541 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- D:\Programme\apache2triad\bin\apache.exe -- (Apache2SSL)
SRV - [2012.09.04 21:27:42 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- D:\Programme\apache2triad\bin\apache.exe -- (Apache2)
SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.08.21 11:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012.08.21 11:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.06.19 16:54:20 | 006,141,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2012.04.18 19:08:05 | 000,123,840 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009.11.18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.09.16 19:19:16 | 000,007,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2008.12.16 15:48:40 | 000,021,144 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2008.12.16 15:47:00 | 000,013,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.03.09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2002.07.10 04:10:00 | 000,011,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-1202660629-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-1202660629-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=hp&exp=true
IE - HKU\S-1-5-21-1202660629-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-1202660629-179605362-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-1202660629-179605362-839522115-1003\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1202660629-179605362-839522115-1003\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=3248387b-482f-4795-8ea4-d67f1e1c6f73&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-1202660629-179605362-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-1202660629-179605362-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT2851647.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:10.10.27.6
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: D:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: D:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: D:\Programme\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.09 13:42:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: D:\Programme\AVAST Software\Avast\WebRep\FF [2012.09.15 17:44:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.09.28 17:01:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.10.10 12:52:20 | 000,000,000 | ---D | M]
[2012.08.06 22:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Extensions
[2012.09.08 12:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\extensions
[2012.09.08 12:29:32 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.08.10 19:59:02 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.28 16:43:56 | 000,000,921 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla\Firefox\Profiles\0isg17t1.default\searchplugins\conduit.xml
========== Chrome ==========
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=48
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - Extension: AdBlock = C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2012.09.15 19:13:18 | 000,444,297 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15259 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] D:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] D:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [uni mouse driver] C:\Mouse driver\mouse_driver.exe ()
O4 - HKLM..\Run: [uni mouse driver tilt] C:\Mouse driver\wh_exec.exe ()
O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - HKU\S-1-5-21-1202660629-179605362-839522115-1003..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-179605362-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-179605362-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E26FC5EC-2642-44C5-B980-53ACF0E27835}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.06 17:24:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.11.14 03:19:03 | 000,000,065 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010.09.24 11:35:20 | 000,000,075 | ---- | M] () - H:\Autorun.inf -- [ FAT ]
O33 - MountPoints2\{449c3b4c-e96b-11e1-b529-001617da05eb}\Shell\AutoRun\command - "" = H:\DVAP.exe -- [2011.03.30 22:57:48 | 001,343,488 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\INF\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.10.23 22:31:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kay\Desktop\OTL (1).exe
[2012.10.23 17:33:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Badoo
[2012.10.22 23:18:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.10.22 23:18:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.22 23:18:50 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.22 22:55:24 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Kay\Desktop\mbam-setup-1.65.1.1000.exe
[2012.10.22 22:39:14 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012.10.21 15:21:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.10.19 17:34:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012.10.19 17:31:00 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kay\Desktop\OTH.scr
[2012.10.18 21:54:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Kay\Recent
[2012.10.18 12:35:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Malwarebytes
[2012.10.18 12:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.17 16:16:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012.10.16 17:08:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2012.10.13 16:37:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVDVideoSoft
[2012.10.13 15:52:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Youtube Downloader HD
[2012.10.13 15:52:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Youtube Downloader HD
[2012.10.13 15:52:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\OpenCandy
[2012.10.10 12:52:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF-XChange PDF Viewer
[2012.10.06 18:19:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wave Editor
[2012.09.29 11:51:19 | 000,040,960 | ---- | C] (Nenad Hrg SoftwareOK.com) -- C:\Dokumente und Einstellungen\Kay\Desktop\StressMyPC.exe
[2012.09.29 09:04:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Apple Computer
