| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Outlook versendet (anscheinend) automatische MailsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.11.2012, 17:04
| #16 |
| /// the machine /// TB-Ausbilder    |  Outlook versendet (anscheinend) automatische Mails Dann den Rest bitte 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.11.2012, 20:24
| #17 |
 | Outlook versendet (anscheinend) automatische Mails Der ESET Online Scanner scannt bloß bis 14 % und auch nach einem Neustart geht es nicht weiter.
__________________ |
|
02.11.2012, 20:47
| #18 |
| /// the machine /// TB-Ausbilder | Outlook versendet (anscheinend) automatische Mails__________________
__________________ |
|
03.11.2012, 13:09
| #19 |
| | Outlook versendet (anscheinend) automatische Mails Soll ich auch hier nur eine Liste posten, oder die gefundenen Datein löschen? |
|
03.11.2012, 18:46
| #20 |
| /// the machine /// TB-Ausbilder | Outlook versendet (anscheinend) automatische Mails Nur die Liste posten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.11.2012, 00:23
| #21 |
| | Outlook versendet (anscheinend) automatische Mails Ich kann zwischen zwei Optionen wählen: Datein bereinigen... "Automatisch (empfohlen)" oder "Ich möchte von Datei zu Datei entscheiden" Zusätzlich könnte ich ankreutzen: Malware-Beispiel an F-Secure senden |
|
04.11.2012, 10:07
| #22 |
| /// the machine /// TB-Ausbilder | Outlook versendet (anscheinend) automatische Mails Dann nimm automatisch, ich brauche dann aber das Logfile
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.11.2012, 12:33
| #23 |
| | Outlook versendet (anscheinend) automatische Mails Eine direkte Logfile gibt es nicht, aber einen Bericht. Nach dem Punk "Nicht gescannte Dateien:" folgen ganz viele Datein, die alle nicht in diese Antwort passen. Scanbericht Sonntag, November 4, 2012 12:48:20 - 12:24:32 Name des Computers: CHRISTIAN-PC Scantyp: Scansystem für Malware, Spyware und Rootkits Ziel: C:\ 4 Malware gefunden TrackingCookie.Atdmt (Spyware) System (Desinfiziert) TrackingCookie.Doubleclick (Spyware) System (Desinfiziert) TrackingCookie.Atwola (Spyware) System (Desinfiziert) Suspicious:W32/Malware!Gemini (Virus) C:\PROGRAM FILES\FELLODY\FELLODY.EXE (Nicht bereinigt & Übermittelt) Statistik Gescannt: Dateien: 112060 System: 4932 Nicht gescannt: 1525 Aktionen: Desinfiziert: 3 Umbenannt: 0 Gelöscht: 0 Nicht bereinigt: 1 Übermittelt: 1 Nicht gescannte Dateien: |
|
04.11.2012, 16:31
| #24 |
| /// the machine /// TB-Ausbilder | Outlook versendet (anscheinend) automatische Mails gut, dann bitte ein frisches OTL logfile. Wie läuft der Rechner?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.11.2012, 19:44
| #25 |
| | Outlook versendet (anscheinend) automatische Mails OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.11.2012 19:24:37 - Run 5 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Christian\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 45,44% Memory free 5,99 Gb Paging File | 3,97 Gb Available in Paging File | 66,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 281,36 Gb Free Space | 61,70% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) PRC - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) PRC - C:\Programme\MSI\ArcSoft\TotalMedia\TMMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Java\jre6\bin\jp2native.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Christian\AppData\Roaming\Spotify\Data\libcef.dll () MOD - C:\Programme\CCleaner\Lang\lang-1031.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Programme\MSI\ArcSoft\TotalMedia\uPiApi.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (CLKMSVC10_D20A29D4) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\NavFilter\kmsvc.exe (CyberLink) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MSI\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (mdmxsdk) -- system32\DRIVERS\mdmxsdk.sys File not found DRV - (catchme) -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys File not found DRV - (ao83eu3t) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{C6121984-176B-48EC-B82A-0748EC325F06}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{C6121984-176B-48EC-B82A-0748EC325F06}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE345 IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com [binary data] IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com [binary data] IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\URLSearchHook: - No CLSID value found IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes,DefaultScope = {A1C683D9-E2A5-4FA2-9113-9D6819FB32E4} IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE345 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{A1C683D9-E2A5-4FA2-9113-9D6819FB32E4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1708250 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.115.151:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local" FF - prefs.js..network.proxy.share_proxy_settings: true FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.31 15:51:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 11:25:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.25 12:58:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.17 16:14:37 | 000,000,000 | ---D | M] [2012.05.20 11:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2010.08.31 20:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.23 18:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\qm2uwvnu.default\extensions [2012.07.26 06:50:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\qm2uwvnu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.05.20 11:11:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\qm2uwvnu.