| |
| |||||||
Log-Analyse und Auswertung: Virenprogramme lassen sich nicht mehr installierenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.11.2012, 18:37
| #1 |
| |  Virenprogramme lassen sich nicht mehr installieren Hallo zusammen, Ich habe ein Problem mit meinem Computer, schon etwas länger kann ich kein Virenprogramm mehr installieren, es werden mir nur fehlermeldungen angezeigt, oder wenn ich zum Beispiel auf die Seite von avira gehen möchte, öffnet sich google. Über den google link zu avira und anderen Programmen kommt "404. That’s an error. The requested URL /de/index was not found on this server. That’s all we know. " Habe auch Kaspersky über CD versucht zu installieren, da kam aber immer das ein Fehler aufgetreten ist und Online nach einer Lösung gsucht werden könne. Ging aber nicht. Außerdem kamn es schon vor das wenn ich bei facebook online gehen wollte, das ich meine Bankdaten eingeben sollte. In der URL stand klar facebook, hab aber natürlich nichts eingegeben. Weiterhin läuft immermalwieder Musik im hintergrund, mal ist es Werbung von Otto, mal ist es ein Amerikaner der über Texas quatscht. Wenn ich die Tabs wechsele, kommt es hin und wieder vor, dass sich die Seite in einem neuen Fenster bei firefox öffnet. Achja und Internetbanking funktioniert auch nicht, ohne das ich nach dubiosen Informationen ausgefragt werde. Bin die Schritte zur Erstellung eines Beitrages durchgegangen. Habe den defogger gestartet und danach OTL runtergeladen. Der OTL text lautet: OTL logfile created on: 06.11.2012 09:28:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Winkelmann\Desktop\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,69% Memory free 4,21 Gb Paging File | 2,96 Gb Available in Paging File | 70,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,09 Gb Total Space | 155,71 Gb Free Space | 55,99% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 12,06 Gb Free Space | 60,35% Space Free | Partition Type: FAT32 Drive H: | 428,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BÜRO-PC | User Name: Winkelmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.06 09:19:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Winkelmann\Desktop\Desktop\OTL.exe PRC - [2012.10.11 20:44:08 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Winkelmann\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.07.20 13:01:51 | 014,134,784 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\netzmanager.exe PRC - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe PRC - [2011.12.14 18:30:20 | 000,040,960 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2011.01.05 09:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.1\ICQ.exe PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.02.23 19:35:35 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.02.23 19:15:16 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.09.12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe PRC - [2009.09.12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe PRC - [2007.08.07 01:30:00 | 000,061,440 | ---- | M] (DATEV eG) -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe PRC - [2007.06.28 08:14:42 | 000,270,648 | ---- | M] (Apple Inc.) -- C:\Musik un Co\iTunesHelper.exe PRC - [2007.05.11 09:26:22 | 001,600,000 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.05.10 16:10:06 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.05.08 08:06:36 | 000,790,016 | ---- | M] (ODSoft multimedia) -- C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe PRC - [2007.02.15 09:04:56 | 000,282,624 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe PRC - [2007.02.10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2007.02.10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2006.12.23 17:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.23 17:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.11.02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE PRC - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.11.10 19:53:02 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.01.05 09:18:56 | 000,733,184 | ---- | M] () -- C:\Programme\ICQ7.1\MDb.dll MOD - [2010.12.03 10:37:59 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceM odelSink.dll MOD - [2010.11.15 13:23:38 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll MOD - [2010.11.15 13:22:46 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\a0522cb280c09b3441e1889502ca145a\System.Core.ni.dll MOD - [2010.11.15 13:21:18 | 001,056,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\da5d14f284f80e90232dcaeb1d4345cd\System.IdentityModel.ni.dll MOD - [2010.11.15 13:21:17 | 002,338,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a33b3b88fd575b703ba4212c677880ae\System.Runtime.Serialization.ni.dll MOD - [2010.11.15 13:21:14 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a719d429cef59eafa65f6e7e175fd33e\SMDiagnostics.ni.dll MOD - [2010.11.15 13:21:12 | 017,317,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c98e10396c1e1dbf58b21d7a0ed0992\System.ServiceModel.ni.dll MOD - [2010.11.15 13:20:42 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll MOD - [2010.11.15 13:20:31 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b98385fbfc00adacf4fd7896ba064032\System.Transactions.ni.dll MOD - [2010.11.15 13:20:30 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\ae383808b3f5ee9287358378f9a2cad3\System.EnterpriseServices.ni.dll MOD - [2010.11.15 13:20:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll MOD - [2010.03.09 20:48:19 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll MOD - [2010.03.09 20:47:52 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll MOD - [2010.03.09 20:47:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll MOD - [2010.03.09 20:47:18 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\813556b5a2722045b0ea14467fd00227\System.Data.ni.dll MOD - [2010.03.09 20:46:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a122c56b60812fb5cbc2e941d4875a87\PresentationFramework.Aero.ni.dll MOD - [2010.03.09 20:46:54 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\29eb51a21ce62ed759b162307bd65e32\PresentationFramework.ni.dll MOD - [2010.03.09 20:46:24 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\dc8dccca85718096c895b74094e09e5a\PresentationCore.ni.dll MOD - [2010.03.09 20:46:06 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c049bc39cb33f7459936a689484285d6\WindowsBase.ni.dll MOD - [2010.03.09 20:46:00 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll MOD - [2010.03.09 20:45:47 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll MOD - [2010.02.23 19:10:07 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll MOD - [2010.02.23 19:07:12 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll MOD - [2010.02.23 19:02:45 | 000,569,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.Web\3.5.