[2012.09.28 18:04:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2012.09.28 17:00:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012.09.28 17:00:29 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012.09.28 17:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2012.09.28 17:00:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2012.09.28 16:59:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Apple
[2012.09.28 16:59:55 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2012.09.28 16:59:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2012.09.28 16:59:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2012.09.28 16:57:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.23 22:31:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kay\Desktop\OTL (1).exe
[2012.10.23 22:31:00 | 000,001,202 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-839522115-1003UA.job
[2012.10.23 21:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.23 21:42:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 19:54:20 | 001,033,866 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0075.JPG
[2012.10.23 19:54:02 | 001,028,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0074.JPG
[2012.10.23 19:53:44 | 000,994,049 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0073.JPG
[2012.10.23 19:53:12 | 001,317,367 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0072.JPG
[2012.10.23 19:52:54 | 001,258,062 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0071.JPG
[2012.10.23 19:52:22 | 001,285,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0070.JPG
[2012.10.23 19:51:54 | 001,281,278 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0069.JPG
[2012.10.23 19:51:16 | 001,266,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0068.JPG
[2012.10.23 18:31:00 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-839522115-1003Core.job
[2012.10.23 17:49:02 | 000,000,065 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2012.10.23 17:49:00 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012.10.23 17:48:59 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-179605362-839522115-1003.job
[2012.10.23 17:48:58 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 17:48:58 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-179605362-839522115-1003.job
[2012.10.23 14:50:57 | 000,558,133 | ---- | M] () -- C:\WINDOWS\System32\sqlite3.dll
[2012.10.23 14:34:18 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.10.23 09:43:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.23 09:38:25 | 000,000,223 | RHS- | M] () -- C:\boot.ini
[2012.10.22 23:18:51 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.21 16:32:52 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Kay\Desktop\mbam-setup-1.65.1.1000.exe
[2012.10.19 18:04:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.10.19 17:31:01 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Kay\Desktop\OTH.scr
[2012.10.19 07:07:58 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.18 14:32:49 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\zknlyfvq.exe
[2012.10.18 14:16:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\defogger_reenable
[2012.10.18 14:16:10 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Defogger.exe
[2012.10.17 16:26:17 | 000,126,663 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vorsicht bei gespraechen.png
[2012.10.16 12:41:44 | 000,061,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vielen dank.png
[2012.10.16 12:40:07 | 000,034,485 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Erinnerungen.png
[2012.10.14 09:01:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.13 15:52:43 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Youtube Downloader HD.lnk
[2012.10.11 13:45:49 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.10.10 12:52:18 | 000,000,700 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PDF-Viewer.lnk
[2012.10.08 05:27:24 | 000,736,038 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Auge geschwollen.jpg
[2012.10.06 18:19:40 | 000,000,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Wave Editor.lnk
[2012.10.05 19:02:52 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2012.10.04 18:41:32 | 000,915,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PA040057.JPG
[2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.29 12:20:31 | 000,000,056 | -H-- | M] () -- C:\Dokumente und Einstellungen\Kay\Desktop\StressMyPC.ini
[2012.09.28 17:00:50 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.09.24 19:42:06 | 000,000,869 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Singularity Viewer.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.23 20:01:59 | 001,033,866 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0075.JPG
[2012.10.23 20:01:58 | 001,317,367 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0072.JPG
[2012.10.23 20:01:58 | 001,258,062 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0071.JPG
[2012.10.23 20:01:58 | 001,028,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0074.JPG
[2012.10.23 20:01:58 | 000,994,049 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0073.JPG
[2012.10.23 20:01:57 | 001,285,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0070.JPG
[2012.10.23 20:01:57 | 001,281,278 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0069.JPG
[2012.10.23 20:01:57 | 001,266,295 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\IMAG0068.JPG
[2012.10.22 23:18:51 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.19 07:07:58 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.18 14:32:48 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\zknlyfvq.exe
[2012.10.18 14:16:38 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\defogger_reenable
[2012.10.18 14:16:07 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Defogger.exe
[2012.10.17 16:26:17 | 000,126,663 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vorsicht bei gespraechen.png
[2012.10.16 12:41:44 | 000,061,925 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\vielen dank.png
[2012.10.16 12:40:07 | 000,034,485 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Eigene Dateien\Erinnerungen.png
[2012.10.13 15:52:43 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Youtube Downloader HD.lnk
[2012.10.10 12:52:18 | 000,000,700 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PDF-Viewer.lnk
[2012.10.08 07:38:57 | 000,736,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Auge geschwollen.jpg
[2012.10.06 18:19:40 | 000,000,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\Wave Editor.lnk