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.10.29 17:37:20 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\qm2uwvnu.default\extensions\welcome@toolmin.com [2012.11.03 18:03:27 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-1.xml [2011.08.17 22:04:28 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-2.xml [2011.08.27 15:32:36 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-3.xml [2011.09.08 06:36:05 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-4.xml [2011.09.27 17:35:51 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-5.xml [2011.10.01 13:46:56 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-6.xml [2011.10.29 17:43:09 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-7.xml [2011.11.10 18:06:42 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-8.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin.xml [2012.05.20 11:11:50 | 000,002,519 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\Search_Results.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\startsear.xml [2012.11.01 11:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.31 15:51:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.11.06 15:49:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.01 11:25:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.31 15:51:38 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.20 20:12:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.08 16:28:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.20 20:12:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 20:12:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.29 17:37:20 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012.05.20 11:11:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.20 20:12:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 20:12:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.30 06:59:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\Toolbar\WebBrowser: (no name) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - No CLSID value found. O3 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O3 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe () O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 File not found O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [Miranda Fusion] C:\Program Files\MirandaFusion\mfstart.exe File not found O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab (B+S Banksysteme AG DDBAC Plug-In) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73A55C2C-FE56-4A76-9807-28D6E1AEFBC8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.03 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\f-secure [2012.11.03 12:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2012.11.02 19:19:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe [2012.11.02 18:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.11.01 11:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.01 11:25:42 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.11.01 11:25:42 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.11.01 11:25:42 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.11.01 11:25:42 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.10.31 15:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.30 18:06:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.30 06:58:33 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.29 23:39:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.29 23:39:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.29 23:39:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.29 23:39:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.29 23:39:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.13 12:47:38 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Gitarrenkurs [2012.10.11 22:39:59 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.10.10 22:18:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 22:17:39 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.10 22:17:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.10 22:17:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 22:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 22:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 22:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 22:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 22:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.10 22:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 22:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 22:17:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 22:17:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.10 22:17:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 22:17:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 22:17:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 22:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.10 22:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.10 22:16:53 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 22:16:53 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.07 19:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.07 19:10:40 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.07 19:06:22 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.07 19:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.06 23:50:25 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 23:50:25 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.05 