| |
| |||||||
Log-Analyse und Auswertung: falscher Linkaufruf nach Google oder Yahoo SucheWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.11.2012, 21:40
| #1 |
| |  falscher Linkaufruf nach Google oder Yahoo Suche Hallo zusammen, ich habe hier ein Problem mit Yahoo und Google andere Suchmaschinen wahrscheinlich auch.Nach einer Suche werden mir Treffer angezeigt. Wenn ich diese dann anklicke gelange ich immer auf Werbungsseiten als Anlage meine anfertigten Logfiles: OTL.txt Code:
ATTFilter OTL logfile created on: 08.11.2012 19:26:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Downloads\tools Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,41% Memory free 6,68 Gb Paging File | 5,64 Gb Available in Paging File | 84,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73,73 Gb Total Space | 29,39 Gb Free Space | 39,86% Space Free | Partition Type: NTFS Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS Drive E: | 267,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 7,45 Gb Total Space | 7,03 Gb Free Space | 94,30% Space Free | Partition Type: FAT32 Computer Name: xxxx-PC | User Name: xxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.08 19:17:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\tools\OTL.exe PRC - [2012.11.07 20:23:37 | 000,040,960 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2012.10.29 17:33:28 | 001,573,584 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 18:05:15 | 000,083,232 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\ipmgui.exe PRC - [2012.10.16 17:58:34 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.16 17:56:56 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.13 06:39:18 | 000,152,064 | ---- | M] (GoPro) -- C:\Programme\CineForm\Tools\GoProCineFormStatusViewer.exe PRC - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2012.09.12 16:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MpCmdRun.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2011.12.16 17:51:20 | 005,992,064 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.08.05 12:13:16 | 000,403,592 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 08:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.11.07 23:11:12 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll MOD - [2012.11.07 23:10:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll MOD - [2012.11.07 23:10:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll MOD - [2012.11.07 23:10:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll MOD - [2012.11.07 23:09:33 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll MOD - [2012.11.07 23:06:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll MOD - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2012.07.31 02:08:04 | 000,016,872 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2011.12.16 17:51:00 | 013,923,280 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2011.12.16 14:37:58 | 000,018,784 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll MOD - [2009.03.30 05:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2012.11.07 20:23:37 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\xxx\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.10.20 12:46:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 17:58:34 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.11 12:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ulisa.sys -- (ulisa) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\A331.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\FXDrv32.sys -- (FXDrv32) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\detewecp.sys -- (DETEWECP) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.04 12:07:05 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.01.09 16:01:03 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2012.01.09 16:00:46 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012.01.09 16:00:05 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2012.01.09 16:00:02 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt61.sys -- (vidsflt61) DRV - [2012.01.09 15:59:58 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012.01.09 15:59:52 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2011.11.21 18:09:55 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010.08.24 09:36:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.07.14 19:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.01.19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) DRV - [2007.03.09 12:00:40 | 000,808,752 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.yahoo.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.firma-und-verein.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&k=0 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109727&tt=4512_2&babsrc=SP_ss&mntrId=88de93e6000000000000001fe24d9c9f IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = [String data over 1000 bytes] IE - HKCU\..\SearchScopes\{3BCAF082-E712-46A3-92DD-DBC49DFFB031}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{58D4B204-1AEC-4762-8E85-382CC61C1C26}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{5AB8FD70-30EE-460E-8AD0-7F33D21747D6}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6220E510-1A0E-4936-81A2-7A956AA16574}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D39373131363326703D7B7365617263685465726D737D&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&k=0 IE - HKCU\..\SearchScopes\{7708CDBE-F8E4-4EF5-BDD4-0DA0775FB2B5}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D26726C7A3D314937414453415F64654445333333&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&k=0 IE - HKCU\..\SearchScopes\{D38EFECB-CE46-4CF9-B0B1-9BF271968D17}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{D73155DA-F7E7-4F86-89DF-2A4E572D84D6}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{F06C5AB8-4C8E-4A8A-B763-6C5D2F05FD6A}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Spiegelberg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.11.07 20:24:10 | 000,000,000 | ---D | M] [2012.11.07 20:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.babylon.com/?affID=109727&tt=4512_2&babsrc=HP_ss&mntrId=88de93e6000000000000001fe24d9c9f CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: registryAccess (Enabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2010.08.24 09:52:05 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [Ocs_SM] C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [tptc] C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ravensburger.de ([www] https in Vertrauenswürdige Sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75A1260F-5C70-4AA5-AE33-6558F0051E48}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92E1A79D-0F16-4AC4-BED2-1FB4744E1D01}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b2b03f1e-0d2d-11e2-b8a1-001fe24d9c9f}\Shell - "" = AutoRun O33 - MountPoints2\{b2b03f1e-0d2d-11e2-b8a1-001fe24d9c9f}\Shell\AutoRun\command - "" = J:\PMCsetup.exe O33 - MountPoints2\{e6479439-af5a-11df-95eb-001fe24d9c9f}\Shell - "" = AutoRun O33 - MountPoints2\{e6479439-af5a-11df-95eb-001fe24d9c9f}\Shell\AutoRun\command - "" = H:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.08 19:23:12 | 000,000,000 | R--D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.11.08 14:17:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.11.07 22:57:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.11.07 21:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.07 21:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.11.07 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Malwarebytes [2012.11.07 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.07 21:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.07 21:25:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.07 21:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 20:24:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.11.07 20:24:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.11.07 20:24:11 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager [2012.11.07 20:24:09 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\BabylonToolbar [2012.11.07 20:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.07 20:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2012.11.07 20:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.11.07 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.07 20:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.07 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:23:38 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.11.07 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:15:13 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.11.07 19:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.11.07 18:59:39 | 000,000,000 | ---D | C] -- C:\TEMP [2012.11.06 16:59:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.05 19:47:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\DoNotTrackPlus [2012.11.05 19:47:03 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\AskToolbar [2012.11.05 19:18:32 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Avira [2012.11.05 19:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.05 19:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.11.05 19:11:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.05 19:11:29 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.05 19:11:29 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.05 19:11:29 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.05 19:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.05 19:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.11.05 19:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.11.03 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\GoPro [2012.10.31 21:05:06 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm [2012.10.31 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.10.31 21:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\GoPro [2012.10.13 06:31:20 | 001,458,176 | ---- | C] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.08 19:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0875EFAD-89D5-413E-BC1E-7CD21774E03F}.job [2012.11.08 19:29:47 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.08 19:29:47 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.08 19:29:47 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.08 19:29:47 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.08 19:23:55 | 000,156,389 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.11.08 19:23:55 | 000,156,389 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.08 19:23:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.08 19:22:20 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.08 19:22:19 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.08 19:22:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.08 19:21:36 | 3487,752,192 | -HS- | M] () -- C:\hiberfil.sys [2012.11.08 19:19:45 | 000,000,020 | ---- | M] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.08 18:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.08 18:40:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.08 17:54:10 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{31D3D547-51BB-4705-A348-F81907224F98}.job [2012.11.07 23:03:20 | 003,728,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.07 21:25:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.07 14:05:06 | 000,002,735 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Outlook 2007.lnk [2012.11.07 09:15:18 | 000,002,633 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Excel 2007.lnk [2012.11.05 19:12:48 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.05 18:55:47 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | M] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2012.10.30 12:13:25 | 000,002,631 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Word.lnk [2012.10.21 10:28:27 | 000,063,488 | ---- | M] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.13 06:31:20 | 001,458,176 | ---- | M] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.08 19:19:27 | 000,000,020 | ---- | C] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.07 23:07:18 | 000,000,921 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.11.07 21:25:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 21:21:10 | 003,728,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.07 20:24:01 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.05 19:12:48 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.05 18:54:31 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.11.05 18:54:31 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2011.11.16 17:44:38 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2011.11.10 11:40:12 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI [2010.12.13 22:49:14 | 000,000,680 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\d3d9caps.dat [2010.12.01 14:15:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Woodwinds [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\designjet [2010.08.03 19:37:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Widgets [2010.08.03 19:33:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.08.29 12:48:01 | 000,023,888 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\UserTile.png [2009.08.21 10:32:16 | 000,156,389 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.20 17:46:30 | 000,156,389 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.26 16:32:26 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.03.19 16:35:29 | 000,001,024 | ---- | C] () -- C:\Users\Spiegelberg\.rnd [2009.03.19 15:16:38 | 000,063,488 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.09 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\405167BC-5A2C-4D80-9C2A-110C87E2065B [2011.11.21 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Acronis [2009.05.11 20:20:03 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Babylon [2012.11.07 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\BabylonToolbar [2010.01.13 16:11:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Canon [2012.11.07 20:46:25 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DAEMON Tools Lite [2012.11.07 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.10.31 21:05:06 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2011.07.16 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Heimu [2009.06.20 08:39:13 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\myphotobook [2010.08.03 19:51:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Nikon [2012.11.07 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.05.12 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\RavensburgerTipToi [2010.10.13 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.09 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\TeamViewer [2011.07.14 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Weute ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB51421$] -> Error: Cannot create file handle -> Unknown point type < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.11.2012 19:26:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spiegelberg\Downloads\tools
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 68,41% Memory free
6,68 Gb Paging File | 5,64 Gb Available in Paging File | 84,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73,73 Gb Total Space | 29,39 Gb Free Space | 39,86% Space Free | Partition Type: NTFS
Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive E: | 267,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 7,45 Gb Total Space | 7,03 Gb Free Space | 94,30% Space Free | Partition Type: FAT32
Computer Name: XXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E16C3D7B-49BA-4402-83E3-B073B6F532FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EFF1F48-2506-4851-A24A-17FAB3F9C835}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E3DF92C-2825-4764-8BAE-278885B6A272}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{379608A0-5852-473F-BFDB-7CFDC952E29C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{77EA58B6-9705-4D65-8649-C8F15D91B7FD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AB86C0E1-C327-4EA6-A930-899A063F53B1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BCD4992B-2756-4394-89FB-6721089F55AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF38C860-096D-4DB5-92D4-91BC77BFF335}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{FDE9A7EB-62F6-4A42-B900-BDBAA22A15CF}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{0A136DC9-03F9-41B7-9887-1227181786C3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{2488EA68-BBBC-4977-A88C-4F808EB52124}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B62318B8-B927-4EA9-A538-7FC4956F14CA}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{F49FB033-E8C7-4516-88B9-2F6C4007A829}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{804B100B-F5DE-4695-8CEB-8FA1A6F8425D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8DE28CE4-620D-480F-9B2C-9F544CEBEDCE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{989AB90B-C873-4A1C-A9AD-236F4D0AFA88}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{A0437708-5A69-4246-BB05-60F9C052DAD5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-145C DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam
"{4F9477A1-CD01-4930-A28B-341CEF163879}_is1" = Fachin & Friedrich Toolpaket 9.3 (März 2009)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis*True*Image*Home 2012
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis*True*Image*Home 2012
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD6973A-76F1-487A-AE41-FD77BAAF00C6}" = Firma und Verein
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DesktopIconAmazon" = Desktop Icon für Amazon
"Google Chrome" = Google Chrome
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Nussknacker 2" = Nussknacker 2
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OUTLOOKR" = Microsoft Office Outlook 2007
"Ravensburger tiptoi" = Ravensburger tiptoi
"REHADAT-Elan 2008 V_is1" = REHADAT-Elan 2008 V
"SearchAnonymizer" = SearchAnonymizer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"sv.net" = sv.net
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.10.2011 11:52:46 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.10.2011 11:52:46 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 12:57:36 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 12:57:36 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.10.2011 02:48:58 | Computer Name = xxxxx-PC | Source = EventSystem | ID = 4609
Description =
Error - 06.10.2011 02:54:52 | Computer Name =xxx-PC | Source = EventSystem | ID = 4609
Description =
[ OSession Events ]
Error - 23.09.2009 14:28:06 | Computer Name = xxxxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.10.2009 16:36:51 | Computer Name = xxxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126
seconds with 120 seconds of active time. This session ended with a crash.