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll MOD - [2010.02.23 19:02:45 | 000,507,904 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.WorkflowServices\3.5.0.0__31bf3856ad364e35\System.WorkflowServices.dll MOD - [2010.02.23 18:41:32 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2010.02.23 18:39:10 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.02.23 18:39:09 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2012.10.27 21:46:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.10 07:29:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.20 13:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2011.12.14 18:30:20 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Winkelmann\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.12.10 21:23:00 | 003,480,408 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2007.09.25 02:40:00 | 000,120,416 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service) SRV - [2007.08.07 01:30:00 | 000,061,440 | ---- | M] (DATEV eG) [Auto | Running] -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService) SRV - [2007.05.11 09:26:22 | 001,600,000 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.02.10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2007.02.10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$DATEV_CL_DE01) SRV - [2007.02.10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2006.11.02 13:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.11.02 10:46:13 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2006.11.02 10:46:12 | 000,167,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 13:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.10.14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM) SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\videX32.sys -- (videX32) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.11.05 16:23:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.09.16 16:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3) DRV - [2009.09.12 19:57:01 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.09.12 19:57:00 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.09.08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2007.06.25 08:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex) DRV - [2007.06.25 08:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm) DRV - [2007.06.25 08:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) DRV - [2007.06.25 08:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) DRV - [2007.06.25 08:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) DRV - [2007.06.25 08:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl) DRV - [2007.06.25 08:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) DRV - [2007.06.16 13:11:00 | 007,566,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.03.26 14:26:00 | 000,052,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ViPrt.sys -- (ViPrt) DRV - [2007.03.26 14:26:00 | 000,016,896 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ViBus.sys -- (ViBus) DRV - [2007.01.08 17:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2006.11.17 09:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.09 13:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2006.10.09 12:46:44 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&babsrc=HP_ss&mntrId=bc49387d0000000000000019dba7f1ec IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F7572 63653F7D&st={searchTerms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&k=0 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=bc49387d0000000000000019dba7f1ec IE - HKCU\..\SearchScopes\{1CF21104-3C17-4CE9-8E10-542D91B6C789}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{20F150A1-A2AD-44F2-A993-6CA62E205D84}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={sea rchTerms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&k=0 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664.anonymize-me.de/?anonymto=687474703A2F2F3132372E302E302E313A343636342F73656172636826733D6B6573436253504534706570334466746833435F3631414549674D3F713D7B7365617263685465 726D737D&st={searchTerms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&k=0 IE - HKCU\..\SearchScopes\{BDDD8F92-73F9-4E0D-B9D2-4F61A929ACAD}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTer ms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&k=0 IE - HKCU\..\SearchScopes\{C150B0F4-47BA-4B56-A083-3E485871C7B7}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{EC996B3D-D42F-4BE2-B621-A1F94B00D247}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{F633FD61-24A6-47E1-8760-25AF02DFBEC0}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=8fb1199f-87b2-4cfa-8cde-0751249c386d&pid=fotofreeware&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://google.de/" FF - prefs.js..extensions.enabledAddons: mail@gutscheinrausch.de:2.81 FF - prefs.js..extensions.enabledAddons: {9e1d7c80-43d1-11db-b0de-0800200c9a66}:1.0.2.6 FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: firejump@firejump.net:1.0.2.5 FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.1.6 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2 FF - prefs.js..extensions.enabledItems: {9e1d7c80-43d1-11db-b0de-0800200c9a66}:1.0.2.6 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firejump@firejump.net:1.0.1.8 FF - prefs.js..extensions.enabledItems: mail@gutscheinrausch.de:2.81 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.6&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Winkelmann\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Winkelmann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Winkelmann\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Winkelmann\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 21:46:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 21:46:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Winkelmann\AppData\Roaming\Mozilla\Firefox\Profiles\mbry4512.default\extensions\firejump@firejump.net [2012.03.28 14:53:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Winkelmann\AppData\Roaming\Mozilla\Firefox\Profiles\mbry4512.default\extensions\mail@gutscheinrausch.de [2011.12.14 18:30:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.27 21:46:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.27 21:46:42 | 000,000,000 | ---D | M] [2009.09.29 17:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Winkelmann\AppData\Roaming\mozilla\Extensions [2012.10.23 18:51:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Winkelmann\AppData\Roaming\mozilla\Firefox\Profiles\mbry4512.default\extensions [2012.04.02 20:52:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Winkelmann\AppData\Roaming\mozilla\Firefox\Profiles\mbry4512.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.09.30 08:38:58 | 000,000,000 | ---D | M] ("ThreeShips Helper Extension") -- C:\Users\Winkelmann\AppData\Roaming\mozilla\Firefox\Profiles\mbry4512.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66} [2012.10.29 20:01:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Winkelmann\AppData\Roaming\mozilla\Firefox\Profiles\mbry4512.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.05 07:22:21 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Winkelmann\AppData\Roaming\mozilla\Firefox\Profiles\mbry4512.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.03.28 14:53:19 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Winkelmann\AppData\Roaming\mozilla\Firefox\Profiles\mbry4512.default\extensions\firejump@firejump.net [2011.12.14 18:30:32 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Winkelmann\AppData\Roaming\mozilla\Firefox\Profiles\mbry4512.default\extensions\mail@gutscheinrausch.de [2012.05.04 20:27:29 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-1.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-10.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-11.xml [2011.12.14 20:37:32 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-12.xml [2012.01.31 20:58:01 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-13.xml [2012.04.29 19:46:10 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-14.xml [2012.04.30 09:41:42 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-15.xml [2012.06.07 16:17:35 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-16.xml [2012.06.16 16:35:36 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-17.xml [2012.07.19 23:29:18 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-18.xml [2012.08.30 15:08:02 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-19.