[2012.10.04 18:51:22 | 000,915,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\PA040057.JPG
[2012.09.29 11:55:05 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\Kay\Desktop\StressMyPC.ini
[2012.09.28 17:00:50 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2012.09.28 16:59:58 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.09.28 16:59:57 | 000,001,830 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Apple Software Update.lnk
[2012.09.28 16:58:15 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.08 12:33:39 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012.09.04 21:31:35 | 000,040,652 | ---- | C] () -- C:\WINDOWS\php.ini
[2012.09.04 21:31:35 | 000,002,714 | ---- | C] () -- C:\WINDOWS\my.ini
[2012.09.04 21:31:35 | 000,000,227 | ---- | C] () -- C:\WINDOWS\odbc.ini
[2012.09.01 09:15:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.08.25 15:02:54 | 000,000,065 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2012.08.19 15:21:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVAP.set
[2012.08.19 15:21:13 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.08.19 08:48:17 | 000,064,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.08.10 21:04:32 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Kay\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.06 18:30:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2012.08.06 18:25:26 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2012.08.06 18:21:12 | 000,025,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2012.08.06 18:14:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.08.06 18:10:43 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2012.08.06 17:45:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012.08.06 17:37:18 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2012.08.06 17:33:48 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.08.06 17:33:48 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.08.06 17:33:48 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.08.06 17:33:38 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.08.06 17:26:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.08.06 17:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2012.08.06 17:55:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008.04.14 07:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.09.15 17:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2012.10.23 17:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Badoo
[2012.09.09 00:32:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firebird
[2012.08.06 17:59:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2012.10.18 21:53:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2012.09.15 17:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.10.13 16:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVDVideoSoft
[2012.09.09 17:04:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens
[2012.10.13 15:52:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\OpenCandy
[2012.08.10 20:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Oracle
[2012.09.08 16:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\SecondLife
[2012.09.15 17:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\TestApp
[2012.09.09 00:34:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\uTorrent
[2012.10.13 16:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Youtube Downloader HD
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.08.06 23:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Adobe
[2012.09.29 09:04:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Apple Computer
[2012.08.19 15:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\ArcSoft
[2012.10.13 16:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\DVDVideoSoft
[2012.08.10 20:43:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\FastStone
[2012.08.06 17:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Identities
[2012.08.06 23:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Macromedia
[2012.10.18 12:35:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Malwarebytes
[2012.10.21 13:06:58 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Microsoft
[2012.09.09 17:04:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens
[2012.08.06 22:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mozilla
[2012.09.09 17:05:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\NVIDIA
[2012.10.13 15:52:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\OpenCandy
[2012.08.10 20:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Oracle
[2012.09.09 16:59:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Real
[2012.09.08 16:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\SecondLife
[2012.10.23 22:35:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Skype
[2012.08.10 20:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Sun
[2012.09.15 17:30:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\TestApp
[2012.09.09 00:34:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\uTorrent
[2012.09.29 01:34:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\vlc
[2012.08.09 06:06:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\WinRAR
[2012.10.13 16:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Youtube Downloader HD
< %APPDATA%\*.exe /s >
[2011.02.27 09:48:20 | 000,294,912 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens\Miners\rpcminer-4way.exe
[2011.02.27 09:46:44 | 000,241,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens\Miners\rpcminer-cpu.exe
[2011.02.27 09:50:24 | 000,249,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens\Miners\rpcminer-cuda.exe
[2011.02.27 09:52:00 | 000,241,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens\Miners\rpcminer-opencl.exe
[2011.04.28 03:40:56 | 000,021,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens\Miners\poclbm\poclbm.exe
[2009.10.26 01:23:14 | 000,049,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\Mining4Lindens\Miners\poclbm\w9xpopen.exe
[2012.09.05 20:37:28 | 008,876,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\OpenCandy\9E741FF04CBB48AB94CB456A7EA63533\SnapDo.exe
[2012.10.13 15:53:32 | 007,573,736 | ---- | M] () -- C:\Dokumente und Einstellungen\Kay\Anwendungsdaten\OpenCandy\9E741FF04CBB48AB94CB456A7EA63533\SnapDo_ALL_p1v4.exe