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-08 21:22:50
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160815AS rev.4.AAB
Running: 2lc3d3sc.exe; Driver: C:\Users\SPIEGE~1\AppData\Local\Temp\fxtiruog.sys
---- System - GMER 1.0.15 ----
SSDT 8BD9C4FE ZwCreateSection
SSDT 8BD9C508 ZwRequestWaitReplyPort
SSDT 8BD9C503 ZwSetContextThread
SSDT 8BD9C50D ZwSetSecurityObject
SSDT 8BD9C512 ZwSystemDebugControl
SSDT 8BD9C49F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 822E2998 4 Bytes [FE, C4, D9, 8B]
.text ntkrnlpa.exe!KeSetEvent + 539 822E2CBC 4 Bytes [08, C5, D9, 8B]
.text ntkrnlpa.exe!KeSetEvent + 56D 822E2CF0 4 Bytes [03, C5, D9, 8B]
.text ntkrnlpa.exe!KeSetEvent + 5D1 822E2D54 4 Bytes [0D, C5, D9, 8B]
.text ntkrnlpa.exe!KeSetEvent + 619 822E2D9C 4 Bytes [12, C5, D9, 8B]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\System32\spoolsv.exe[496] USER32.dll!DialogBoxParamW 766510B0 5 Bytes JMP 75804540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\Windows\system32\svchost.exe[520] USER32.dll!DialogBoxParamW 766510B0 5 Bytes JMP 75804540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\Windows\system32\wininit.exe[844] USER32.dll!DialogBoxParamW 766510B0 5 Bytes JMP 75804540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\Windows\system32\services.exe[888] USER32.dll!DialogBoxParamW 766510B0 5 Bytes JMP 75804540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text C:\Windows\system32\lsass.exe[908] USER32.dll!DialogBoxParamW 766510B0 5 Bytes JMP 75804540 c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
.text ...
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
AttachedDevice tdrpman.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\volmgr \Device\HarddiskVolume2 fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\Ecache \Device\ECacheControl fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\volmgr \Device\HarddiskVolume3 fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\partmgr \Device\PartmgrControl fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\disk \Device\Harddisk0\DR0 fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
Device \Driver\disk \Device\Harddisk1\DR1 fltsrv.sys (Acronis Storage Filter Management Driver/Acronis)
AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x31 0x9D 0xB6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF2 0x86 0xA8 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0x81 0x01 0xEF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0x31 0x9D 0xB6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF2 0x86 0xA8 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2A 0x81 0x01 0xEF ...
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB51421$\1476947754 0 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\@ 2048 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\L 0 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\L\vhtmwbun 66560 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\U 0 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\U\@00000001 45968 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\U\@000000c0 3584 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\U\@000000cb 3072 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\U\@80000000 26112 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\U\@800000c0 35840 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\U\@800000cb 27648 bytes
File C:\Windows\$NtUninstallKB51421$\1476947754\U\@800000cf 27648 bytes
File C:\Windows\$NtUninstallKB51421$\434791671 0 bytes
---- EOF - GMER 1.0.15 ----
Geändert von Gold7 (08.11.2012 um 22:22 Uhr) |
|
09.11.2012, 04:38
| #2 | |||
| /// Helfer-Team    | falscher Linkaufruf nach Google oder Yahoo Suche Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. OTL wurde falsch platziert/gespeichert! Es muss auf dem Desktop abgelegt werden! Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll! also entfernen und erneut herunterladen:-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop. ** nachdem es gespeichert wurde auf dem Desktop in das Logfile von OTL, soll etwa so aussehen: Zitat:
Systemscan mit OTL
4. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
09.11.2012, 17:56
| #3 |
| | falscher Linkaufruf nach Google oder Yahoo Suche Hallo hat leider etwas gedauert aber hier die logs
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.09.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Spiegelberg :: SPIEGELBERG-PC [Administrator] Schutz: Deaktiviert 09.11.2012 15:16:16 mbam-log-2012-11-09 (15-16-16).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 437204 Laufzeit: 2 Stunde(n), 7 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 09.11.2012 17:28:20 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 54,73% Memory free 6,74 Gb Paging File | 5,28 Gb Available in Paging File | 78,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73,73 Gb Total Space | 27,13 Gb Free Space | 36,80% Space Free | Partition Type: NTFS Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS Drive E: | 267,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 7,45 Gb Total Space | 7,03 Gb Free Space | 94,29% Space Free | Partition Type: FAT32 Computer Name: Sxxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Users\xxx\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () MOD - C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll () MOD - C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV - (SearchAnonymizer) -- C:\Users\xxx\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (afcdpsrv) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (syncagentsrv) -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ulisa) -- System32\Drivers\ulisa.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (MEMSWEEP2) -- C:\Windows\system32\A331.tmp File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (FXDrv32) -- E:\FXDrv32.sys File not found DRV - (DETEWECP) -- C:\Windows\System32\drivers\detewecp.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis) DRV - (tdrpman) -- C:\Windows\System32\drivers\tdrpman.sys (Acronis) DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis) DRV - (vidsflt61) -- C:\Windows\System32\drivers\vsflt61.sys (Acronis) DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis) DRV - (fltsrv) -- C:\Windows\System32\drivers\fltsrv.sys (Acronis) DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation) DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys (Bison Electronics. Inc. ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.yahoo.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.firma-und-verein.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109727&tt=4512_2&babsrc=SP_ss&mntrId=88de93e6000000000000001fe24d9c9f IE - HKCU\..\SearchScopes\{3BCAF082-E712-46A3-92DD-DBC49DFFB031}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{58D4B204-1AEC-4762-8E85-382CC61C1C26}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{5AB8FD70-30EE-460E-8AD0-7F33D21747D6}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{6220E510-1A0E-4936-81A2-7A956AA16574}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D39373131363326703D7B7365617263685465726D737D&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&k=0 IE - HKCU\..\SearchScopes\{7708CDBE-F8E4-4EF5-BDD4-0DA0775FB2B5}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D26726C7A3D314937414453415F64654445333333&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&k=0 IE - HKCU\..\SearchScopes\{D38EFECB-CE46-4CF9-B0B1-9BF271968D17}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{D73155DA-F7E7-4F86-89DF-2A4E572D84D6}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{F06C5AB8-4C8E-4A8A-B763-6C5D2F05FD6A}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\xxx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2012.11.07 20:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: registryAccess (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2010.08.24 09:52:05 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [Ocs_SM] C:\Users\xxx\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [tptc] C:\Users\xxx\AppData\Roaming\SCardDlgj.dll () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ravensburger.de ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75A1260F-5C70-4AA5-AE33-6558F0051E48}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92E1A79D-0F16-4AC4-BED2-1FB4744E1D01}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b2b03f1e-0d2d-11e2-b8a1-001fe24d9c9f}\Shell - "" = AutoRun O33 - MountPoints2\{b2b03f1e-0d2d-11e2-b8a1-001fe24d9c9f}\Shell\AutoRun\command - "" = J:\PMCsetup.exe O33 - MountPoints2\{e6479439-af5a-11df-95eb-001fe24d9c9f}\Shell - "" = AutoRun O33 - MountPoints2\{e6479439-af5a-11df-95eb-001fe24d9c9f}\Shell\AutoRun\command - "" = H:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.09 17:26:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.11.09 15:11:45 | 000,000,000 | R--D | C] -- C:\Users\Sxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.11.09 14:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.11.08 23:15:49 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2012.11.08 23:15:47 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2012.11.08 23:15:47 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2012.11.08 23:14:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2012.11.08 23:14:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2012.11.08 23:14:17 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2012.11.08 23:14:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2012.11.08 23:14:14 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2012.11.08 23:14:14 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2012.11.08 23:14:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2012.11.08 23:14:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2012.11.08 23:14:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2012.11.08 23:14:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2012.11.08 23:14:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2012.11.08 23:14:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2012.11.08 22:58:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.11.08 22:57:24 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.11.08 22:57:24 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:57:22 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.11.08 22:56:48 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 22:37:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.08 14:33:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2012.11.08 14:33:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2012.11.08 14:33:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2012.11.08 14:33:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2012.11.08 14:33:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.11.08 14:33:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.11.08 14:32:19 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012.11.08 14:31:47 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.11.08 14:31:46 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2012.11.08 14:31:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.11.08 14:30:50 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.11.08 14:30:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012.11.08 14:30:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.11.08 14:30:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.11.08 14:30:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.11.08 14:29:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2012.11.08 14:29:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2012.11.08 14:29:26 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.08 14:28:09 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.11.08 14:28:08 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.11.08 14:26:54 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012.11.08 14:17:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.08 13:59:41 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012.11.08 13:40:34 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.11.08 13:40:34 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.11.08 13:39:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.11.08 13:39:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.11.08 13:39:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.11.08 13:39:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.11.08 13:39:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.11.07 22:57:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.11.07 21:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.07 21:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.11.07 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2012.11.07 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.07 21:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.07 21:25:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.07 21:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 20:24:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.11.07 20:24:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.11.07 20:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.07 20:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.11.07 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.07 20:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.07 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Opera [2012.11.07 20:23:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DesktopIconForAmazon [2012.11.07 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\OCS [2012.11.07 20:15:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\QuickScan [2012.11.07 19:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.11.07 18:59:39 | 000,000,000 | ---D | C] -- C:\TEMP [2012.11.06 16:59:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.05 19:47:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\DoNotTrackPlus [2012.11.05 19:18:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira [2012.11.05 19:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.05 19:11:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.05 19:11:29 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.05 19:11:29 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.05 19:11:29 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.05 19:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.05 19:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.11.05 19:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.11.03 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\GoPro [2012.10.31 21:05:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm [2012.10.31 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.10.31 21:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\GoPro [2012.10.13 06:31:20 | 001,458,176 | ---- | C] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.09 17:34:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0875EFAD-89D5-413E-BC1E-7CD21774E03F}.job [2012.11.09 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2012.11.09 16:49:21 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 16:49:21 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.09 16:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.09 16:40:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.09 15:11:57 | 000,156,389 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.11.09 15:11:57 | 000,156,389 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.09 15:10:56 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.09 14:57:17 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.09 14:57:17 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.09 14:57:17 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.09 14:57:17 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.09 14:49:38 | 003,728,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.09 14:49:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.09 14:48:16 | 3487,752,192 | -HS- | M] () -- C:\hiberfil.sys [2012.11.09 14:29:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.11.08 22:58:30 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.11.08 22:58:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 22:58:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.11.08 22:57:24 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.11.08 22:57:24 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:57:22 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.11.08 