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-2.xml [2012.09.08 12:49:19 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-20.xml [2012.10.14 15:08:04 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-21.xml [2012.10.28 16:40:39 | 000,000,950 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-22.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-3.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-4.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-5.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-6.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-7.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-8.xml [2011.12.14 18:30:29 | 000,001,105 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin-9.xml [2012.03.27 09:46:22 | 000,000,168 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin.gif [2012.03.27 09:46:22 | 000,000,618 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin.src [2011.12.14 18:30:29 | 000,001,102 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\icqplugin.xml [2011.12.14 18:30:29 | 000,002,190 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\{69DEB65F-336C-4C8B-BD67-21B4EAFB6E0B}.xml [2011.12.14 18:30:29 | 000,001,872 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\{E53E179F-CA0B-4493-9AA7-84BB9F6C2E67}.xml [2011.12.14 18:30:29 | 000,002,079 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\mozilla\firefox\profiles\mbry4512.default\searchplugins\{F9FA9960-845C-4315-9696-7AF232CE6A57}.xml [2012.10.27 21:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 21:46:48 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.09.12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2009.09.12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2009.09.12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2009.09.12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2009.09.12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2009.09.12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012.10.14 11:46:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.04 22:22:47 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.10.14 11:46:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.14 11:46:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.14 11:46:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.14 11:46:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.14 11:46:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Winkelmann\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Winkelmann\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Winkelmann\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Winkelmann\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Winkelmann\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Winkelmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Winkelmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: DealPly = C:\Users\Winkelmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: Google Mail = C:\Users\Winkelmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [iTunesHelper] C:\Musik un Co\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Winkelmann\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [Facebook Update] C:\Users\Winkelmann\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Zibyziyqov] C:\Users\Winkelmann\AppData\Roaming\Icap\nide.exe () O4 - Startup: C:\Users\Winkelmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG) O4 - Startup: C:\Users\Winkelmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Winkelmann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-28/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1226428086 (Image Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9773120-23E1-4FEF-8800-0F4BC6403125}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Winkelmann\Documents\ICQ\222385128\ReceivedFiles\295028364 niklas albers\DSC01477.JPG O24 - Desktop BackupWallPaper: C:\Users\Winkelmann\Documents\ICQ\222385128\ReceivedFiles\295028364 niklas albers\DSC01477.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.10.18 09:13:14 | 000,000,074 | R--- | M] () - H:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{86975b23-6353-11e0-ad92-0019dba7f1ec}\Shell - "" = AutoRun O33 - MountPoints2\{86975b23-6353-11e0-ad92-0019dba7f1ec}\Shell\AutoRun\command - "" = I:\Startme.exe O33 - MountPoints2\{8edd042c-f7b3-11df-ae25-0019dba7f1ec}\Shell - "" = AutoRun O33 - MountPoints2\{8edd042c-f7b3-11df-ae25-0019dba7f1ec}\Shell\AutoRun\command - "" = J:\Startme.exe O33 - MountPoints2\{e8d3081a-379e-11dc-b351-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e8d3081a-379e-11dc-b351-806e6f6e6963}\Shell\AutoRun\command - "" = H:\zdata\cobi.exe -- [2012.04.11 19:25:27 | 004,330,496 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.06 09:19:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Winkelmann\Desktop\Desktop\OTL.exe [2012.11.05 16:21:04 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.05 16:21:04 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Malwarebytes [2012.11.05 16:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.05 16:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.05 16:20:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.05 16:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.05 16:20:07 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Winkelmann\Desktop\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.05 15:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.02 09:37:04 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Fiqa [2012.11.02 09:37:04 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Awta [2012.11.02 09:37:04 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Atig [2012.10.30 12:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netzmanager [2012.10.30 12:23:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\{87B61FE8-334F-4066-B7AA-68DC81782D4D} [2012.10.29 20:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.10.29 20:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.10.29 20:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.10.29 19:49:24 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\DVDVideoSoft [2012.10.29 19:46:41 | 020,626,992 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Winkelmann\Desktop\Desktop\FreeYouTubeToMP3Converter34.exe [2012.10.27 21:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.26 09:47:49 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Yxyp [2012.10.26 09:47:49 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Isve [2012.10.26 09:47:49 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Byuvr [2012.10.25 19:57:48 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Qyqek [2012.10.25 19:57:48 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ofkaa [2012.10.25 19:57:48 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ivfava [2012.10.25 11:57:06 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Vubiyw [2012.10.25 11:57:06 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Seravy [2012.10.25 11:57:06 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Laceu [2012.10.24 09:37:40 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Qouf [2012.10.24 09:37:40 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Kahyyv [2012.10.24 09:37:40 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ceat [2012.10.23 17:37:01 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Oztil [2012.10.23 17:37:01 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Noraa [2012.10.23 17:37:01 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Edic [2012.10.23 09:26:06 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Yvqe [2012.10.23 09:26:06 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Udeq [2012.10.23 09:26:06 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Tyowi [2012.10.22 08:27:22 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Yqats [2012.10.22 08:27:22 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Imicew [2012.10.22 08:27:22 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Coaq [2012.10.21 17:16:47 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Odli [2012.10.21 17:16:47 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Fydev [2012.10.21 17:16:47 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Doypqi [2012.10.21 01:15:48 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Vuma [2012.10.21 01:15:48 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Orcyug [2012.10.21 01:15:48 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ikpema [2012.10.20 15:53:19 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Yggig [2012.10.20 15:53:19 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ucqa [2012.10.20 15:53:19 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ikraat [2012.10.20 09:15:45 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Yqxufa [2012.10.20 09:15:45 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Suuceb [2012.10.20 09:15:45 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Awizg [2012.10.19 20:05:21 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Sivi [2012.10.19 20:05:21 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ehfoob [2012.10.19 20:05:21 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Cawawy [2012.10.18 13:07:41 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Zutea [2012.10.18 13:07:41 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Qyzy [2012.10.18 13:07:41 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Onaga [2012.10.18 12:28:34 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Waycce [2012.10.18 12:28:34 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Pyaqhu [2012.10.18 12:28:34 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Osyx [2012.10.17 20:28:51 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Yppua [2012.10.17 20:28:51 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Iluqpu [2012.10.17 20:28:51 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Igceka [2012.10.17 00:02:54 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ohev [2012.10.17 00:02:54 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ecol [2012.10.17 00:02:54 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ciumv [2012.10.16 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Uhud [2012.10.16 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Nagaah [2012.10.16 16:02:52 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ikaviz [2012.10.15 07:53:28 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Xyuf [2012.10.15 07:53:28 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ociva [2012.10.15 07:53:28 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Azibuq [2012.10.14 23:49:37 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Ikpe [2012.10.14 23:49:37 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Etmeor [2012.10.14 23:49:37 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Roaming\Akugid [2012.10.11 20:42:04 | 000,501,248 | ---- | C] (Facebook Inc.) -- C:\Users\Winkelmann\Desktop\Desktop\FacebookVideoCallSetup_v1.2.205.0(1).exe [2012.10.11 20:38:45 | 000,000,000 | ---D | C] -- C:\Users\Winkelmann\AppData\Local\Facebook [2012.10.11 20:38:32 | 000,501,248 | ---- | C] (Facebook Inc.) -- C:\Users\Winkelmann\Desktop\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe ========== Files - Modified Within 30 Days ========== [2012.11.06 09:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.06 09:19:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Winkelmann\Desktop\Desktop\OTL.exe [2012.11.06 09:18:44 | 000,000,000 | ---- | M] () -- C:\Users\Winkelmann\defogger_reenable [2012.11.06 09:17:44 | 000,050,477 | ---- | M] () -- C:\Users\Winkelmann\Desktop\Desktop\Defogger.exe [2012.11.06 09:12:29 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 09:12:29 | 000,003,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.06 09:01:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057094369-3915671268-41243418-1003UA.job [2012.11.06 08:59:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.06 08:24:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.06 06:49:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3057094369-3915671268-41243418-1003UA.job [2012.11.05 21:49:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3057094369-3915671268-41243418-1003Core.job [2012.11.05 18:19:49 | 000,708,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.05 18:19:49 | 000,664,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.05 18:19:49 | 000,144,734 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.05 18:19:49 | 000,125,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.05 18:12:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.05 18:12:09 | 000,616,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.05 18:12:06 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2012.11.05 18:08:58 | 000,022,261 | ---- | M] () -- C:\Users\Winkelmann\Documents\Bericht.odt [2012.11.05 18:01:01 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3057094369-3915671268-41243418-1003Core.job [2012.11.05 16:23:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.05 16:20:51 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.05 16:20:07 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Winkelmann\Desktop\Desktop\mbam-setup-1.65.1.1000.exe [2012.11.05 15:34:53 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.05 08:20:01 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A8DDB626-3B4A-4AF9-B765-2E367F67CEDA}.job [2012.11.04 15:44:43 | 000,002,099 | ---- | M] () -- C:\Users\Winkelmann\Desktop\Desktop\iTunes.lnk [2012.10.30 12:24:13 | 000,000,902 | ---- | M] () -- C:\Users\Winkelmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2012.10.30 12:23:55 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Netzmanager.lnk [2012.10.29 20:01:04 | 000,001,201 | ---- | M] () -- C:\Users\Winkelmann\Desktop\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.29 19:47:37 | 020,626,992 | ---- | M] (DVDVideoSoft Ltd. ) -- C:\Users\Winkelmann\Desktop\Desktop\FreeYouTubeToMP3Converter34.exe [2012.10.11 20:42:04 | 000,501,248 | ---- | M] (Facebook Inc.) -- C:\Users\Winkelmann\Desktop\Desktop\FacebookVideoCallSetup_v1.2.205.0(1).exe [2012.10.11 20:38:34 | 000,501,248 | ---- | M] (Facebook Inc.) -- C:\Users\Winkelmann\Desktop\Desktop\FacebookVideoCallSetup_v1.2.205.0.exe [2012.10.11 03:03:53 | 000,002,077 | ---- | M] () -- C:\Users\Winkelmann\Desktop\Desktop\Google Chrome.lnk [2012.10.08 19:42:04 | 000,002,545 | ---- | M] () -- C:\Users\Winkelmann\Desktop\Desktop\Microsoft Office Word 2003.lnk ========== Files Created - No Company Name ========== [2012.11.06 09:18:44 | 000,000,000 | ---- | C] () -- C:\Users\Winkelmann\defogger_reenable [2012.11.06 09:17:43 | 000,050,477 | ---- | C] () -- C:\Users\Winkelmann\Desktop\Desktop\Defogger.exe [2012.11.05 18:08:50 | 000,022,261 | ---- | C] () -- C:\Users\Winkelmann\Documents\Bericht.odt [2012.11.05 16:20:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.05 15:34:53 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.30 12:24:13 | 000,000,902 | ---- | C] () -- C:\Users\Winkelmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk [2012.10.30 12:23:55 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Netzmanager.lnk [2012.10.29 20:01:04 | 000,001,201 | ---- | C] () -- C:\Users\Winkelmann\Desktop\Desktop\Free YouTube to MP3 Converter.lnk [2012.10.11 20:38:54 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3057094369-3915671268-41243418-1003UA.job [2012.10.11 20:38:51 | 000,000,926 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3057094369-3915671268-41243418-1003Core.job [2012.05.04 22:22:59 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll [2011.12.14 18:30:22 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2011.02.01 19:40:40 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2010.09.23 10:58:10 | 000,000,552 | ---- | C] () -- C:\Users\Winkelmann\AppData\Local\d3d8caps.dat [2009.10.02 18:58:34 | 000,000,680 | ---- | C] () -- C:\Users\Winkelmann\AppData\Local\d3d9caps.dat [2008.12.14 14:06:30 | 000,000,000 | ---- | C] () -- C:\Users\Winkelmann\AppData\Roaming\Default.PLS [2008.09.22 11:40:44 | 000,000,000 | ---- | C] () -- C:\Users\Winkelmann\AppData\Roaming\wklnhst.dat [2007.08.22 19:46:02 | 000,052,224 | ---- | C] () -- C:\Users\Winkelmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.07.23 17:31:49 | 000,000,098 | ---- | C] () -- C:\Users\Winkelmann\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 10:47:26 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\@ [2006.11.02 10:47:26 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\L [2012.11.06 09:08:47 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\U [2012.10.24 17:27:28 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\U\00000001.@ [2012.10.28 04:44:09 | 000,011,776 | ---- | M] () -- C:\Windows\Installer\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\U\80000000.@ [2012.11.06 09:08:47 | 000,021,504 | ---- | M] () -- C:\Windows\Installer\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\U\800000cb.@ [2012.11.05 18:08:12 | 000,002,048 | -HS- | M] () -- C:\Users\Winkelmann\AppData\Local\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\@ [2006.11.02 10:47:26 | 000,000,000 | -HSD | M] -- C:\Users\Winkelmann\AppData\Local\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\L [2006.11.02 10:47:26 | 000,000,000 | -HSD | M] -- C:\Users\Winkelmann\AppData\Local\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\U [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.02.23 19:37:39 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.02.23 19:26:09 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.04 15:26:25 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\.minecraft [2008.05.20 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\1&1 [2012.11.05 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Akugid [2012.10.20 09:15:45 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Awizg [2012.11.02 09:37:04 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Awta [2012.10.15 07:53:28 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Azibuq [2012.05.04 22:22:34 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Babylon [2012.10.26 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Byuvr [2012.10.19 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Cawawy [2012.10.24 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ceat [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ciumv [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Coaq [2011.02.01 19:37:26 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Degener [2011.12.14 18:30:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\DesktopIconForAmazon [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Doypqi [2012.10.29 20:01:35 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\DVDVideoSoft [2011.06.23 10:02:47 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.30 13:46:54 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ebner [2012.10.17 00:02:54 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ecol [2012.10.23 17:37:01 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Edic [2012.10.19 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ehfoob [2012.10.14 23:49:37 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Etmeor [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Fiqa [2012.10.21 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Fydev [2012.07.25 17:07:38 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Hymeo [2010.11.29 19:22:17 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\ICAClient [2012.07.25 17:07:38 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Icap [2012.10.02 22:43:58 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\ICQ [2008.03.01 08:23:39 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\ICQ Toolbar [2012.10.17 20:28:51 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Igceka [2012.10.16 16:02:52 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ikaviz [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ikpe [2012.10.21 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ikpema [2012.10.20 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ikraat [2012.10.17 20:28:51 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Iluqpu [2012.10.22 08:27:22 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Imicew [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Isve [2012.10.25 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ivfava [2012.10.24 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Kahyyv [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Laceu [2012.11.06 09:38:15 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Naceu [2012.10.16 16:02:52 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Nagaah [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Noraa [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ociva [2011.12.14 18:30:20 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\OCS [2012.10.21 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Odli [2012.10.25 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ofkaa [2012.10.17 00:02:54 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ohev [2012.10.18 13:07:41 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Onaga [2011.11.10 19:56:59 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\OpenOffice.org [2011.12.14 18:30:30 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Opera [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Orcyug [2012.10.18 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Osyx [2012.10.23 17:37:01 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Oztil [2012.10.18 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Pyaqhu [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Qouf [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Qyqek [2012.10.18 13:07:41 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Qyzy [2012.10.25 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Seravy [2010.12.03 08:37:47 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Serif [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Sivi [2011.04.10 13:30:56 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Sony [2011.04.10 13:30:57 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Sony Setup [2012.10.20 09:15:45 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Suuceb [2007.07.23 17:28:58 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\T-Online [2012.10.23 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Tyowi [2010.09.27 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ubisoft [2012.10.20 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ucqa [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Udeq [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Uhud [2007.09.24 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ulead Systems [2012.10.25 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Vubiyw [2012.10.21 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Vuma [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Waycce [2012.10.15 07:53:28 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Xyuf [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yggig [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yppua [2012.10.22 08:27:22 