20:01:36 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Christian.job [2012.11.05 19:07:15 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2012.11.04 00:27:02 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.04 00:19:06 | 000,206,624 | ---- | M] () -- C:\Users\Christian\Desktop\Unbenannt.png [2012.11.02 19:42:26 | 000,700,608 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.02 19:42:26 | 000,655,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.02 19:42:26 | 000,149,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.02 19:42:26 | 000,122,152 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.02 19:37:21 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys [2012.11.02 19:19:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe [2012.11.01 12:57:21 | 000,061,014 | ---- | M] () -- C:\Users\Christian\Desktop\1w7j4s66172nsshimpc.png [2012.11.01 11:25:33 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.11.01 11:25:33 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.11.01 11:25:33 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.11.01 11:25:32 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.11.01 11:25:32 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.11.01 11:21:21 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.30 17:50:34 | 000,001,455 | ---- | M] () -- C:\Users\Christian\Desktop\ComboFix.exe - Verknüpfung.lnk [2012.10.30 06:59:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.24 17:31:48 | 000,000,512 | ---- | M] () -- C:\Users\Christian\Desktop\MBR.dat [2012.10.17 16:14:41 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.12 13:16:18 | 000,660,845 | ---- | M] () -- C:\Users\Christian\Desktop\schlange.jpg [2012.10.09 19:34:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.09 19:34:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.04 00:27:02 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.04 00:19:06 | 000,206,624 | ---- | C] () -- C:\Users\Christian\Desktop\Unbenannt.png [2012.11.01 12:57:08 | 000,061,014 | ---- | C] () -- C:\Users\Christian\Desktop\1w7j4s66172nsshimpc.png [2012.10.30 17:50:34 | 000,001,455 | ---- | C] () -- C:\Users\Christian\Desktop\ComboFix.exe - Verknüpfung.lnk [2012.10.29 23:39:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.29 23:39:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.29 23:39:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.29 23:39:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.29 23:39:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.24 17:01:13 | 000,000,512 | ---- | C] () -- C:\Users\Christian\Desktop\MBR.dat [2012.10.22 18:39:49 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.21 17:53:16 | 000,061,184 | ---- | C] () -- C:\Users\Christian\Desktop\Highfield 2011 (80).jpg [2012.10.17 16:14:41 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.12 13:16:16 | 000,660,845 | ---- | C] () -- C:\Users\Christian\Desktop\schlange.jpg [2012.05.12 16:22:25 | 000,196,196 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.05.15 20:45:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.05.01 15:37:14 | 000,000,016 | ---- | C] () -- C:\Users\Christian\persistent_state [2010.09.07 13:18:21 | 000,012,288 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.12 14:28:12 | 000,072,083 | ---- | C] () -- C:\Users\Christian\.recently-used.xbel [2009.11.26 01:10:13 | 000,000,103 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\default.pls [2009.10.25 19:12:02 | 000,001,024 | ---- | C] () -- C:\Users\Christian\.rnd [2009.10.20 20:36:41 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2010.01.25 13:17:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Acer GameZone Console [2010.01.25 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Atari [2011.03.09 21:11:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2010.01.25 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Blitware [2010.09.04 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite [2010.09.07 15:28:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.25 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi [2012.11.03 12:48:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\f-secure [2012.05.20 15:52:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go [2010.01.25 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2012.11.05 19:05:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ [2010.07.21 14:41:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LolClient [2010.10.08 18:39:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Need for Speed World [2011.03.31 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OCS [2010.02.23 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org [2011.03.31 17:59:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Opera [2010.01.25 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PowerCinema [2011.10.22 18:57:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ScreeNet iSaver [2011.04.11 06:22:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftDMA [2012.11.07 19:31:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2010.01.25 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Template [2012.06.27 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird [2012.01.15 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\toolplugin [2012.06.27 17:48:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools Lite [2010.10.20 17:49:53 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ [2012.06.27 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\LSoft Technologies [2010.07.24 17:26:29 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PowerCinema [2011.10.24 07:22:30 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ScreeNet iSaver [2012.11.05 19:07:15 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2012.10.29 23:49:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.01.25 12:41:43 | 000,000,000 | ---D | M] -- C:\$INPLACE.