22:56:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2012.11.08 22:56:48 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 19:19:45 | 000,000,020 | ---- | M] () -- C:\Users\Sxxx\defogger_reenable [2012.11.07 21:25:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | M] () -- C:\Users\xxx\Desktop\Amazon.lnk [2012.11.07 14:05:06 | 000,002,735 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Outlook 2007.lnk [2012.11.07 09:15:18 | 000,002,633 | ---- | M] () -- C:\Users\xxx\Desktop\Microsoft Office Excel 2007.lnk [2012.11.05 19:12:48 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.05 18:55:47 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | M] () -- C:\Users\xxx\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | M] () -- C:\Users\xxx\Desktop\GoPro CineForm Studio.lnk [2012.10.30 12:13:25 | 000,002,631 | ---- | M] () -- C:\Users\xxx\Desktop\Word.lnk [2012.10.21 10:28:27 | 000,063,488 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.20 12:46:21 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.20 12:46:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.13 06:31:20 | 001,458,176 | ---- | M] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.09 14:29:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:20 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 19:19:27 | 000,000,020 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2012.11.07 23:07:18 | 000,000,921 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.11.07 21:25:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 21:21:10 | 003,728,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.07 20:24:01 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | C] () -- C:\Users\xxxx\Desktop\Amazon.lnk [2012.11.05 19:12:48 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.05 18:54:31 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.11.05 18:54:31 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | C] () -- C:\Users\xxx\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | C] () -- C:\Users\xxx\Desktop\GoPro CineForm Studio.lnk [2011.11.16 17:44:38 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2011.11.10 11:40:12 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI [2010.12.13 22:49:14 | 000,000,680 | ---- | C] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat [2010.12.01 14:15:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Woodwinds [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\designjet [2010.08.03 19:37:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Widgets [2010.08.03 19:33:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.08.29 12:48:01 | 000,023,888 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\UserTile.png [2009.08.21 10:32:16 | 000,156,389 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.20 17:46:30 | 000,156,389 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.26 16:32:26 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.03.19 16:35:29 | 000,001,024 | ---- | C] () -- C:\Users\xxx\.rnd [2009.03.19 15:16:38 | 000,063,488 | ---- | C] () -- C:\Users\Sxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.09 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Sxx\AppData\Roaming\405167BC-5A2C-4D80-9C2A-110C87E2065B [2011.11.21 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Acronis [2010.01.13 16:11:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canon [2012.11.07 20:46:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite [2012.11.07 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DesktopIconForAmazon [2012.10.31 21:05:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\GoPro [2011.07.16 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Heimu [2009.06.20 08:39:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\myphotobook [2010.08.03 19:51:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nikon [2012.11.07 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OCS [2012.11.07 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Sxxx\AppData\Roaming\Opera [2012.11.07 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\QuickScan [2012.05.12 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\RavensburgerTipToi [2010.10.13 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.09 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer [2011.07.14 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Weute ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB51421$] -> Error: Cannot create file handle -> Unknown point type < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.11.2012 17:28:20 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxxx\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 54,73% Memory free
6,74 Gb Paging File | 5,28 Gb Available in Paging File | 78,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73,73 Gb Total Space | 27,13 Gb Free Space | 36,80% Space Free | Partition Type: NTFS
Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive E: | 267,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 7,45 Gb Total Space | 7,03 Gb Free Space | 94,29% Space Free | Partition Type: FAT32
Computer Name: xxxx | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E16C3D7B-49BA-4402-83E3-B073B6F532FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EFF1F48-2506-4851-A24A-17FAB3F9C835}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E3DF92C-2825-4764-8BAE-278885B6A272}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{379608A0-5852-473F-BFDB-7CFDC952E29C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{77EA58B6-9705-4D65-8649-C8F15D91B7FD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AB86C0E1-C327-4EA6-A930-899A063F53B1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BCD4992B-2756-4394-89FB-6721089F55AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF38C860-096D-4DB5-92D4-91BC77BFF335}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{FDE9A7EB-62F6-4A42-B900-BDBAA22A15CF}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{0A136DC9-03F9-41B7-9887-1227181786C3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{2488EA68-BBBC-4977-A88C-4F808EB52124}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B62318B8-B927-4EA9-A538-7FC4956F14CA}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{F49FB033-E8C7-4516-88B9-2F6C4007A829}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{804B100B-F5DE-4695-8CEB-8FA1A6F8425D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8DE28CE4-620D-480F-9B2C-9F544CEBEDCE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{989AB90B-C873-4A1C-A9AD-236F4D0AFA88}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{A0437708-5A69-4246-BB05-60F9C052DAD5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-145C DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam
"{4F9477A1-CD01-4930-A28B-341CEF163879}_is1" = Fachin & Friedrich Toolpaket 9.3 (März 2009)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis*True*Image*Home 2012
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis*True*Image*Home 2012
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD6973A-76F1-487A-AE41-FD77BAAF00C6}" = Firma und Verein
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DesktopIconAmazon" = Desktop Icon für Amazon
"Google Chrome" = Google Chrome
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Nussknacker 2" = Nussknacker 2
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OUTLOOKR" = Microsoft Office Outlook 2007
"Ravensburger tiptoi" = Ravensburger tiptoi
"REHADAT-Elan 2008 V_is1" = REHADAT-Elan 2008 V
"SearchAnonymizer" = SearchAnonymizer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"sv.net" = sv.net
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.10.2011 11:52:46 | Computer Name = xxxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = xxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = xxxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = xxxxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 12:57:36 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 12:57:36 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 06.10.2011 02:48:58 | Computer Name = xxx-PC | Source = EventSystem | ID = 4609
Description =
Error - 06.10.2011 02:54:52 | Computer Name = xxx-PC | Source = EventSystem | ID = 4609
Description =
Error - 06.10.2011 04:02:01 | Computer Name = xxx-PC | Source = EventSystem | ID = 4609
Description =
[ OSession Events ]
Error - 23.09.2009 14:28:06 | Computer Name = xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.10.2009 16:36:51 | Computer Name = xxxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126
seconds with 120 seconds of active time. This session ended with a crash.
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter Acronis*True*Image*Home 2012 Acronis 09.01.2012 117MB 15.0.6154 Adobe AIR Adobe Systems Inc. 24.08.2010 30,6MB 1.5.3.9120 Adobe Community Help Adobe Systems Incorporated 24.08.2010 2,52MB 3.0.0.400 Adobe Flash Player 10 Plugin Adobe Systems Incorporated 14.05.2010 2,69MB 10.0.45.2 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 20.10.2012 11.4.402.287 Adobe Media Player Adobe Systems Incorporated 24.08.2010 2,69MB 1.8 Adobe Photoshop CS5 Adobe Systems Incorporated 24.08.2010 1,52GB 12.0 Adobe Reader 9.5.2 - Deutsch Adobe Systems Incorporated 05.11.2012 123MB 9.5.2 Adobe Shockwave Player 11.6 Adobe Systems, Inc. 01.03.2012 8,32MB 11.6.4.634 ArcSoft PhotoStudio 5.5 ArcSoft 13.01.2010 25,2MB ASUS USB2.0 Webcam 10.05.2010 1,55MB Avira Free Antivirus Avira 05.11.2012 192MB 13.0.0.2735 Babylon Chrome Toolbar 18.03.2009 Brother MFL-Pro Suite DCP-145C DCP-165C Brother Industries, Ltd. 06.09.2009 7,77MB 1.1.8.0 Canon MP Navigator EX 2.0 13.01.2010 69,5MB Canon Utilities Solution Menu 13.01.2010 1,93MB CanoScan 5600F Scanner Driver 13.01.2010 80,4MB CCleaner Piriform 24.09.2012 4,86MB 3.23 CyberLink PowerDVD 8 CyberLink Corp. 19.03.2009 95,8MB 8.0.1830 Desktop Icon für Amazon 07.11.2012 1,06MB 1.0.1 (de) Fachin & Friedrich Toolpaket 9.3 (März 2009) 19.03.2009 0,99MB Firma und Verein 07.07.2010 14,6MB funkwerk Eumex 401 WIN-Tools V2.00 Funkwerk Enterprise Communications GmbH 16.11.2011 12,0MB 2.00.0000 Google Chrome Google Inc. 01.03.2012 270MB 23.0.1271.64 GoPro CineForm Studio 1.3.1 CineForm, Inc & GoPro, Inc. 31.10.2012 2,50MB 1.3.1 Java(TM) 6 Update 12 Sun Microsystems, Inc. 19.03.2009 97,0MB 6.0.120 Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 07.11.2012 12,7MB 1.65.1.1000 Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 19.03.2009 36,9MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 18.03.2009 36,9MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.06.2010 120MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.06.2010 24,5MB 4.0.30319 Microsoft Office File Validation Add-In Microsoft Corporation 07.11.2012 11,2MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 29.03.2012 357MB 12.0.6612.1000 Microsoft Office Live Add-in 1.5 Microsoft Corporation 05.11.2012 506KB 2.0.4024.1 Microsoft Office Outlook 2007 Microsoft Corporation 29.03.2012 357MB 12.0.6612.1000 Microsoft Security Essentials Microsoft Corporation 02.10.2012 21,3MB 4.1.522.0 Microsoft Silverlight Microsoft Corporation 12.05.2012 12,0MB 4.1.10329.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 01.08.2009 251KB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 294KB 8.0.56336 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 01.08.2009 199KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.03.2009 590KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 594KB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 11.04.2012 16,5MB 10.0.40219 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 20.03.2009 1,27MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,33MB 4.20.9876.0 myphotobook 3.65 myphotobook 19.06.2009 16,0MB 3.65 Nero 8 Essentials Nero AG 19.03.2009 1,00GB 8.3.465 Nikon Message Center Nikon 03.08.2010 204KB 0.92.000 Nikon Transfer Nikon 03.08.2010 47,4MB 1.1.1 Nussknacker 2 29.07.2009 4,81MB NVIDIA Drivers NVIDIA Corporation 20.08.2009 2,52GB 1.4 NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 20.08.2009 11,9MB 7.15.11.9038 PaperPort Image Printer Nuance Communications, Inc. 22.03.2009 521KB 1.00.0000 PDFCreator Frank Heindörfer, Philip Chinery 19.03.2009 20,4MB 0.9.7 Picture Control Utility Nikon 03.08.2010 18,6MB 1.1.2 QuickTime Apple Inc. 03.08.2010 76,9MB 7.3.1.70 Ravensburger tiptoi 12.05.2012 5,61MB Realtek High Definition Audio Driver Realtek Semiconductor Corp. 19.03.2009 21,4MB 6.0.1.5605 REHADAT-Elan 2008 V REHADAT 21.05.2009 20,9MB ScanSoft PaperPort 11 Nuance Communications, Inc. 22.03.2009 130MB 11.1.0000 SearchAnonymizer 07.11.2012 216KB 1.0.1 (de) Sophos Anti-Rootkit 1.5.0 Sophos Plc 07.11.2012 2,66MB 1.5.0 Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 29.05.2009 29,6MB 9.0.0 sv.net ITSG GmbH 12.07.2012 18,8MB 12.1 System Requirements Lab 20.08.2009 752KB Unity Web Player Unity Technologies ApS 01.06.2012 208KB ViewNX Nikon 03.08.2010 27,5MB 1.1.1 VLC media player 1.1.5 VideoLAN 13.01.2011 78,1MB 1.1.5 VR-NetWorld 05.07.2012 1,94MB Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) GoPro 31.10.2012 03/07/2012 |
|
09.11.2012, 22:22
| #4 | ||||
| /// Helfer-Team | falscher Linkaufruf nach Google oder Yahoo Suche Systembereinigung und Prüfung: ► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück! Nur bei Probleme inzwischen melden! 1. Kannst Du noch die Scanergebnisse posten von: Zitat:
Hast Du in Hosts - C:\Windows\System32\drivers\etc\hosts - eingetragen (also von dir absichtlich)? Wenn ja, warum?: Zitat:
Deinstalliere unter Systemsteuerung-> Software/Programme: Code:
ATTFilter Babylon Chrome Toolbar <- Adware !! Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte. Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert. In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars Zitat:
Zitat:
Code:
ATTFilter :OTL
DRV - (ulisa) -- System32\Drivers\ulisa.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\system32\A331.tmp File not found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.yahoo.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109727&tt=4512_2&babsrc=SP_ss&mntrId=88de93e6000000000000001fe24d9c9f
IE - HKCU\..\SearchScopes\{3BCAF082-E712-46A3-92DD-DBC49DFFB031}: "URL" = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{58D4B204-1AEC-4762-8E85-382CC61C1C26}: "URL" = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{5AB8FD70-30EE-460E-8AD0-7F33D21747D6}: "URL" = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6220E510-1A0E-4936-81A2-7A956AA16574}: "URL" = http://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F66723D6368722D677265656E747265655F69652665693D7574662D3826747970653D39373131363326703D7B7365617263685465726D737D&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&k=0
IE - HKCU\..\SearchScopes\{7708CDBE-F8E4-4EF5-BDD4-0DA0775FB2B5}: "URL" = http://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D26726C7A3D314937414453415F64654445333333&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&k=0
IE - HKCU\..\SearchScopes\{D38EFECB-CE46-4CF9-B0B1-9BF271968D17}: "URL" = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{D73155DA-F7E7-4F86-89DF-2A4E572D84D6}: "URL" = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{F06C5AB8-4C8E-4A8A-B763-6C5D2F05FD6A}: "URL" = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=ccb23f9b-2255-4921-9af5-e646f82e9dc7&pid=ccleanerde&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b2b03f1e-0d2d-11e2-b8a1-001fe24d9c9f}\Shell - "" = AutoRun
O33 - MountPoints2\{b2b03f1e-0d2d-11e2-b8a1-001fe24d9c9f}\Shell\AutoRun\command - "" = J:\PMCsetup.exe
O33 - MountPoints2\{e6479439-af5a-11df-95eb-001fe24d9c9f}\Shell - "" = AutoRun
O33 - MountPoints2\{e6479439-af5a-11df-95eb-001fe24d9c9f}\Shell\AutoRun\command - "" = H:\start.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
5. Deinstalliere : Code:
ATTFilter Adobe Reader 9.5.2
->Adobe Reader - Während der Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") 6. alte Java Version Deinstallieren, neue installieren: Code:
ATTFilter Java(TM) 6 Update 12
Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. -> Warum sollte ich ältere Java-Versionen aus dem System entfernen? 7. Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!: -> Tipps zu Internet Explorer -> Standard Suchmaschine des Explorers ändern -> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8 -> Wie kann ich den Cache im Internet Explorer leeren? 8. Alle Programme/Fenster schliessen reinige dein System mit CCleaner:
9. Vorbereitung
Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!