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yqats [2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yqxufa [2012.10.23 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yvqe [2012.10.26 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yxyp [2012.10.18 13:07:41 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Zutea ========== Purity Check ========== < End of report > Der Extra text lautet: OTL Extras logfile created on: 06.11.2012 09:28:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Winkelmann\Desktop\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,69% Memory free 4,21 Gb Paging File | 2,96 Gb Available in Paging File | 70,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 278,09 Gb Total Space | 155,71 Gb Free Space | 55,99% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 12,06 Gb Free Space | 60,35% Space Free | Partition Type: FAT32 Drive H: | 428,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: BÜRO-PC | User Name: Winkelmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Programme\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Programme\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (DATEV_CL_DE01) "{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime "{0881ECE5-DCA1-462D-B515-F1732875EC74}" = DATEV Infragistics Runtime V.3.2 "{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional "{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web) "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox "{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV "{4D9DD45B-E79A-4F04-898E-B2C3769AB729}" = Serif DrawPlus X2 "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB) "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{5A2F371F-8B5D-46B4-833C-0612B065BEC7}" = GameShadow "{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension "{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser "{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update "{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic "{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX) "{81AB1374-098A-43CB-BE57-31CEB5EB1031}" = Nero 7 Essentials "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}" = iTunes "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{8FC46258-0843-4D79-B7F0-F2B82FE6173B}" = Apple Mobile Device Support "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A787B327-ABF4-4655-8FC3-01F65FB68880}_is1" = Vortest 7 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia "{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV) "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D4A2957D-5113-4722-A0A3-E7D0BF85D5D4}" = Three Ships Browser Plugin "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.8 "{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE "{DE2F265D-DC1F-4396-B8E7-E98E719AAA24}_is1" = CLICK & LEARN DiDi 360° 1.1 "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM "{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5BD02EF-36F1-478F-88B2-D3990C62C2CB}" = SQLXML4 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "1&1 EasyLogin" = 1&1 EasyLogin "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "BabylonToolbar" = Babylon toolbar on IE "CCleaner" = CCleaner "CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web "DATEVB00000482.0" = DATEV Installation V.2.6 "DealPly" = DealPly "DesktopIconAmazon" = Desktop Icon für Amazon "eDgMt2 Client" = eDgMt2 Client "ELAN 2010 NW" = ELAN 2010 NW "ELAN 2011 NW " = ELAN 2011 NW "ELAN 2012 NW " = ELAN 2012 NW "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015 "GameSpy Arcade" = GameSpy Arcade "Google Desktop" = Google Desktop "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "LetsTrade" = LetsTrade Komponenten "Lizenz zum Fahren" = Lizenz zum Fahren 2.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "MEDION Fotos auf CD Sued D" = MEDION Fotos auf CD Sued 6.0.2.0 (D) "Metin2_is1" = Metin2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Netzmanager" = Netzmanager "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "RealPlayer 6.0" = RealPlayer "SearchAnonymizer" = SearchAnonymizer "Sigel BusinessCardSoftware" = Sigel BusinessCardSoftware "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter "WinRAR archiver" = WinRAR 4.20 (32-Bit) "X10Hardware" = X10 Hardware(TM) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FunHouse2 - Client" = FunHouse2 - Client "Funhouse2.eu" = Funhouse2.eu "Google Chrome" = Google Chrome "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05.11.2012 13:09:24 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3031 Description = Error - 05.11.2012 13:12:39 | Computer Name = Büro-PC | Source = MSSQL$DATEV_CL_DE01 | ID = 9003 Description = Die Protokollscannummer (826:296:1), die an den Protokollscan in der 'master'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen, dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei (MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist, müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten führt. Error - 05.11.2012 13:12:40 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 9000 Description = Error - 05.11.2012 13:12:40 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 9002 Description = Error - 05.11.2012 13:12:40 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3029 Description = Error - 05.11.2012 13:12:41 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3029 Description = Error - 05.11.2012 13:12:41 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3028 Description = Error - 05.11.2012 13:12:41 | Computer Name = Büro-PC | Source = Windows Search Service | ID = 3058 Description = Error - 05.11.2012 13:19:49 | Computer Name = Büro-PC | Source = WerSvc | ID = 5007 Description = Error - 06.11.2012 04:07:16 | Computer Name = Büro-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung KSSCBE12.exe, Version 12.0.0.374, Zeitstempel 0x4bc06cd3, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00014efa, Prozess-ID 0x1aa4, Anwendungsstartzeit 01cdbbf5bbcb7ff0. [ OSession Events ] Error - 25.09.2007 17:56:53 | Computer Name = Büro-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9388 seconds with 1740 seconds of active time. This session ended with a crash. [ System Events ] Error - 05.11.2012 10:03:14 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7024 Description = Error - 05.11.2012 10:03:14 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7026 Description = Error - 05.11.2012 13:10:56 | Computer Name = Büro-PC | Source = DCOM | ID = 10010 Description = Error - 05.11.2012 13:13:49 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7023 Description = Error - 05.11.2012 13:13:49 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7003 Description = Error - 05.11.2012 13:13:49 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7003 Description = Error - 05.11.2012 13:13:49 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7024 Description = Error - 05.11.2012 13:13:49 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7026 Description = Error - 05.11.2012 13:13:49 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7024 Description = Error - 05.11.2012 13:13:49 | Computer Name = Büro-PC | Source = Service Control Manager | ID = 7031 Description = < End of report > Schritt drei funktioniert nicht, habe einen x86 basierten PC, kann aber gar nicht erst den angegeben link öffnen, wieder sagt google das es die url auf dem server nicht gibt. Habe auch noch Malwarebytes durchlaufen lassen. Der Bericht davon ist: Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.05.04 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Winkelmann :: BÜRO-PC [Administrator] Schutz: Aktiviert 05.11.2012 16:23:35 mbam-log-2012-11-05 (16-23-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 450731 Laufzeit: 1 Stunde(n), 42 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 10 HKCU\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\YVIBBBHA8C (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Qidubu (Trojan.Agent.GNI) -> Daten: C:\Users\Winkelmann\AppData\Roaming\Ikpe\asuny.