~TR [2012.10.30 18:06:36 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.01.25 13:24:57 | 000,000,000 | ---D | M] -- C:\$WINDOWS.~Q [2010.05.11 22:34:56 | 000,000,000 | ---D | M] -- C:\3de3a7e369d9e951425cd1fa65b5 [2009.09.19 22:41:18 | 000,000,000 | ---D | M] -- C:\Acer [2009.07.25 13:25:18 | 000,000,000 | ---D | M] -- C:\Book [2012.01.05 22:51:08 | 000,000,000 | ---D | M] -- C:\Boot [2010.06.25 23:55:24 | 000,000,000 | ---D | M] -- C:\c6c92cc460f5ff9c0d1dde51a06a3a [2009.11.15 21:01:31 | 000,000,000 | ---D | M] -- C:\Casino [2012.11.06 15:49:43 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.09.19 22:40:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.09.10 14:50:29 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2009.09.19 22:43:13 | 000,000,000 | ---D | M] -- C:\Elements [2009.11.26 22:24:35 | 000,000,000 | ---D | M] -- C:\games [2010.05.02 18:15:43 | 000,000,000 | ---D | M] -- C:\GAMIGO [2009.02.11 21:12:45 | 000,000,000 | ---D | M] -- C:\Intel [2010.07.24 17:30:45 | 000,000,000 | ---D | M] -- C:\Keno [2009.09.24 17:42:49 | 000,000,000 | ---D | M] -- C:\Maxis [2009.03.12 04:11:16 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.09.19 22:45:12 | 000,000,000 | ---D | M] -- C:\MyWinLockerData [2010.01.25 11:38:20 | 000,000,000 | ---D | M] -- C:\OEM [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.11.04 20:33:23 | 000,000,000 | ---D | M] -- C:\PFiles [2012.11.02 18:32:47 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.03 12:47:53 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.09.19 22:40:20 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.30 18:07:16 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.01.25 14:07:28 | 000,000,000 | ---D | M] -- C:\Recovery [2012.11.07 19:28:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.07.24 17:25:51 | 000,000,000 | R--D | M] -- C:\Users [2009.09.24 17:45:14 | 000,000,000 | ---D | M] -- C:\WIN32APP [2012.11.02 19:09:41 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > [2012.11.06 15:49:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B6CF2967-C81E-40C0-9815-C05774FEF120} < %localappdata%\*. /5 > [2012.11.02 20:09:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Local\PMB Files [2012.11.07 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Local\Spotify [2012.11.07 19:23:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Local\Temp ========== Alternate Data Streams ========== @Alternate Data Stream - 941 bytes -> C:\Users\Christian\Documents\Antwort Personalnummer und Passwort.eml:OECustomProperty < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.11.2012 19:24:37 - Run 5 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Christian\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 45,44% Memory free 5,99 Gb Paging File | 3,97 Gb Available in Paging File | 66,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 281,36 Gb Free Space | 61,70% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Christian\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) PRC - C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Users\Christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) PRC - C:\Programme\MSI\ArcSoft\TotalMedia\TMMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Java\jre6\bin\jp2native.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Users\Christian\AppData\Roaming\Spotify\Data\libcef.dll () MOD - C:\Programme\CCleaner\Lang\lang-1031.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll () MOD - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Programme\MSI\ArcSoft\TotalMedia\uPiApi.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (CLKMSVC10_D20A29D4) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\NavFilter\kmsvc.exe (CyberLink) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MSI\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (mdmxsdk) -- system32\DRIVERS\mdmxsdk.sys File not found DRV - (catchme) -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys File not found DRV - (ao83eu3t) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech ) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{C6121984-176B-48EC-B82A-0748EC325F06}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\..\SearchScopes\{C6121984-176B-48EC-B82A-0748EC325F06}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE345 IE - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com [binary data] IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com [binary data] IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\URLSearchHook: - No CLSID value found IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes,DefaultScope = {A1C683D9-E2A5-4FA2-9113-9D6819FB32E4} IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE345 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{A1C683D9-E2A5-4FA2-9113-9D6819FB32E4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1708250 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.115.151:3128 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Search the web" FF - prefs.js..browser.search.order.1: "Search the web" FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local" FF - prefs.js..network.proxy.share_proxy_settings: true FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.31 15:51:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.01 11:25:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.25 12:58:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.17 16:14:37 | 000,000,000 | ---D | M] [2012.05.20 11:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2010.08.31 20:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.23 18:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\qm2uwvnu.default\extensions [2012.07.26 06:50:10 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\qm2uwvnu.