10. erneut einen Scan mit OTL:
ansonsten sieht gut aus... ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
10.11.2012, 10:32
| #5 |
| | falscher Linkaufruf nach Google oder Yahoo Suche Hallo Kira, vielen Dank für deine schnelle Hilfe. Sophos Scan läuft gerade bei Kaspersky bekomme ich die Meldung Instalations Datei läßt sich nicht runterladen. Auf meinem eigenen Rechner läßt sich das Tool ohne Probleme inst. Reicht der Sophos scann ? Danke Gold7 So ich denke ich habe alles erledigt Code:
ATTFilter 2012-11-10 10:16:05 Sophos Virus Removal Tool version 2.2
2012-11-10 10:16:05 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.
2012-11-10 10:16:05 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2012-11-10 10:16:05 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x100 PT=0x1 Win32
2012-11-10 10:16:05 Checking for updates...
2012-11-10 10:16:18 Option all = no
2012-11-10 10:16:18 Option recurse = yes
2012-11-10 10:16:18 Option archive = no
2012-11-10 10:16:18 Option service = yes
2012-11-10 10:16:18 Option confirm = yes
2012-11-10 10:16:18 Option sxl = yes
2012-11-10 10:16:18 Option max-data-age = 35
2012-11-10 10:16:18 Component SVRTcli.exe version 2.2
2012-11-10 10:16:18 Component control.dll version 2.2
2012-11-10 10:16:18 Component SVRTservice.exe version 2.2
2012-11-10 10:16:18 Component engine\osdp.dll version 1.44.0.2022
2012-11-10 10:16:18 Component engine\veex.dll version 3.37.2.2022
2012-11-10 10:16:18 Component engine\savi.dll version 7.5.10.2022
2012-11-10 10:16:18 Component rkdisk.dll version 1.5.30.0
2012-11-10 10:16:18 Version info: Product version 2.2
2012-11-10 10:16:18 Version info: Detection engine 3.37.2
2012-11-10 10:16:18 Version info: Detection data 4.83
2012-11-10 10:16:18 Version info: Build date 05.11.2012
2012-11-10 10:16:18 Version info: Data files added 227
2012-11-10 10:16:18 Version info: Last successful update (not yet updated)
2012-11-10 10:16:22 Update progress: proxy server not available
2012-11-10 10:17:33 Downloading updates...
2012-11-10 10:17:33 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2012-11-10 10:17:33 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2012-11-10 10:17:33 Update progress: [I49502] Found supplement IDE484 LATEST
2012-11-10 10:17:33 Update progress: [I49502] Found supplement IDE485 LATEST
2012-11-10 10:17:33 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2012-11-10 10:17:33 Update progress: [I19463] Syncing product SAVIW32 21
2012-11-10 10:17:47 Update progress: [I19463] Syncing product IDE484 157
2012-11-10 10:17:48 Update progress: [I19463] Syncing product IDE485 73
2012-11-10 10:17:48 Installing updates...
2012-11-10 10:18:05 Update successful
2012-11-10 10:18:16 Option all = no
2012-11-10 10:18:16 Option recurse = yes
2012-11-10 10:18:16 Option archive = no
2012-11-10 10:18:16 Option service = yes
2012-11-10 10:18:16 Option confirm = yes
2012-11-10 10:18:16 Option sxl = yes
2012-11-10 10:18:16 Option max-data-age = 35
2012-11-10 10:18:16 Component SVRTcli.exe version 2.2
2012-11-10 10:18:16 Component control.dll version 2.2
2012-11-10 10:18:16 Component SVRTservice.exe version 2.2
2012-11-10 10:18:16 Component engine\osdp.dll version 1.44.0.2022
2012-11-10 10:18:16 Component engine\veex.dll version 3.37.2.2022
2012-11-10 10:18:16 Component engine\savi.dll version 7.5.10.2022
2012-11-10 10:18:16 Component rkdisk.dll version 1.5.30.0
2012-11-10 10:18:16 Version info: Product version 2.2
2012-11-10 10:18:16 Version info: Detection engine 3.37.2
2012-11-10 10:18:16 Version info: Detection data 4.83G
2012-11-10 10:18:16 Version info: Build date 05.11.2012
2012-11-10 10:18:16 Version info: Data files added 228
2012-11-10 10:18:16 Version info: Last successful update 10.11.2012 10:18:05
2012-11-10 11:24:14 Could not open C:\hiberfil.sys
2012-11-10 11:24:28 Could not open C:\pagefile.sys
2012-11-10 11:35:25 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-10 11:35:25 Could not open C:\System Volume Information\{4e2c1dec-29a0-11e2-8e74-001fe24d9c9f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-10 11:35:25 Could not open C:\System Volume Information\{7177d741-29e6-11e2-bd0f-001fe24d9c9f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-10 11:35:25 Could not open C:\System Volume Information\{7177d745-29e6-11e2-bd0f-001fe24d9c9f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-10 11:35:25 Could not open C:\System Volume Information\{a31daa16-2918-11e2-a3ba-001fe24d9c9f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-10 11:35:25 Could not open C:\System Volume Information\{a31daa1e-2918-11e2-a3ba-001fe24d9c9f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-10 11:35:25 Could not open C:\System Volume Information\{d0d3059f-2b12-11e2-b254-001fe24d9c9f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-10 11:35:25 Could not open C:\System Volume Information\{f48e7c4d-2a73-11e2-ad94-001fe24d9c9f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-10 11:35:25 Could not open C:\System Volume Information\{f48e7c51-2a73-11e2-ad94-001fe24d9c9f}{3808876b-c176-4e48-b7ae-04046e6cc752}
2012-11-10 11:47:20 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2012-11-10 11:47:20 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2012-11-10 11:47:30 Could not open C:\Windows\System32\config\COMPONENTS
2012-11-10 11:47:30 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
2012-11-10 11:47:30 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2012-11-10 11:47:30 Could not open C:\Windows\System32\config\RegBack\SAM
2012-11-10 11:47:30 Could not open C:\Windows\System32\config\RegBack\SECURITY
2012-11-10 11:47:30 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2012-11-10 11:47:30 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2012-11-10 12:28:27 >>> Virus 'Mal/Generic-L' found in file F:\adwcleaner.exe
2012-11-10 12:28:27 The following items will be cleaned up:
2012-11-10 12:28:27 Mal/Generic-L
3. erledigt 4. erledigt 5. erledigt 6. erledigt 8. ausgeführt 9. Code:
ATTFilter Operating memory probably a variant of Win32/Ponmocup.AA trojan
10. Code:
ATTFilter OTL logfile created on: 10.11.2012 18:32:47 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spiegelberg\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 54,48% Memory free 6,72 Gb Paging File | 5,19 Gb Available in Paging File | 77,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73,73 Gb Total Space | 22,47 Gb Free Space | 30,48% Space Free | Partition Type: NTFS Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS Drive E: | 267,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 7,45 Gb Total Space | 7,03 Gb Free Space | 94,29% Space Free | Partition Type: FAT32 Computer Name: SPIEGELBERG-PC | User Name: Spiegelberg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.09 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe PRC - [2012.11.08 22:58:22 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.11.07 20:23:37 | 000,040,960 | ---- | M] () -- C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2012.10.20 12:46:20 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe PRC - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.16 18:05:15 | 000,083,232 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\ipmgui.exe PRC - [2012.10.16 17:58:34 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.16 17:56:56 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.13 06:39:18 | 000,152,064 | ---- | M] (GoPro) -- C:\Programme\CineForm\Tools\GoProCineFormStatusViewer.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2011.12.16 17:51:20 | 005,992,064 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.08.05 12:13:16 | 000,403,592 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2010.03.06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.11.09 14:54:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.11.09 14:53:57 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.11.09 14:53:35 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.11.09 14:53:26 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.11.09 14:52:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.11.09 14:52:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2011.12.16 17:51:00 | 013,923,280 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2011.12.16 14:37:58 | 000,018,784 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2012.11.07 20:23:37 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.10.20 12:46:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.16 18:06:12 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.16 17:58:34 | 000,560,416 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.10.16 17:57:04 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\FXDrv32.sys -- (FXDrv32) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\detewecp.sys -- (DETEWECP) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.04 12:07:05 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.01.09 16:01:03 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2012.01.09 16:00:46 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012.01.09 16:00:05 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2012.01.09 16:00:02 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt61.sys -- (vidsflt61) DRV - [2012.01.09 15:59:58 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012.01.09 15:59:52 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2011.11.21 18:09:55 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010.08.24 09:36:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.07.14 19:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.01.19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) DRV - [2007.03.09 12:00:40 | 000,808,752 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.firma-und-verein.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D BE 7C 1F 48 BF CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Spiegelberg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2012.11.07 20:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: registryAccess (Enabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2010.08.24 09:52:05 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [Ocs_SM] C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [tptc] C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ravensburger.de ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75A1260F-5C70-4AA5-AE33-6558F0051E48}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92E1A79D-0F16-4AC4-BED2-1FB4744E1D01}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.10 14:58:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.11.10 14:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.10 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.10 14:48:55 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.10 14:48:55 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.10 14:48:55 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.10 14:48:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.10 14:48:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.10 14:48:41 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.10 14:32:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.10 14:28:05 | 000,000,000 | R--D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.11.10 14:21:46 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.10 10:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012.11.10 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.09 17:26:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe [2012.11.09 15:02:53 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.11.09 15:02:52 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.11.09 15:02:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.11.09 15:02:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.11.09 15:02:51 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.11.09 15:02:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.11.09 14:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.11.08 23:15:49 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2012.11.08 23:15:47 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2012.11.08 23:15:47 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2012.11.08 23:14:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2012.11.08 23:14:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2012.11.08 23:14:17 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2012.11.08 23:14:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2012.11.08 23:14:14 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2012.11.08 23:14:14 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2012.11.08 23:14:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2012.11.08 23:14:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2012.11.08 23:14:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2012.11.08 23:14:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2012.11.08 23:14:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2012.11.08 23:14:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2012.11.08 22:58:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:56:48 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 14:33:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2012.11.08 14:33:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2012.11.08 14:33:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2012.11.08 14:33:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2012.11.08 14:33:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.11.08 14:33:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.11.08 14:32:19 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012.11.08 14:31:46 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2012.11.08 14:31:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.11.08 14:30:50 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.11.08 14:30:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012.11.08 14:30:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.11.08 14:30:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.11.08 14:30:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.11.08 14:29:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2012.11.08 14:29:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2012.11.08 14:29:26 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.08 14:28:09 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.11.08 14:28:08 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.11.08 14:26:54 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012.11.08 14:17:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.08 13:59:41 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012.11.08 13:40:34 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.11.08 13:40:34 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.11.08 13:39:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.11.08 13:39:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.11.08 13:39:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.11.08 13:39:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.11.08 13:39:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.11.07 22:57:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.11.07 21:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.07 21:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.11.07 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Malwarebytes [2012.11.07 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.07 21:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.07 21:25:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.07 21:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 20:24:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.11.07 20:24:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.11.07 20:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.07 20:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.11.07 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.07 20:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.07 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:23:38 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.11.07 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:15:13 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.11.07 19:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.11.07 18:59:39 | 000,000,000 | ---D | C] -- C:\TEMP [2012.11.06 16:59:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.05 19:47:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\DoNotTrackPlus [2012.11.05 19:18:32 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Avira [2012.11.05 19:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.05 19:11:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.05 19:11:29 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.05 19:11:29 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.05 19:11:29 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.05 19:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.05 19:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.11.05 19:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.11.03 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\GoPro [2012.10.31 21:05:06 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm [2012.10.31 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.10.31 21:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\GoPro [2012.10.13 06:31:20 | 001,458,176 | ---- | C] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll ========== Files - Modified Within 30 Days ========== [2012.11.10 18:35:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0875EFAD-89D5-413E-BC1E-7CD21774E03F}.job [2012.11.10 18:25:58 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 18:25:58 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.10 17:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.10 17:40:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.10 14:55:23 | 000,061,082 | ---- | M] () -- C:\Users\Spiegelberg\Documents\cc_20121110_145515.reg [2012.11.10 14:48:23 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.10 14:48:18 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.10 14:48:18 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.10 14:48:17 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.10 14:48:17 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.10 14:48:17 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.10 14:38:47 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.11.10 14:32:20 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.10 14:32:20 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.10 14:32:20 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.10 14:32:20 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.10 14:28:27 | 000,173,493 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.11.10 14:28:26 | 000,173,493 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.10 