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Winkelmann\AppData\Local\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 30 C:\Users\Winkelmann\Desktop\Desktop\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt. C:\Users\Winkelmann\AppData\Roaming\Ikpe\asuny.exe (Trojan.Agent.GNI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\eDgMt2\Config.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\eDgMt2\hi\eDgMt2\Config.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Funhouse2.eu\metin2.bin (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Local\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\n (Trojan.Sirefef) -> Löschen bei Neustart. C:\Users\Winkelmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\14e3b2d7-50eef918 (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Ciumv\ynniw.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Coaq\xuixi.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Isve\ekva.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Laceu\ymmo.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Noraa\bizy.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Ociva\ufel.exe (Trojan.Agent.GNI) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Orcyug\impie.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Qouf\acneq.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Qyqek\qyniy.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Sivi\poqo.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Doypqi\eton.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Fiqa\evwy.exe (Trojan.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Udeq\uved.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Uhud\fypuo.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Waycce\huoqw.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Yggig\ospu.exe (Trojan.Agent.BH) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Yppua\qaukl.exe (Trojan.FakeAdobe) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Winkelmann\AppData\Roaming\Yqxufa\ukyz.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\n (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\{4712b564-7866-e69e-10a4-d6fab3c9c7e7}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hoffe die Informationen reichen zunächst. Würdemich super freuen wenn mir da jemand helfen kann. Bin zwar nicht soo bewandert am Computer, aber würde es echt gerne probieren mit eurer Hilfe zu beheben Danke schonmal  |
|
06.11.2012, 19:18
| #2 |
| /// Malware-holic   | Virenprogramme lassen sich nicht mehr installieren hi
__________________das ist bei deinem pc kein wunder, warum hat der zb noch nie windows updates gesehen? das ist gefährlich. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [Zibyziyqov] C:\Users\Winkelmann\AppData\Roaming\Icap\nide.exe ()
[2012.11.05 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Akugid
[2012.10.20 09:15:45 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Awizg
[2012.11.02 09:37:04 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Awta
[2012.10.15 07:53:28 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Azibuq
[2012.10.26 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Byuvr
[2012.10.19 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Cawawy
[2012.10.24 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ceat
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ciumv
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Coaq
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Doypqi
[2012.10.14 23:49:37 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Etmeor
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Fiqa
[2012.10.21 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Fydev
[2012.07.25 17:07:38 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Hymeo
[2012.07.25 17:07:38 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Icap
[2012.10.17 20:28:51 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Igceka
[2012.10.16 16:02:52 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ikaviz
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ikpe
[2012.10.21 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ikpema
[2012.10.20 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ikraat
[2012.10.17 20:28:51 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Iluqpu
[2012.10.22 08:27:22 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Imicew
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Isve
[2012.10.25 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ivfava
[2012.10.24 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Kahyyv
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Laceu
[2012.11.06 09:38:15 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Naceu
[2012.10.16 16:02:52 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Nagaah
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Noraa
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ociva
[2012.10.21 17:16:47 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Odli
[2012.10.25 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ofkaa
[2012.10.17 00:02:54 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ohev
[2012.10.18 13:07:41 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Onaga
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Orcyug
[2012.10.18 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Osyx
[2012.10.23 17:37:01 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Oztil
[2012.10.18 12:28:34 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Pyaqhu
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Qouf
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Qyqek
[2012.10.18 13:07:41 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Qyzy
[2012.10.25 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Seravy
[2010.12.03 08:37:47 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Serif
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Sivi
[2012.10.20 09:15:45 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Suuceb
[2012.10.23 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Tyowi
[2012.10.20 15:53:19 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Ucqa
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Udeq
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Uhud
[2012.10.25 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Vubiyw
[2012.10.21 01:15:48 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Vuma
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Waycce
[2012.10.15 07:53:28 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Xyuf
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yggig
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yppua
[2012.10.22 08:27:22 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yqats
[2012.11.05 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yqxufa
[2012.10.23 09:26:06 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yvqe
[2012.10.26 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Yxyp
[2012.10.18 13:07:41 | 000,000,000 | ---D | M] -- C:\Users\Winkelmann\AppData\Roaming\Zutea
:Files
C:\Users\Winkelmann\AppData\Roaming\Icap
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
06.11.2012, 19:53
| #3 |
| | Virenprogramme lassen sich nicht mehr installieren Danke für die schnelle antwort
__________________Das Textfeld nach dem Neustart ist dieses: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Zibyziyqov deleted successfully.