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\Installer\*. /s >
[2012.08.19 08:39:21 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$
[2012.10.13 17:03:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI23D.tmp-
[2012.10.13 17:03:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI23F.tmp-
[2012.10.13 17:03:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI242.tmp-
[2012.10.17 16:15:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI2E.tmp-
[2012.10.17 16:15:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI2F.tmp-
[2012.10.17 16:15:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI31.tmp-
[2012.10.17 16:15:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI32.tmp-
[2012.10.17 16:16:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI35.tmp-
[2012.08.10 17:05:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\tsclientmsitrans
[2012.09.28 17:00:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}
[2012.08.10 20:02:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{1111706F-666A-4037-7777-211328764D10}
[2012.09.05 05:40:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{26A24AE4-039D-4CA4-87B4-2F83217007FF}
[2012.08.06 17:30:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}
[2012.08.06 17:59:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}
[2012.09.28 16:59:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[2012.08.20 20:10:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2012.08.25 12:29:32 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}
[2012.08.25 12:25:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{90120000-006E-0407-0000-0000000FF1CE}
[2012.08.19 08:49:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
[2012.08.06 18:07:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
[2012.09.28 17:00:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}
[2012.10.23 14:34:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
[2012.08.20 20:10:43 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed
[2012.08.19 08:47:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\17400AB28230347339DBAF1833357A38
[2012.08.19 08:46:14 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82
[2012.08.19 08:49:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\BEA1701AFE0BF5F3CB48382A07BE4E69
[2012.08.20 20:10:43 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
[2012.08.19 08:48:56 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\E7DD9039EFBE59C3B874033D0A216F60
[2012.08.19 08:47:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\17400AB28230347339DBAF1833357A38\3.1.21022
[2012.08.19 08:46:14 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022
[2012.08.19 08:49:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\BEA1701AFE0BF5F3CB48382A07BE4E69\3.1.21022
[2012.08.20 20:10:43 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
[2012.08.19 08:48:56 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\E7DD9039EFBE59C3B874033D0A216F60\2.1.21022
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2012.08.06 19:12:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.08.06 19:12:32 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.08.06 19:12:32 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Installer\*. /s >
[2012.08.19 08:39:21 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$
[2012.10.13 17:03:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI23D.tmp-
[2012.10.13 17:03:19 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI23F.tmp-
[2012.10.13 17:03:39 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI242.tmp-
[2012.10.17 16:15:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI2E.tmp-
[2012.10.17 16:15:34 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI2F.tmp-
[2012.10.17 16:15:53 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI31.tmp-
[2012.10.17 16:15:55 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI32.tmp-
[2012.10.17 16:16:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\MSI35.tmp-
[2012.08.10 17:05:35 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\tsclientmsitrans
[2012.09.28 17:00:52 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{0E64B098-8018-4256-BA23-C316A43AD9B0}
[2012.08.10 20:02:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{1111706F-666A-4037-7777-211328764D10}
[2012.09.05 05:40:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{26A24AE4-039D-4CA4-87B4-2F83217007FF}
[2012.08.06 17:30:20 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}
[2012.08.06 17:59:17 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}
[2012.09.28 16:59:59 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
[2012.08.20 20:10:48 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2012.08.25 12:29:32 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}
[2012.08.25 12:25:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{90120000-006E-0407-0000-0000000FF1CE}
[2012.08.19 08:49:12 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}
[2012.08.06 18:07:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}
[2012.09.28 17:00:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}
[2012.10.23 14:34:18 | 000,000,000 | ---D | M] -- C:\WINDOWS\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
[2012.08.20 20:10:43 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed
[2012.08.19 08:47:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\17400AB28230347339DBAF1833357A38
[2012.08.19 08:46:14 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82
[2012.08.19 08:49:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\BEA1701AFE0BF5F3CB48382A07BE4E69
[2012.08.20 20:10:43 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100
[2012.08.19 08:48:56 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\E7DD9039EFBE59C3B874033D0A216F60
[2012.08.19 08:47:49 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\17400AB28230347339DBAF1833357A38\3.1.21022
[2012.08.19 08:46:14 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\1F3B805BA42A0C233B0158879691FE82\2.1.21022
[2012.08.19 08:49:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\BEA1701AFE0BF5F3CB48382A07BE4E69\3.1.21022
[2012.08.20 20:10:43 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0
[2012.08.19 08:48:56 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\$PatchCache$\Managed\E7DD9039EFBE59C3B874033D0A216F60\2.1.21022