14:27:45 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.10 14:25:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.10 14:25:46 | 3487,752,192 | -HS- | M] () -- C:\hiberfil.sys [2012.11.10 10:15:50 | 000,002,050 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Sophos Virus Removal Tool.lnk [2012.11.09 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe [2012.11.09 14:29:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.11.08 22:58:30 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.11.08 22:58:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 22:58:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:56:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2012.11.08 22:56:48 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 19:19:45 | 000,000,020 | ---- | M] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.07 21:25:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.07 14:05:06 | 000,002,735 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Outlook 2007.lnk [2012.11.07 09:15:18 | 000,002,633 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Excel 2007.lnk [2012.11.05 19:12:48 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | M] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2012.10.30 12:13:25 | 000,002,631 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Word.lnk [2012.10.21 10:28:27 | 000,063,488 | ---- | M] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.20 12:46:21 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.20 12:46:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.13 06:31:20 | 001,458,176 | ---- | M] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll ========== Files Created - No Company Name ========== [2012.11.10 14:55:18 | 000,061,082 | ---- | C] () -- C:\Users\Spiegelberg\Documents\cc_20121110_145515.reg [2012.11.10 14:38:47 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.11.10 14:38:47 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.11.10 10:15:50 | 000,002,050 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\Sophos Virus Removal Tool.lnk [2012.11.09 14:29:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:20 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 19:19:27 | 000,000,020 | ---- | C] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.07 23:07:18 | 000,000,921 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.11.07 21:25:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.05 19:12:48 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2011.11.16 17:44:38 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2011.11.10 11:40:12 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI [2010.12.13 22:49:14 | 000,000,680 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\d3d9caps.dat [2010.12.01 14:15:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Woodwinds [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\designjet [2010.08.03 19:37:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Widgets [2010.08.03 19:33:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.08.29 12:48:01 | 000,023,888 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\UserTile.png [2009.08.21 10:32:16 | 000,173,493 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.20 17:46:30 | 000,173,493 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.26 16:32:26 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.03.19 16:35:29 | 000,001,024 | ---- | C] () -- C:\Users\Spiegelberg\.rnd [2009.03.19 15:16:38 | 000,063,488 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.09 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\405167BC-5A2C-4D80-9C2A-110C87E2065B [2011.11.21 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Acronis [2010.01.13 16:11:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Canon [2012.11.07 20:46:25 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DAEMON Tools Lite [2012.11.07 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.10.31 21:05:06 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2011.07.16 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Heimu [2009.06.20 08:39:13 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\myphotobook [2010.08.03 19:51:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Nikon [2012.11.07 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.05.12 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\RavensburgerTipToi [2010.10.13 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.09 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\TeamViewer [2011.07.14 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Weute ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB51421$] -> Error: Cannot create file handle -> Unknown point type < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.11.2012 18:32:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spiegelberg\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 54,48% Memory free
6,72 Gb Paging File | 5,19 Gb Available in Paging File | 77,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73,73 Gb Total Space | 22,47 Gb Free Space | 30,48% Space Free | Partition Type: NTFS
Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive E: | 267,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 7,45 Gb Total Space | 7,03 Gb Free Space | 94,29% Space Free | Partition Type: FAT32
Computer Name: SPIEGELBERG-PC | User Name: Spiegelberg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E16C3D7B-49BA-4402-83E3-B073B6F532FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EFF1F48-2506-4851-A24A-17FAB3F9C835}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2E3DF92C-2825-4764-8BAE-278885B6A272}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{379608A0-5852-473F-BFDB-7CFDC952E29C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{77EA58B6-9705-4D65-8649-C8F15D91B7FD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AB86C0E1-C327-4EA6-A930-899A063F53B1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BCD4992B-2756-4394-89FB-6721089F55AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF38C860-096D-4DB5-92D4-91BC77BFF335}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{FDE9A7EB-62F6-4A42-B900-BDBAA22A15CF}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{0A136DC9-03F9-41B7-9887-1227181786C3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{2488EA68-BBBC-4977-A88C-4F808EB52124}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B62318B8-B927-4EA9-A538-7FC4956F14CA}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{F49FB033-E8C7-4516-88B9-2F6C4007A829}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{804B100B-F5DE-4695-8CEB-8FA1A6F8425D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8DE28CE4-620D-480F-9B2C-9F544CEBEDCE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{989AB90B-C873-4A1C-A9AD-236F4D0AFA88}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{A0437708-5A69-4246-BB05-60F9C052DAD5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-145C DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam
"{4F9477A1-CD01-4930-A28B-341CEF163879}_is1" = Fachin & Friedrich Toolpaket 9.3 (März 2009)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis*True*Image*Home 2012
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis*True*Image*Home 2012
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD6973A-76F1-487A-AE41-FD77BAAF00C6}" = Firma und Verein
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DesktopIconAmazon" = Desktop Icon für Amazon
"Google Chrome" = Google Chrome
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Nussknacker 2" = Nussknacker 2
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OUTLOOKR" = Microsoft Office Outlook 2007
"Ravensburger tiptoi" = Ravensburger tiptoi
"REHADAT-Elan 2008 V_is1" = REHADAT-Elan 2008 V
"SearchAnonymizer" = SearchAnonymizer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"sv.net" = sv.net
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.09.2011 01:48:17 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.09.2011 01:48:17 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.09.2011 04:41:05 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.09.2011 04:41:05 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.10.2011 11:52:46 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.10.2011 11:52:46 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 23.09.2009 14:28:06 | Computer Name = Spiegelberg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.10.2009 16:36:51 | Computer Name = Spiegelberg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126
seconds with 120 seconds of active time. This session ended with a crash.
Error encountered while reading event logs.
< End of report >
Hallo ich habe gerade eine Googlesuche ausgeführt die hat funktioniert. Mit Yahoo klappt es noch nicht.  Nach der vierten Suche mit Google nur noch Fehlermeldungen http Status 405 |
|
11.11.2012, 08:31
| #6 | ||
| /// Helfer-Team | falscher Linkaufruf nach Google oder Yahoo Suche 1. Du hast deinen Rechner mit zwei Anti-Viren-Programmen generell `geschwächt`: Code:
ATTFilter Avira + Microsoft Security Essentials
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten! Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen. Zitat:
► Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software : -> Removal Tools oder Deinstallationsanleitungen für diverse Antiviren Software ► Uninstaller (Entfernungstools) der häufigsten Antivirus Softwares also Entscheide Dich für NUR einen Virenscanner und benutze diesen regelmäßig! 2. Windows Defender: Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender Windows Defender komplett deaktivieren Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe) Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen. Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen. Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen. Start => services.msc ins Suchfeld eingeben. Es öffnet sich das Fenster der Dienste Doppelklick auf den Dienst "Windows Defender" Starttyp auf "Manuell" umstellen. Dienststatus beenden, falls der Dienst noch gestartet ist. ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 3. kann deinstalliert werden: Sophos Anti-Rootkit 4. zu Kaspersky: noch vorhandene Reste antfernen -> suche mit der Suchfunktion von Windows 5. Zitat:
Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
6. erneut einen Scan mit OTL:
__________________ --> falscher Linkaufruf nach Google oder Yahoo Suche |
|
11.11.2012, 11:57
| #7 |
| | falscher Linkaufruf nach Google oder Yahoo Suche Hier schon einmal die OTL FIX Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Spiegelberg\Desktop\cmd.bat deleted successfully.
C:\Users\Spiegelberg\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Anne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Anne.Spiegelberg-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Spiegelberg
->Temp folder emptied: 50670593 bytes
->Temporary Internet Files folder emptied: 48447581 bytes
->Java cache emptied: 1880 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 1290821 bytes
->Flash cache emptied: 602 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22098 bytes
RecycleBin emptied: 179984 bytes
Total Files Cleaned = 96,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11112012_115044
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 11.11.2012 11:58:13 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spiegelberg\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 60,32% Memory free 6,68 Gb Paging File | 5,38 Gb Available in Paging File | 80,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73,73 Gb Total Space | 22,54 Gb Free Space | 30,57% Space Free | Partition Type: NTFS Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS Drive F: | 7,45 Gb Total Space | 7,16 Gb Free Space | 96,07% Space Free | Partition Type: FAT32 Computer Name: SPIEGELBERG-PC | User Name: Spiegelberg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.09 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe PRC - [2012.11.08 22:58:22 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.11.07 20:23:37 | 000,040,960 | ---- | M] () -- C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2012.10.20 12:46:20 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2012.09.12 16:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MpCmdRun.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2011.12.16 17:51:20 | 005,992,064 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.08.05 12:13:16 | 000,403,592 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2011.12.16 17:51:00 | 013,923,280 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2011.12.16 14:37:58 | 000,018,784 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ========== Services (SafeList) ========== SRV - [2012.11.07 20:23:37 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.10.20 12:46:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\4E10.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\FXDrv32.sys -- (FXDrv32) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\detewecp.sys -- (DETEWECP) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.01.09 16:01:03 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2012.01.09 16:00:46 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012.01.09 16:00:05 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2012.01.09 16:00:02 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt61.sys -- (vidsflt61) DRV - [2012.01.09 15:59:58 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012.01.09 15:59:52 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2011.11.21 18:09:55 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010.08.24 09:36:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.07.14 19:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.01.19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) DRV - [2007.03.09 12:00:40 | 000,808,752 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.firma-und-verein.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D BE 7C 1F 48 BF CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Spiegelberg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2012.11.07 20:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: registryAccess (Enabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2010.08.24 09:52:05 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [Ocs_SM] C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [tptc] C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ravensburger.de ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75A1260F-5C70-4AA5-AE33-6558F0051E48}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92E1A79D-0F16-4AC4-BED2-1FB4744E1D01}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.11 11:53:49 | 000,000,000 | R--D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.11.11 11:48:59 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\Opera [2012.11.11 11:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012.11.10 14:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.10 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.10 14:48:55 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.10 14:48:55 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.10 14:48:55 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.10 14:48:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.10 14:48:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.10 14:48:41 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.10 14:32:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.10 14:21:46 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.10 10:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012.11.10 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.09 17:26:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe [2012.11.09 15:02:53 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.11.09 15:02:52 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.11.09 15:02:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.11.09 15:02:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.11.09 15:02:51 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.11.09 15:02:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.11.09 14:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.11.08 23:15:49 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2012.11.08 23:15:47 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2012.11.08 23:15:47 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2012.11.08 23:14:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2012.11.08 23:14:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2012.11.08 23:14:17 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2012.11.08 23:14:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2012.11.08 23:14:14 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2012.11.08 23:14:14 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2012.11.08 23:14:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2012.11.08 23:14:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2012.11.08 23:14:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2012.11.08 23:14:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2012.11.08 23:14:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2012.11.08 23:14:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2012.11.08 22:58:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:56:48 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 14:33:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2012.11.08 14:33:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2012.11.08 14:33:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2012.11.08 14:33:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2012.11.08 14:33:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.11.08 14:33:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.11.08 14:32:19 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012.11.08 14:31:46 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2012.11.08 14:31:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.11.08 14:30:50 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.11.08 14:30:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012.11.08 14:30:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.11.08 14:30:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.11.08 14:30:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.11.08 14:29:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2012.11.08 14:29:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2012.11.08 14:29:26 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.08 14:28:09 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.11.08 14:28:08 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.11.08 14:26:54 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012.11.08 