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.05.20 11:11:55 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\qm2uwvnu.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.10.29 17:37:20 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\qm2uwvnu.default\extensions\welcome@toolmin.com [2012.11.03 18:03:27 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-1.xml [2011.08.17 22:04:28 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-2.xml [2011.08.27 15:32:36 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-3.xml [2011.09.08 06:36:05 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-4.xml [2011.09.27 17:35:51 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-5.xml [2011.10.01 13:46:56 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-6.xml [2011.10.29 17:43:09 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-7.xml [2011.11.10 18:06:42 | 000,000,950 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin-8.xml [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\icqplugin.xml [2012.05.20 11:11:50 | 000,002,519 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\Search_Results.xml [2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\qm2uwvnu.default\searchplugins\startsear.xml [2012.11.01 11:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.31 15:51:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.11.06 15:49:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.01 11:25:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.31 15:51:38 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.20 20:12:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.08 16:28:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.20 20:12:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 20:12:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.29 17:37:20 | 000,000,158 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search the web.src [2012.05.20 11:11:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.20 20:12:20 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 20:12:20 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.10.30 06:59:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\Toolbar\WebBrowser: (no name) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - No CLSID value found. O3 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O3 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe () O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [Spotify] C:\Users\Christian\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000..\Run: [Spotify Web Helper] C:\Users\Christian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 File not found O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [Miranda Fusion] C:\Program Files\MirandaFusion\mfstart.exe File not found O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3905380061-2845676356-1427348481-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\s-1-5-21-3905380061-2845676356-1427348481-501\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab (B+S Banksysteme AG DDBAC Plug-In) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73A55C2C-FE56-4A76-9807-28D6E1AEFBC8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Programme\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Programme\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation) O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.03 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\f-secure [2012.11.03 12:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2012.11.02 19:19:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe [2012.11.02 18:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.11.01 11:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.01 11:25:42 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.11.01 11:25:42 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.11.01 11:25:42 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.11.01 11:25:42 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.10.31 15:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.30 18:06:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.30 06:58:33 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.29 23:39:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.29 23:39:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.29 23:39:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.29 23:39:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.29 23:39:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.13 12:47:38 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Gitarrenkurs [2012.10.11 22:39:59 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.10.10 22:18:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 22:17:39 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.10 22:17:39 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.10 22:17:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 22:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 22:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 22:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 22:17:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 22:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.10 22:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 22:17:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 22:17:38 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 22:17:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 22:17:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.10 22:17:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 22:17:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 22:17:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 22:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.10 22:17:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.10 22:16:53 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 22:16:53 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.07 19:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.07 19:10:40 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.07 19:06:22 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.07 19:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.06 23:50:25 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 23:50:25 | 000,010,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.05 20:01:36 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Christian.job [2012.11.05 19:07:15 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job [2012.11.04 00:27:02 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.04 00:19:06 | 000,206,624 | ---- | M] () -- C:\Users\Christian\Desktop\Unbenannt.png [2012.11.02 19:42:26 | 000,700,608 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.02 19:42:26 | 000,655,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.02 19:42:26 | 000,149,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.02 19:42:26 | 000,122,152 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.02 19:37:21 | 2411,855,872 | -HS- | M] () -- C:\hiberfil.sys [2012.11.02 19:19:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christian\Desktop\esetsmartinstaller_enu.exe [2012.11.01 12:57:21 | 000,061,014 | ---- | M] () -- C:\Users\Christian\Desktop\1w7j4s66172nsshimpc.png [2012.11.01 11:25:33 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.11.01 11:25:33 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.11.01 11:25:33 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.11.01 11:25:32 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.11.01 11:25:32 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.11.01 11:21:21 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.30 17:50:34 | 000,001,455 | ---- | M] () -- C:\Users\Christian\Desktop\ComboFix.exe - Verknüpfung.lnk [2012.10.30 06:59:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.24 17:31:48 | 000,000,512 | ---- | M] () -- C:\Users\Christian\Desktop\MBR.dat [2012.10.17 16:14:41 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.12 13:16:18 | 000,660,845 | ---- | M] () -- C:\Users\Christian\Desktop\schlange.jpg [2012.10.09 19:34:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.09 19:34:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.04 00:27:02 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.04 00:19:06 | 000,206,624 | ---- | C] () -- C:\Users\Christian\Desktop\Unbenannt.png [2012.11.01 12:57:08 | 000,061,014 | ---- | C] () -- C:\Users\Christian\Desktop\1w7j4s66172nsshimpc.png [2012.10.30 17:50:34 | 000,001,455 | ---- | C] () -- C:\Users\Christian\Desktop\ComboFix.exe - Verknüpfung.lnk [2012.10.29 23:39:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.29 23:39:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.29 23:39:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.29 23:39:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.29 23:39:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.24 17:01:13 | 000,000,512 | ---- | C] () -- C:\Users\Christian\Desktop\MBR.dat [2012.10.22 18:39:49 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.21 17:53:16 | 000,061,184 | ---- | C] () -- C:\Users\Christian\Desktop\Highfield 2011 (80).jpg [2012.10.17 16:14:41 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.10.12 13:16:16 | 000,660,845 | ---- | C] () -- C:\Users\Christian\Desktop\schlange.jpg [2012.05.12 16:22:25 | 000,196,196 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.05.15 20:45:26 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.05.01 15:37:14 | 000,000,016 | ---- | C] () -- C:\Users\Christian\persistent_state [2010.09.07 13:18:21 | 000,012,288 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.12 14:28:12 | 000,072,083 | ---- | C] () -- C:\Users\Christian\.recently-used.xbel [2009.11.26 01:10:13 | 000,000,103 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\default.pls [2009.10.25 19:12:02 | 000,001,024 | ---- | C] () -- C:\Users\Christian\.rnd [2009.10.20 20:36:41 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2010.01.25 13:17:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Acer GameZone Console [2010.01.25 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Atari [2011.03.09 21:11:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2010.01.25 13:17:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Blitware [2010.09.04 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite [2010.09.07 15:28:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers [2010.01.25 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\eSobi [2012.11.03 