< >
[2012.08.06 17:22:33 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012.08.06 17:27:30 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012.08.08 18:20:30 | 000,001,150 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-839522115-1003Core.job
[2012.08.08 18:20:31 | 000,001,202 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-179605362-839522115-1003UA.job
[2012.08.11 15:19:18 | 000,001,080 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2012.08.11 15:19:18 | 000,001,084 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.09 13:43:05 | 000,000,274 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1202660629-179605362-839522115-1003.job
[2012.09.09 13:43:07 | 000,000,266 | ---- | C] () -- C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1202660629-179605362-839522115-1003.job
[2012.09.15 17:45:01 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2012.09.28 16:58:15 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2012.09.28 16:59:58 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
< End of report >
|
|
24.10.2012, 11:39
| #8 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | yahoo mailaccount versendet selbstständig einen linkZitat:
 Zitat:
Hast du die Datei GER_RC.dll noch, ist sie in der Q von Malwarebytes? Wenn ja bitte mal wiederherstellen und die Datei bei Virustotal auswerten lassen - Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen. Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2012, 18:13
| #9 | |
| | yahoo mailaccount versendet selbstständig einen linkZitat:
|
|
24.10.2012, 19:57
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | yahoo mailaccount versendet selbstständig einen linkZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.10.2012, 21:12
| #11 |
| | yahoo mailaccount versendet selbstständig einen link da ist nichts mehr, habe das Programm deinst. und in der Q zeigt es auch nichts mehr an |
|
24.10.2012, 21:28
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | yahoo mailaccount versendet selbstständig einen link Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2012, 05:26
| #13 |
| | yahoo mailaccount versendet selbstständig einen link so bitteschön Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-25 06:43:14
-----------------------------
06:43:14.781 OS Version: Windows 5.1.2600 Service Pack 3
06:43:14.781 Number of processors: 2 586 0x4B02
06:43:14.781 ComputerName: KAY-UWE-PC UserName: Kay
06:43:15.046 Initialize success
06:43:15.156 AVAST engine defs: 12102500
06:44:38.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12
06:44:38.109 Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
06:44:38.125 Disk 0 MBR read successfully
06:44:38.125 Disk 0 MBR scan
06:44:38.125 Disk 0 Windows XP default MBR code
06:44:38.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
06:44:38.125 Disk 0 Partition - 00 0F Extended LBA 376931 MB offset 204796620
06:44:38.140 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99998 MB offset 204796683
06:44:38.140 Disk 0 Partition - 00 05 Extended 99998 MB offset 409593240
06:44:38.156 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 99998 MB offset 409593303
06:44:38.156 Disk 0 Partition - 00 05 Extended 176934 MB offset 819186480
06:44:38.171 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 176934 MB offset 614389923
06:44:38.171 Disk 0 scanning sectors +976752000
06:44:38.250 Disk 0 scanning C:\WINDOWS\system32\drivers
06:44:43.484 Service scanning
06:44:50.468 Modules scanning
06:44:53.718 Disk 0 trace - called modules:
06:44:53.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
06:44:53.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a37eab8]
06:44:53.750 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000069[0x8a3b19e8]
06:44:53.750 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-12[0x8a36bd98]
06:44:54.015 AVAST engine scan C:\WINDOWS
06:44:56.265 AVAST engine scan C:\WINDOWS\system32
06:46:28.359 AVAST engine scan C:\WINDOWS\system32\drivers
06:46:37.500 AVAST engine scan C:\Dokumente und Einstellungen\Kay
07:09:04.875 AVAST engine scan C:\Dokumente und Einstellungen\All Users
07:09:36.468 Scan finished successfully
07:17:59.000 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Kay\Desktop\MBR.dat"
07:17:59.000 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Kay\Desktop\aswMBR.txt"
Geändert von Style73 (25.10.2012 um 06:24 Uhr) |
|
25.10.2012, 10:35
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | yahoo mailaccount versendet selbstständig einen link Auch das Log ist ok. Wie siehts mit dem ursprünglichen Problem aus, das war ja behoben oder tauchte das wieder auf? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2012, 12:46
| #15 |
| | yahoo mailaccount versendet selbstständig einen link ich habe die Datei doch noch gefunden, mußte mich als Admin anmelden da war sie auch noch in der Q, sorry Code:
ATTFilter SHA256: c38c1e5c704ba7c7fd473105d807066fa6abfc785e801172ab0d225df228da61
SHA1: d44597828f31dae7a84244c25fbd6d08459cbe61
MD5: f014f436d05669304c967e2a334dd95a
File size: 1.5 MB ( 1552384 bytes )
File name: GER_RC.dll
File type: Win32 DLL
Detection ratio: 0 / 43
Analysis date: 2012-10-26 11:39:07 UTC ( 0 Minuten ago )
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=798a3f8ee320114fb1a3f9762e6b6bda
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-26 12:00:11
# local_time=2012-10-26 02:00:11 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 126 126 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=798a3f8ee320114fb1a3f9762e6b6bda
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-26 12:01:05
# local_time=2012-10-26 02:01:05 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 180 180 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
Geändert von Style73 (26.10.2012 um 13:03 Uhr) Grund: Nachtrag |
|
| Themen zu yahoo mailaccount versendet selbstständig einen link |
| adblock, antivirus, application/pdf:, avira, bho, desktop, downloader, email, error, excel, fehlercode 0, firefox, flash player, fontcache, format, ftp, google, logfile, ntdll.dll, nvidia update, plug-in, problem, realtek, registry, rundll, safer networking, scan, security, software, svchost.exe, system error, tracker, udp, versendet mails, win32k.sys, wuauclt.exe, yahoo mailaccount, yahoo-mail, youtube downloader |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