14:17:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.08 13:59:41 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012.11.08 13:40:34 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.11.08 13:40:34 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.11.08 13:39:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.11.08 13:39:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.11.08 13:39:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.11.08 13:39:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.11.08 13:39:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.11.07 22:57:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.11.07 21:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.07 21:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.11.07 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Malwarebytes [2012.11.07 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.07 21:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.07 21:25:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.07 21:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 20:24:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.11.07 20:24:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.11.07 20:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.07 20:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.11.07 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.07 20:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.07 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:23:38 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.11.07 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:15:13 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.11.07 19:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.11.07 18:59:39 | 000,000,000 | ---D | C] -- C:\TEMP [2012.11.06 16:59:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.05 19:47:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\DoNotTrackPlus [2012.11.05 19:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.11.05 19:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.11.03 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\GoPro [2012.10.31 21:05:06 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm [2012.10.31 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.10.31 21:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\GoPro [2012.10.13 06:31:20 | 001,458,176 | ---- | C] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll ========== Files - Modified Within 30 Days ========== [2012.11.11 12:00:53 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.11 12:00:53 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.11 12:00:53 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.11 12:00:53 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.11 12:00:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0875EFAD-89D5-413E-BC1E-7CD21774E03F}.job [2012.11.11 11:54:16 | 000,173,493 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.11.11 11:54:16 | 000,173,493 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.11 11:53:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.11 11:53:19 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 11:53:19 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 11:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.11 11:53:00 | 3487,752,192 | -HS- | M] () -- C:\hiberfil.sys [2012.11.11 11:48:51 | 000,001,620 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.11.11 11:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.11 11:40:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.11 10:26:21 | 000,002,649 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Sophos Virus Removal Tool.lnk [2012.11.10 19:04:59 | 003,728,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.10 14:55:23 | 000,061,082 | ---- | M] () -- C:\Users\Spiegelberg\Documents\cc_20121110_145515.reg [2012.11.10 14:48:23 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.10 14:48:18 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.10 14:48:18 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.10 14:48:17 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.10 14:48:17 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.10 14:48:17 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.10 14:38:47 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.11.09 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe [2012.11.09 14:29:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.11.08 22:58:30 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.11.08 22:58:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 22:58:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:56:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2012.11.08 22:56:48 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 19:19:45 | 000,000,020 | ---- | M] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.07 21:25:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.07 14:05:06 | 000,002,735 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Outlook 2007.lnk [2012.11.07 09:15:18 | 000,002,633 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Excel 2007.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | M] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2012.10.30 12:13:25 | 000,002,631 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Word.lnk [2012.10.21 10:28:27 | 000,063,488 | ---- | M] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.20 12:46:21 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.20 12:46:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.13 06:31:20 | 001,458,176 | ---- | M] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll ========== Files Created - No Company Name ========== [2012.11.11 11:48:51 | 000,001,632 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.11.11 11:48:51 | 000,001,620 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.11.10 19:02:54 | 003,728,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.10 14:55:18 | 000,061,082 | ---- | C] () -- C:\Users\Spiegelberg\Documents\cc_20121110_145515.reg [2012.11.10 14:38:47 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.11.10 14:38:47 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.11.10 10:15:50 | 000,002,649 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\Sophos Virus Removal Tool.lnk [2012.11.09 14:29:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:20 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 19:19:27 | 000,000,020 | ---- | C] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.07 23:07:18 | 000,000,921 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.11.07 21:25:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2011.11.16 17:44:38 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2011.11.10 11:40:12 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI [2010.12.13 22:49:14 | 000,000,680 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\d3d9caps.dat [2010.12.01 14:15:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Woodwinds [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\designjet [2010.08.03 19:37:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Widgets [2010.08.03 19:33:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.08.29 12:48:01 | 000,023,888 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\UserTile.png [2009.08.21 10:32:16 | 000,173,493 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.20 17:46:30 | 000,173,493 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.26 16:32:26 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.03.19 16:35:29 | 000,001,024 | ---- | C] () -- C:\Users\Spiegelberg\.rnd [2009.03.19 15:16:38 | 000,063,488 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.09 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\405167BC-5A2C-4D80-9C2A-110C87E2065B [2011.11.21 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Acronis [2010.01.13 16:11:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Canon [2012.11.07 20:46:25 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DAEMON Tools Lite [2012.11.07 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.10.31 21:05:06 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2011.07.16 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Heimu [2009.06.20 08:39:13 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\myphotobook [2010.08.03 19:51:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Nikon [2012.11.07 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.05.12 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\RavensburgerTipToi [2010.10.13 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.09 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\TeamViewer [2011.07.14 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Weute ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB51421$] -> Error: Cannot create file handle -> Unknown point type < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.11.2012 11:58:13 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spiegelberg\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 60,32% Memory free
6,68 Gb Paging File | 5,38 Gb Available in Paging File | 80,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73,73 Gb Total Space | 22,54 Gb Free Space | 30,57% Space Free | Partition Type: NTFS
Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 7,16 Gb Free Space | 96,07% Space Free | Partition Type: FAT32
Computer Name: SPIEGELBERG-PC | User Name: Spiegelberg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E16C3D7B-49BA-4402-83E3-B073B6F532FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EFF1F48-2506-4851-A24A-17FAB3F9C835}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{26BC4C0A-E191-4792-998A-BC3EF385E6A8}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{2E3DF92C-2825-4764-8BAE-278885B6A272}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{379608A0-5852-473F-BFDB-7CFDC952E29C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{77EA58B6-9705-4D65-8649-C8F15D91B7FD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AB86C0E1-C327-4EA6-A930-899A063F53B1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BCD4992B-2756-4394-89FB-6721089F55AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF38C860-096D-4DB5-92D4-91BC77BFF335}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{FDE9A7EB-62F6-4A42-B900-BDBAA22A15CF}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{FF1420AC-F18E-47E6-96A3-D16D6C333462}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{0A136DC9-03F9-41B7-9887-1227181786C3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{2488EA68-BBBC-4977-A88C-4F808EB52124}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B62318B8-B927-4EA9-A538-7FC4956F14CA}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{F49FB033-E8C7-4516-88B9-2F6C4007A829}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{804B100B-F5DE-4695-8CEB-8FA1A6F8425D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8DE28CE4-620D-480F-9B2C-9F544CEBEDCE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{989AB90B-C873-4A1C-A9AD-236F4D0AFA88}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{A0437708-5A69-4246-BB05-60F9C052DAD5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-145C DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam
"{4F9477A1-CD01-4930-A28B-341CEF163879}_is1" = Fachin & Friedrich Toolpaket 9.3 (März 2009)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis*True*Image*Home 2012
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis*True*Image*Home 2012
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD6973A-76F1-487A-AE41-FD77BAAF00C6}" = Firma und Verein
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DesktopIconAmazon" = Desktop Icon für Amazon
"Google Chrome" = Google Chrome
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Nussknacker 2" = Nussknacker 2
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.10.1652" = Opera 12.10
"OUTLOOKR" = Microsoft Office Outlook 2007
"Ravensburger tiptoi" = Ravensburger tiptoi
"REHADAT-Elan 2008 V_is1" = REHADAT-Elan 2008 V
"SearchAnonymizer" = SearchAnonymizer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"sv.net" = sv.net
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.09.2011 01:48:17 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.09.2011 01:48:17 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.09.2011 04:41:05 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.09.2011 04:41:05 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.10.2011 11:52:46 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.10.2011 11:52:46 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 23.09.2009 14:28:06 | Computer Name = Spiegelberg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.10.2009 16:36:51 | Computer Name = Spiegelberg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126
seconds with 120 seconds of active time. This session ended with a crash.
Error encountered while reading event logs.
< End of report >
|
|
11.11.2012, 12:55
| #8 |
| | falscher Linkaufruf nach Google oder Yahoo Suche und hier die otl.txt Code:
ATTFilter OTL logfile created on: 11.11.2012 11:58:13 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spiegelberg\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 60,32% Memory free 6,68 Gb Paging File | 5,38 Gb Available in Paging File | 80,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73,73 Gb Total Space | 22,54 Gb Free Space | 30,57% Space Free | Partition Type: NTFS Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS Drive F: | 7,45 Gb Total Space | 7,16 Gb Free Space | 96,07% Space Free | Partition Type: FAT32 Computer Name: SPIEGELBERG-PC | User Name: Spiegelberg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.09 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe PRC - [2012.11.08 22:58:22 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.11.07 20:23:37 | 000,040,960 | ---- | M] () -- C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2012.10.20 12:46:20 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2012.09.12 16:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MpCmdRun.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2011.12.16 17:51:20 | 005,992,064 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.08.05 12:13:16 | 000,403,592 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2011.12.16 17:51:00 | 013,923,280 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2011.12.16 14:37:58 | 000,018,784 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ========== Services (SafeList) ========== SRV - [2012.11.07 20:23:37 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.10.20 12:46:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\4E10.tmp -- (MEMSWEEP2) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\FXDrv32.sys -- (FXDrv32) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\detewecp.sys -- (DETEWECP) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.01.09 16:01:03 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2012.01.09 16:00:46 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012.01.09 16:00:05 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2012.01.09 16:00:02 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt61.sys -- (vidsflt61) DRV - [2012.01.09 15:59:58 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012.01.09 15:59:52 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2011.11.21 18:09:55 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010.08.24 09:36:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.07.14 19:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.01.19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) DRV - [2007.03.09 12:00:40 | 000,808,752 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.firma-und-verein.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D BE 7C 1F 48 BF CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Spiegelberg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2012.11.07 20:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: registryAccess (Enabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2010.08.24 09:52:05 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [Ocs_SM] C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [tptc] C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ravensburger.de ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75A1260F-5C70-4AA5-AE33-6558F0051E48}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92E1A79D-0F16-4AC4-BED2-1FB4744E1D01}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.11 11:53:49 | 000,000,000 | R--D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.11.11 11:48:59 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\Opera [2012.11.11 11:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012.11.10 14:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.10 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.10 14:48:55 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.10 14:48:55 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.10 14:48:55 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.10 14:48:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.10 14:48:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.10 14:48:41 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.10 14:32:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.10 14:21:46 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.10 10:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2012.11.10 10:15:50 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.09 17:26:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe [2012.11.09 15:02:53 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.11.09 15:02:52 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.11.09 15:02:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.11.09 15:02:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.11.09 15:02:51 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.11.09 15:02:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.11.09 14:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.11.08 23:15:49 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2012.11.08 23:15:47 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2012.11.08 23:15:47 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2012.11.08 23:14:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2012.11.08 23:14:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2012.11.08 23:14:17 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2012.11.08 23:14:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2012.11.08 23:14:14 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2012.11.08 23:14:14 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2012.11.08 23:14:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2012.11.08 23:14:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2012.11.08 