12:48:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\f-secure [2012.05.20 15:52:38 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\go [2010.01.25 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\gtk-2.0 [2012.11.05 19:05:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ [2010.07.21 14:41:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LolClient [2010.10.08 18:39:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Need for Speed World [2011.03.31 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OCS [2010.02.23 12:47:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org [2011.03.31 17:59:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Opera [2010.01.25 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PowerCinema [2011.10.22 18:57:49 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ScreeNet iSaver [2011.04.11 06:22:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SoftDMA [2012.11.07 19:31:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Spotify [2010.01.25 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Template [2012.06.27 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird [2012.01.15 21:50:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\toolplugin [2012.06.27 17:48:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools Lite [2010.10.20 17:49:53 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ICQ [2012.06.27 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\LSoft Technologies [2010.07.24 17:26:29 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PowerCinema [2011.10.24 07:22:30 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\ScreeNet iSaver [2012.11.05 19:07:15 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job [2012.10.29 23:49:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.01.25 12:41:43 | 000,000,000 | ---D | M] -- C:\$INPLACE.~TR [2012.10.30 18:06:36 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.01.25 13:24:57 | 000,000,000 | ---D | M] -- C:\$WINDOWS.~Q [2010.05.11 22:34:56 | 000,000,000 | ---D | M] -- C:\3de3a7e369d9e951425cd1fa65b5 [2009.09.19 22:41:18 | 000,000,000 | ---D | M] -- C:\Acer [2009.07.25 13:25:18 | 000,000,000 | ---D | M] -- C:\Book [2012.01.05 22:51:08 | 000,000,000 | ---D | M] -- C:\Boot [2010.06.25 23:55:24 | 000,000,000 | ---D | M] -- C:\c6c92cc460f5ff9c0d1dde51a06a3a [2009.11.15 21:01:31 | 000,000,000 | ---D | M] -- C:\Casino [2012.11.06 15:49:43 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.09.19 22:40:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.09.10 14:50:29 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2009.09.19 22:43:13 | 000,000,000 | ---D | M] -- C:\Elements [2009.11.26 22:24:35 | 000,000,000 | ---D | M] -- C:\games [2010.05.02 18:15:43 | 000,000,000 | ---D | M] -- C:\GAMIGO [2009.02.11 21:12:45 | 000,000,000 | ---D | M] -- C:\Intel [2010.07.24 17:30:45 | 000,000,000 | ---D | M] -- C:\Keno [2009.09.24 17:42:49 | 000,000,000 | ---D | M] -- C:\Maxis [2009.03.12 04:11:16 | 000,000,000 | R--D | M] -- C:\MSOCache [2009.09.19 22:45:12 | 000,000,000 | ---D | M] -- C:\MyWinLockerData [2010.01.25 11:38:20 | 000,000,000 | ---D | M] -- C:\OEM [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2010.11.04 20:33:23 | 000,000,000 | ---D | M] -- C:\PFiles [2012.11.02 18:32:47 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.03 12:47:53 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.09.19 22:40:20 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.30 18:07:16 | 000,000,000 | ---D | M] -- C:\Qoobox [2010.01.25 14:07:28 | 000,000,000 | ---D | M] -- C:\Recovery [2012.11.07 19:28:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.07.24 17:25:51 | 000,000,000 | R--D | M] -- C:\Users [2009.09.24 17:45:14 | 000,000,000 | ---D | M] -- C:\WIN32APP [2012.11.02 19:09:41 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > [2012.11.06 15:49:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B6CF2967-C81E-40C0-9815-C05774FEF120} < %localappdata%\*. /5 > [2012.11.02 20:09:13 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Local\PMB Files [2012.11.07 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Local\Spotify [2012.11.07 19:23:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Local\Temp ========== Alternate Data Streams ========== @Alternate Data Stream - 941 bytes -> C:\Users\Christian\Documents\Antwort Personalnummer und Passwort.eml:OECustomProperty < End of report > Doppelt, sorry. Der Rechner läuft wieder sehr gut. Ganz großen Dank, auch für die geopferte Zeit. Doppelt, sorry. Der Rechner läuft wieder sehr gut. Ganz großen Dank, auch für die geopferte Zeit. |
|
08.11.2012, 07:18
| #26 |
| /// the machine /// TB-Ausbilder | Outlook versendet (anscheinend) automatische Mails Hi, Windows-Taste+R > Combofix /Uninstall > Enter OTL öffnen > Button Bereinigung drücken Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.11.2012, 22:18
| #27 |
| | Outlook versendet (anscheinend) automatische Mails Ich werde den Rest erledigen und meinen PC mal komplett bereinigen. Vielen Dank nochmal. Abo kann gelöscht werden. |
|
09.11.2012, 06:58
| #28 |
| /// the machine /// TB-Ausbilder | Outlook versendet (anscheinend) automatische Mails Kein Problem
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Outlook versendet (anscheinend) automatische Mails |
| about, anti-malware, automatisch, automatische, formatieren, gesendet, geändert, illegal, laptop, mail, mail delivery, mails, malwarebytes, mas, nemesis, neu, nichts, not, ordner, outlook, passwort, problem, remote, rum, server, spamhaus, verschicken, yahoo.com |
Linear-Darstellung