C:\Users\Winkelmann\AppData\Roaming\Icap\nide.exe moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Akugid folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Awizg folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Awta folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Azibuq folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Byuvr folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Cawawy folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ceat folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ciumv folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Coaq folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Doypqi folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Etmeor folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Fiqa folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Fydev folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Hymeo folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Icap folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Igceka folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ikaviz folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ikpe folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ikpema folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ikraat folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Iluqpu folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Imicew folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Isve folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ivfava folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Kahyyv folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Laceu folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Naceu folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Nagaah folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Noraa folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ociva folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Odli folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ofkaa folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ohev folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Onaga folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Orcyug folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Osyx folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Oztil folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Pyaqhu folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Qouf folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Qyqek folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Qyzy folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Seravy folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Workspace Profiles folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Settings folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Recent folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Program folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Portfolio folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Palettes folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Languages folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\InstantEffects folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\FillTables folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Eigene Vorlagen folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\DisplayLists folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Zeichenkohle folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Trockene Farbe folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Textur folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Stift folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Pastell folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Mittlere Farbe folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Foto folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Filzstift folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Einfach folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Bleistift folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes\Aquarell folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0\Brushes folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus\9.0 folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif\DrawPlus folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Serif folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Sivi folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Suuceb folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Tyowi folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Ucqa folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Udeq folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Uhud folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Vubiyw folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Vuma folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Waycce folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Xyuf folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Yggig folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Yppua folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Yqats folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Yqxufa folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Yvqe folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Yxyp folder moved successfully.
C:\Users\Winkelmann\AppData\Roaming\Zutea folder moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Gast
->Flash cache emptied: 2604 bytes
User: Public
User: Winkelmann
->Flash cache emptied: 9819210 bytes
Total Flash Files Cleaned = 9,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 502727 bytes
->Temporary Internet Files folder emptied: 16146896 bytes
->Java cache emptied: 619109 bytes
->FireFox cache emptied: 158726810 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Winkelmann
->Temp folder emptied: 281046 bytes
->Temporary Internet Files folder emptied: 5020218 bytes
->Java cache emptied: 29889235 bytes
->FireFox cache emptied: 95470771 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3459220 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 296,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11062012_193756
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\fla2B2.tmp not found!
File\Folder C:\Windows\temp\JET9E70.tmp not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
der PC scheint ja richtig viel gerümpel draufzuhaben |
|
06.11.2012, 19:55
| #4 |
| /// Malware-holic | Virenprogramme lassen sich nicht mehr installieren hi danke für den upload. das war erst die spitze vom müll berg :-) nutzt du den pc für onlinebanking, zum einkaufen, für sonstige zahlungsabwicklungen, oder ähnlich wichtigem, wie beruflichem?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.11.2012, 20:05
| #5 |
| | Virenprogramme lassen sich nicht mehr installieren Habe einen anderen PC den ich dafür benutze, ist aber vorgekommen das probiert habe. Der PC wird hauptsächlich von meinem kleinen Bruder benutzt, ich glaube das davon auch der Befall mit was auch immer kommt. Habe hiermit aber über amazon zum beispiel kleinigkeiten gekauft. Ist das schlimm? |
|
06.11.2012, 20:10
| #6 |
| /// Malware-holic | Virenprogramme lassen sich nicht mehr installieren ja, du musst alle passwörter, die von dem pc aus eingegeben wurden endern. das system zu bereinigen lohnt sich erlich gesagt nicht. ich sehe hier weitere schadsoftware, wie rootkit.zero access. man kann zwar versuchen diese zu entfernen, das ist aber nicht 100 %ig sicher. ein weiteres problem ist, dass wir danach noch tonnenweise updates instalieren müssten, das kostet noch mehr zeit ich würd daher vorschlagen, wir machen das system gleich neu, und sichern es dann richtig ab. das spart zeit, und ist die sicherere lösung. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ --> Virenprogramme lassen sich nicht mehr installieren |
|
06.11.2012, 20:24
| #7 |
| | Virenprogramme lassen sich nicht mehr installieren Wow vielen Dank schonmal für die ganzen Hinweise und die Hilfe Den PC habe ich damals bei aldi gekauft. Hersteller ist Medion, eine Windows CD habe ich leider nicht. Typ ist MED MT 474G. Dafür nehme ich mir dann morgen Zeit um den Prozess zu starten. Was meinst du denn wie viel Zeit sowas in anspruch nehmen kann? Ich bin nicht doof, aber gemacht hab ich sowas ja noch nie haha |
|
06.11.2012, 21:14
| #8 |
| /// Malware-holic | Virenprogramme lassen sich nicht mehr installieren hi, kommt drauf an, wie schnell man arbeitet, sagen wir mal 6 stunden da das updaten immer ne weile dauert. schau mal, obs zum pc cds dazu gab, recovery cds sind meist im lieferumfang
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Virenprogramme lassen sich nicht mehr installieren |
| amerika, avira, babylontoolbar, bho, computer, converter, dealply, desktop, dvdvideosoft ltd., excel, firefox, flash player, geld, hintergrundmusik, home, install.exe, intranet, kaspersky, limited.com/facebook, logfile, metin2, mp3, object, persönliche daten abgefragt, plug-in, problem, programm, realtek, scan, security, senden, software, starten, super, virenprogramm deaktiviert, vista, visual studio, werbung |
Linear-Darstellung