23:14:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2012.11.08 23:14:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2012.11.08 23:14:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2012.11.08 23:14:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2012.11.08 22:58:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:56:48 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 14:33:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2012.11.08 14:33:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2012.11.08 14:33:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2012.11.08 14:33:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2012.11.08 14:33:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.11.08 14:33:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.11.08 14:32:19 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012.11.08 14:31:46 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2012.11.08 14:31:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.11.08 14:30:50 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.11.08 14:30:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012.11.08 14:30:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.11.08 14:30:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.11.08 14:30:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.11.08 14:29:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2012.11.08 14:29:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2012.11.08 14:29:26 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.08 14:28:09 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.11.08 14:28:08 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.11.08 14:26:54 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012.11.08 14:17:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.08 13:59:41 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012.11.08 13:40:34 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.11.08 13:40:34 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.11.08 13:39:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.11.08 13:39:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.11.08 13:39:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.11.08 13:39:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.11.08 13:39:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.11.07 22:57:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.11.07 21:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.11.07 21:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.11.07 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Malwarebytes [2012.11.07 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.07 21:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.07 21:25:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.07 21:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 20:24:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.11.07 20:24:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.11.07 20:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.07 20:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.11.07 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.07 20:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.07 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:23:38 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.11.07 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:15:13 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.11.07 19:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012.11.07 18:59:39 | 000,000,000 | ---D | C] -- C:\TEMP [2012.11.06 16:59:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.05 19:47:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\DoNotTrackPlus [2012.11.05 19:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.11.05 19:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.11.03 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\GoPro [2012.10.31 21:05:06 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm [2012.10.31 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.10.31 21:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\GoPro [2012.10.13 06:31:20 | 001,458,176 | ---- | C] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll ========== Files - Modified Within 30 Days ========== [2012.11.11 12:00:53 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.11 12:00:53 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.11 12:00:53 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.11 12:00:53 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.11 12:00:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0875EFAD-89D5-413E-BC1E-7CD21774E03F}.job [2012.11.11 11:54:16 | 000,173,493 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.11.11 11:54:16 | 000,173,493 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.11 11:53:25 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.11 11:53:19 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 11:53:19 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 11:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.11 11:53:00 | 3487,752,192 | -HS- | M] () -- C:\hiberfil.sys [2012.11.11 11:48:51 | 000,001,620 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.11.11 11:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.11 11:40:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.11 10:26:21 | 000,002,649 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Sophos Virus Removal Tool.lnk [2012.11.10 19:04:59 | 003,728,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.10 14:55:23 | 000,061,082 | ---- | M] () -- C:\Users\Spiegelberg\Documents\cc_20121110_145515.reg [2012.11.10 14:48:23 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.10 14:48:18 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.10 14:48:18 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.10 14:48:17 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.10 14:48:17 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.10 14:48:17 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.10 14:38:47 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.11.09 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe [2012.11.09 14:29:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.11.08 22:58:30 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.11.08 22:58:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 22:58:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:56:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2012.11.08 22:56:48 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 19:19:45 | 000,000,020 | ---- | M] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.07 21:25:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.07 14:05:06 | 000,002,735 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Outlook 2007.lnk [2012.11.07 09:15:18 | 000,002,633 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Excel 2007.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | M] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2012.10.30 12:13:25 | 000,002,631 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Word.lnk [2012.10.21 10:28:27 | 000,063,488 | ---- | M] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.20 12:46:21 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.20 12:46:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.13 06:31:20 | 001,458,176 | ---- | M] (CineForm Inc.) -- C:\Windows\System32\CFHD.dll ========== Files Created - No Company Name ========== [2012.11.11 11:48:51 | 000,001,632 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.11.11 11:48:51 | 000,001,620 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.11.10 19:02:54 | 003,728,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.10 14:55:18 | 000,061,082 | ---- | C] () -- C:\Users\Spiegelberg\Documents\cc_20121110_145515.reg [2012.11.10 14:38:47 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.11.10 14:38:47 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.11.10 10:15:50 | 000,002,649 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\Sophos Virus Removal Tool.lnk [2012.11.09 14:29:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:20 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 19:19:27 | 000,000,020 | ---- | C] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.07 23:07:18 | 000,000,921 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.11.07 21:25:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2011.11.16 17:44:38 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2011.11.10 11:40:12 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI [2010.12.13 22:49:14 | 000,000,680 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\d3d9caps.dat [2010.12.01 14:15:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Woodwinds [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\designjet [2010.08.03 19:37:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Widgets [2010.08.03 19:33:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.08.29 12:48:01 | 000,023,888 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\UserTile.png [2009.08.21 10:32:16 | 000,173,493 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.20 17:46:30 | 000,173,493 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.26 16:32:26 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.03.19 16:35:29 | 000,001,024 | ---- | C] () -- C:\Users\Spiegelberg\.rnd [2009.03.19 15:16:38 | 000,063,488 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.09 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\405167BC-5A2C-4D80-9C2A-110C87E2065B [2011.11.21 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Acronis [2010.01.13 16:11:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Canon [2012.11.07 20:46:25 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DAEMON Tools Lite [2012.11.07 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.10.31 21:05:06 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2011.07.16 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Heimu [2009.06.20 08:39:13 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\myphotobook [2010.08.03 19:51:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Nikon [2012.11.07 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.05.12 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\RavensburgerTipToi [2010.10.13 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.09 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\TeamViewer [2011.07.14 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Weute ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB51421$] -> Error: Cannot create file handle -> Unknown point type < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.11.2012 11:58:13 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spiegelberg\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 60,32% Memory free
6,68 Gb Paging File | 5,38 Gb Available in Paging File | 80,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73,73 Gb Total Space | 22,54 Gb Free Space | 30,57% Space Free | Partition Type: NTFS
Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 7,16 Gb Free Space | 96,07% Space Free | Partition Type: FAT32
Computer Name: SPIEGELBERG-PC | User Name: Spiegelberg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E16C3D7B-49BA-4402-83E3-B073B6F532FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EFF1F48-2506-4851-A24A-17FAB3F9C835}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{26BC4C0A-E191-4792-998A-BC3EF385E6A8}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{2E3DF92C-2825-4764-8BAE-278885B6A272}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{379608A0-5852-473F-BFDB-7CFDC952E29C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{77EA58B6-9705-4D65-8649-C8F15D91B7FD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AB86C0E1-C327-4EA6-A930-899A063F53B1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BCD4992B-2756-4394-89FB-6721089F55AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF38C860-096D-4DB5-92D4-91BC77BFF335}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{FDE9A7EB-62F6-4A42-B900-BDBAA22A15CF}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{FF1420AC-F18E-47E6-96A3-D16D6C333462}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{0A136DC9-03F9-41B7-9887-1227181786C3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{2488EA68-BBBC-4977-A88C-4F808EB52124}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{B62318B8-B927-4EA9-A538-7FC4956F14CA}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{F49FB033-E8C7-4516-88B9-2F6C4007A829}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{804B100B-F5DE-4695-8CEB-8FA1A6F8425D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8DE28CE4-620D-480F-9B2C-9F544CEBEDCE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{989AB90B-C873-4A1C-A9AD-236F4D0AFA88}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{A0437708-5A69-4246-BB05-60F9C052DAD5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-145C DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam
"{4F9477A1-CD01-4930-A28B-341CEF163879}_is1" = Fachin & Friedrich Toolpaket 9.3 (März 2009)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis*True*Image*Home 2012
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis*True*Image*Home 2012
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD6973A-76F1-487A-AE41-FD77BAAF00C6}" = Firma und Verein
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DesktopIconAmazon" = Desktop Icon für Amazon
"Google Chrome" = Google Chrome
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Nussknacker 2" = Nussknacker 2
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.10.1652" = Opera 12.10
"OUTLOOKR" = Microsoft Office Outlook 2007
"Ravensburger tiptoi" = Ravensburger tiptoi
"REHADAT-Elan 2008 V_is1" = REHADAT-Elan 2008 V
"SearchAnonymizer" = SearchAnonymizer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"sv.net" = sv.net
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.09.2011 01:48:17 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 29.09.2011 01:48:17 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.09.2011 04:41:05 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.09.2011 04:41:05 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.10.2011 11:52:46 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.10.2011 11:52:46 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 23.09.2009 14:28:06 | Computer Name = Spiegelberg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.10.2009 16:36:51 | Computer Name = Spiegelberg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126
seconds with 120 seconds of active time. This session ended with a crash.
Error encountered while reading event logs.
< End of report >
Es währe ja zu schön gewesen  Eine Suchanfrage hat funktioniert die nächsten wurden wieder umgeleitet  |
|
12.11.2012, 06:16
| #9 | |
| /// Helfer-Team | falscher Linkaufruf nach Google oder Yahoo Suche 1. CD-Emulatoren mit DeFogger deaktivieren Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen. Lade DeFogger herunter und speichere es auf Deinem Desktop. Doppelklicke DeFogger, um das Tool zu starten.
2. Zitat:
Code:
ATTFilter :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\4E10.tmp -- (MEMSWEEP2)
O4 - HKLM..\Run: [NWEReboot] File not found
:Files
C:\ProgramData\Sophos
C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
C:\Program Files\Sophos
C:\ProgramData\Kaspersky Lab
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
3. Windows Defender - vollkommen abstellen und auch so belassen!: ► unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart-> Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 4. Hast Du zur Zone Vertrauenswürdige Sites absichtlich hinzugefügt? einer Reihe der von dir besuchten Websites vollständig vertrauen?: Code:
ATTFilter ravensburger.de
5. Rogue- und FakeAV-Programme mit RogueKiller entfernen
6. erneut einen Scan mit OTL:
7.
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
12.11.2012, 16:06
| #10 |
| | falscher Linkaufruf nach Google oder Yahoo Suche Hier die logs Code:
ATTFilter All processes killed
========== OTL ==========
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File C:\Windows\system32\4E10.tmp not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
========== FILES ==========
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\SXLSUP folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\SAVIW32 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE485 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE484 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE483 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE482 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE481 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE480 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE479 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE478 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE477 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE476 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE475 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE474 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE473 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE472 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE471 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\IDE470 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\HIPS folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\catalogue folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\C1A903B2-E63E-483b-982D-04BB9C457C60 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep\280D5B59-4BF7-40a9-9C08-1BE7A11A5058 folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\LocalRep folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Config folder moved successfully.
C:\ProgramData\Sophos\Sophos Virus Removal Tool folder moved successfully.
C:\ProgramData\Sophos folder moved successfully.
C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Virus Removal Tool folder moved successfully.
C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Anti-Rootkit folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos folder moved successfully.
C:\Program Files\Sophos\Sophos Virus Removal Tool\skmscan folder moved successfully.
C:\Program Files\Sophos\Sophos Virus Removal Tool\SCTBootDriver folder moved successfully.
C:\Program Files\Sophos\Sophos Virus Removal Tool\engine folder moved successfully.
C:\Program Files\Sophos\Sophos Virus Removal Tool folder moved successfully.
C:\Program Files\Sophos\Sophos Anti-Rootkit folder moved successfully.
C:\Program Files\Sophos folder moved successfully.
C:\ProgramData\Kaspersky Lab folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Spiegelberg\Desktop\cmd.bat deleted successfully.
C:\Users\Spiegelberg\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Anne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Anne.Spiegelberg-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Spiegelberg
->Temp folder emptied: 36567 bytes
->Temporary Internet Files folder emptied: 6570735 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3372 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11122012_143133
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter RogueKiller V8.2.3 [11/07/2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com
Kommentare: hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: hxxp://tigzy.geekstogo.com/roguekiller.php
Blog: hxxp://tigzyrk.blogspot.com
Betriebssystem: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Gestartet in : Normaler Modus
Benutzer : Spiegelberg [Admin Rechte]
Funktion : Scannen -- Datum : 11/12/2012 14:43:57
¤¤¤ Böswillige Prozesse : 1 ¤¤¤
[SUSP PATH] SearchAnonymizerHelper.exe -- C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -> GELÖSCHT [TermProc]
¤¤¤ Registry-Einträge : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : tptc (rundll32 "C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll",mlvx) -> GEFUNDEN
[RUN][SUSP PATH] HKLM\[...]\Run : PPort11reminder ("C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini") -> GEFUNDEN
[RUN][SUSP PATH] HKLM\[...]\Run : Ocs_SM (C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizer.exe) -> GEFUNDEN
[RUN][SUSP PATH] HKUS\S-1-5-21-4278373676-3331182233-472416073-1000[...]\Run : tptc (rundll32 "C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll",mlvx) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> GEFUNDEN
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> GEFUNDEN
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> GEFUNDEN
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> GEFUNDEN
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> GEFUNDEN
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> GEFUNDEN
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll) -> GEFUNDEN
¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤
¤¤¤ Treiber : [GELADEN] ¤¤¤
¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 activate.adobe.com
¤¤¤ MBR überprüfen: ¤¤¤
+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] 19e2725259a2a037ed08287ac3219021
[BSP] ef95f5c508b54ff21d5486b777c4b090 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 75500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 154626048 | Size: 77125 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] 71f7d3f463d2134b8b844da92f99d71d
[BSP] 9ac60b870b7952efb1e25d75f64c00e1 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 7647 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Abgeschlossen : << RKreport[1]_S_11122012_02d1443.txt >>
RKreport[1]_S_11122012_02d1443.txt
Code:
ATTFilter OTL logfile created on: 12.11.2012 14:46:47 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spiegelberg\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 56,84% Memory free 6,73 Gb Paging File | 5,27 Gb Available in Paging File | 78,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 73,73 Gb Total Space | 23,30 Gb Free Space | 31,60% Space Free | Partition Type: NTFS Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS Drive F: | 7,45 Gb Total Space | 7,16 Gb Free Space | 96,07% Space Free | Partition Type: FAT32 Computer Name: SPIEGELBERG-PC | User Name: Spiegelberg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.12 14:39:53 | 000,662,016 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\RogueKiller_8.2.3.exe PRC - [2012.11.09 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe PRC - [2012.11.08 22:58:22 | 000,748,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.10.20 12:46:20 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe PRC - [2012.10.13 06:39:18 | 000,152,064 | ---- | M] (GoPro) -- C:\Programme\CineForm\Tools\GoProCineFormStatusViewer.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\NisSrv.exe PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2011.12.16 17:51:20 | 005,992,064 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.08.05 12:13:16 | 000,403,592 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.26 14:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.11.09 14:54:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.11.09 14:53:57 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.11.09 14:53:35 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.11.09 14:53:26 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.11.09 14:52:22 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.11.09 14:52:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2012.10.11 12:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll MOD - [2011.12.16 17:51:00 | 013,923,280 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2011.12.16 14:37:58 | 000,018,784 | ---- | M] () -- C:\Programme\Acronis\TrueImageHome\ti_managers_proxy_stub.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV - [2012.11.07 20:23:37 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Spiegelberg\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.10.20 12:46:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.01.09 16:01:00 | 003,483,600 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.12.16 17:53:00 | 005,891,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2011.08.05 12:13:14 | 000,809,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 11:28:00 | 000,239,648 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\FXDrv32.sys -- (FXDrv32) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\detewecp.sys -- (DETEWECP) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.01.09 16:01:03 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2012.01.09 16:00:46 | 000,766,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2012.01.09 16:00:05 | 000,126,144 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2012.01.09 16:00:02 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt61.sys -- (vidsflt61) DRV - [2012.01.09 15:59:58 | 000,170,752 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2012.01.09 15:59:52 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2011.11.21 18:09:55 | 000,609,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010.08.24 09:36:05 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.07.14 19:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.04.11 05:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.01.19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) DRV - [2007.03.09 12:00:40 | 000,808,752 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.firma-und-verein.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D BE 7C 1F 48 BF CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Spiegelberg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) [2012.11.07 20:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: registryAccess (Enabled) = C:\Users\Spiegelberg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2010.08.24 09:52:05 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75A1260F-5C70-4AA5-AE33-6558F0051E48}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92E1A79D-0F16-4AC4-BED2-1FB4744E1D01}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.12 14:40:46 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\Desktop\RK_Quarantine [2012.11.12 14:33:47 | 000,000,000 | R--D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8 [2012.11.11 11:48:59 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\Opera [2012.11.11 11:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2012.11.10 14:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.11.10 14:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.11.10 14:48:55 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.10 14:48:55 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.10 14:48:55 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.10 14:48:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.10 14:48:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.10 14:48:41 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.10 14:32:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.11.10 14:21:46 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.09 17:26:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe [2012.11.09 15:02:53 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.11.09 15:02:52 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.11.09 15:02:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.11.09 15:02:51 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.11.09 15:02:51 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.11.09 15:02:51 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.11.09 14:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.11.08 23:15:49 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2012.11.08 23:15:47 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll [2012.11.08 23:15:47 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll [2012.11.08 23:14:21 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll [2012.11.08 23:14:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe [2012.11.08 23:14:17 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll [2012.11.08 23:14:14 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll [2012.11.08 23:14:14 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll [2012.11.08 23:14:14 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll [2012.11.08 23:14:14 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll [2012.11.08 23:14:14 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll [2012.11.08 23:14:14 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll [2012.11.08 23:14:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll [2012.11.08 23:14:14 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll [2012.11.08 23:14:13 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll [2012.11.08 22:58:22 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:56:48 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 14:33:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2012.11.08 14:33:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2012.11.08 14:33:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2012.11.08 14:33:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2012.11.08 14:33:45 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.11.08 14:33:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.11.08 14:32:19 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012.11.08 14:31:46 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2012.11.08 14:31:36 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.11.08 14:30:50 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.11.08 14:30:38 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012.11.08 14:30:22 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.11.08 14:30:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.11.08 14:30:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.11.08 14:29:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2012.11.08 14:29:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2012.11.08 14:29:26 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.08 14:28:09 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.11.08 14:28:08 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.11.08 14:26:54 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2012.11.08 14:17:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.11.08 13:59:41 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012.11.08 13:40:34 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.11.08 13:40:34 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.11.08 13:39:39 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.11.08 13:39:39 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.11.08 13:39:39 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.11.08 13:39:30 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.11.08 13:39:30 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.11.07 22:57:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.11.07 22:57:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.11.07 21:26:10 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Malwarebytes [2012.11.07 21:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.07 21:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.07 21:25:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.07 21:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.07 20:24:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2012.11.07 20:24:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2012.11.07 20:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2012.11.07 20:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.11.07 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.11.07 20:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.11.07 20:23:45 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:23:38 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.11.07 20:23:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:15:13 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.11.07 18:59:39 | 000,000,000 | ---D | C] -- C:\TEMP [2012.11.06 16:59:54 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.11.05 19:47:37 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\DoNotTrackPlus [2012.11.05 19:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.11.05 19:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.11.03 17:33:29 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Local\GoPro [2012.10.31 21:05:06 | 000,000,000 | ---D | C] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2012.10.31 21:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm [2012.10.31 21:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.10.31 21:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\GoPro ========== Files - Modified Within 30 Days ========== [2012.11.12 14:50:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0875EFAD-89D5-413E-BC1E-7CD21774E03F}.job [2012.11.12 14:46:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.12 14:40:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.11.12 14:39:53 | 000,662,016 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\RogueKiller_8.2.3.exe [2012.11.12 14:39:36 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.12 14:39:36 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.12 14:39:36 | 000,127,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.12 14:39:36 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.12 14:34:00 | 000,173,493 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.11.12 14:34:00 | 000,173,493 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.12 14:33:21 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.11.12 14:33:13 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 14:33:12 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 14:33:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.12 14:32:57 | 3487,752,192 | -HS- | M] () -- C:\hiberfil.sys [2012.11.11 11:48:51 | 000,001,620 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2012.11.11 10:26:21 | 000,002,649 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Sophos Virus Removal Tool.lnk [2012.11.10 19:04:59 | 003,728,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.10 14:55:23 | 000,061,082 | ---- | M] () -- C:\Users\Spiegelberg\Documents\cc_20121110_145515.reg [2012.11.10 14:48:23 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.10 14:48:18 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.10 14:48:18 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.10 14:48:17 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.11.10 14:48:17 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.10 14:48:17 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.10 14:38:47 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.11.09 17:26:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Spiegelberg\Desktop\OTL.exe [2012.11.09 14:29:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:30 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.11.08 22:58:30 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.11.08 22:58:22 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2012.11.08 22:58:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2012.11.08 22:58:22 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.08 22:58:21 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.08 22:58:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2012.11.08 22:58:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2012.11.08 22:58:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2012.11.08 22:58:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2012.11.08 22:58:20 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2012.11.08 22:58:20 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.08 22:58:20 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2012.11.08 22:58:20 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2012.11.08 22:58:20 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2012.11.08 22:58:20 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2012.11.08 22:58:20 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.08 22:58:20 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2012.11.08 22:58:20 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2012.11.08 22:58:20 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2012.11.08 22:58:20 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 22:58:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2012.11.08 22:58:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2012.11.08 22:58:19 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.08 22:58:19 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2012.11.08 22:58:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2012.11.08 22:58:19 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2012.11.08 22:58:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.08 22:58:18 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.08 22:58:18 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2012.11.08 22:58:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2012.11.08 22:58:18 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.08 22:58:18 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2012.11.08 22:58:18 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2012.11.08 22:58:18 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2012.11.08 22:58:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2012.11.08 22:58:17 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2012.11.08 22:58:17 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2012.11.08 22:58:17 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2012.11.08 22:58:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2012.11.08 22:57:27 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2012.11.08 22:57:27 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll [2012.11.08 22:57:27 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll [2012.11.08 22:57:27 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll [2012.11.08 22:57:27 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll [2012.11.08 22:57:27 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2012.11.08 22:57:26 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2012.11.08 22:57:24 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.11.08 22:57:24 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll [2012.11.08 22:57:23 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2012.11.08 22:57:23 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll [2012.11.08 22:57:23 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe [2012.11.08 22:57:23 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2012.11.08 22:57:23 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2012.11.08 22:57:23 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.11.08 22:57:23 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll [2012.11.08 22:57:22 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll [2012.11.08 22:56:49 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\dxgkrnl.sys.mui [2012.11.08 22:56:48 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2012.11.08 22:56:48 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2012.11.08 22:56:48 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe [2012.11.08 22:56:48 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll [2012.11.08 22:56:47 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll [2012.11.08 22:56:47 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2012.11.08 19:19:45 | 000,000,020 | ---- | M] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.07 21:25:53 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.07 14:05:06 | 000,002,735 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Outlook 2007.lnk [2012.11.07 09:15:18 | 000,002,633 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Microsoft Office Excel 2007.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | M] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2012.10.30 12:13:25 | 000,002,631 | ---- | M] () -- C:\Users\Spiegelberg\Desktop\Word.lnk [2012.10.21 10:28:27 | 000,063,488 | ---- | M] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.10.20 12:46:21 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.20 12:46:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.11.12 14:39:50 | 000,662,016 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\RogueKiller_8.2.3.exe [2012.11.11 11:48:51 | 000,001,632 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.11.11 11:48:51 | 000,001,620 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2012.11.10 19:02:54 | 003,728,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.10 14:55:18 | 000,061,082 | ---- | C] () -- C:\Users\Spiegelberg\Documents\cc_20121110_145515.reg [2012.11.10 14:38:47 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.11.10 14:38:47 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.11.10 10:15:50 | 000,002,649 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\Sophos Virus Removal Tool.lnk [2012.11.09 14:29:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.11.09 14:26:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.11.08 22:58:20 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.11.08 19:19:27 | 000,000,020 | ---- | C] () -- C:\Users\Spiegelberg\defogger_reenable [2012.11.07 23:07:18 | 000,000,921 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.11.07 21:25:53 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:24:01 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.07 20:23:38 | 000,001,976 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\Amazon.lnk [2012.11.04 19:03:07 | 000,086,016 | RHS- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\SCardDlgj.dll [2012.10.31 21:03:27 | 000,001,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2012.10.31 21:03:27 | 000,000,952 | ---- | C] () -- C:\Users\Spiegelberg\Desktop\GoPro CineForm Studio.lnk [2011.11.16 17:44:38 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2011.11.10 11:40:12 | 000,000,059 | ---- | C] () -- C:\Windows\WINPHONE.INI [2010.12.13 22:49:14 | 000,000,680 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\d3d9caps.dat [2010.12.01 14:15:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Woodwinds [2010.08.03 19:37:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\designjet [2010.08.03 19:37:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Workflows [2010.08.03 19:33:16 | 000,000,268 | RH-- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\Widgets [2010.08.03 19:33:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.08.29 12:48:01 | 000,023,888 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Roaming\UserTile.png [2009.08.21 10:32:16 | 000,173,493 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.20 17:46:30 | 000,173,493 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.26 16:32:26 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.03.19 16:35:29 | 000,001,024 | ---- | C] () -- C:\Users\Spiegelberg\.rnd [2009.03.19 15:16:38 | 000,063,488 | ---- | C] () -- C:\Users\Spiegelberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.09 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\405167BC-5A2C-4D80-9C2A-110C87E2065B [2011.11.21 18:12:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Acronis [2010.01.13 16:11:15 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Canon [2012.11.07 20:46:25 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DAEMON Tools Lite [2012.11.07 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\DesktopIconForAmazon [2012.10.31 21:05:06 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\GoPro [2011.07.16 12:42:36 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Heimu [2009.06.20 08:39:13 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\myphotobook [2010.08.03 19:51:40 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Nikon [2012.11.07 20:23:37 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\OCS [2012.11.07 20:23:45 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Opera [2012.11.07 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\QuickScan [2012.05.12 09:38:17 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\RavensburgerTipToi [2010.10.13 14:17:08 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.09 15:37:42 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\TeamViewer [2011.07.14 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Spiegelberg\AppData\Roaming\Weute ========== Purity Check ========== ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB51421$] -> Error: Cannot create file handle -> Unknown point type < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.11.2012 14:46:47 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Spiegelberg\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 56,84% Memory free
6,73 Gb Paging File | 5,27 Gb Available in Paging File | 78,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73,73 Gb Total Space | 23,30 Gb Free Space | 31,60% Space Free | Partition Type: NTFS
Drive D: | 75,32 Gb Total Space | 51,75 Gb Free Space | 68,71% Space Free | Partition Type: NTFS
Drive F: | 7,45 Gb Total Space | 7,16 Gb Free Space | 96,07% Space Free | Partition Type: FAT32
Computer Name: SPIEGELBERG-PC | User Name: Spiegelberg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 14456:UDP:LocalSubNet:Enabled:ISDN B2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E16C3D7B-49BA-4402-83E3-B073B6F532FD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EFF1F48-2506-4851-A24A-17FAB3F9C835}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{26BC4C0A-E191-4792-998A-BC3EF385E6A8}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{2E3DF92C-2825-4764-8BAE-278885B6A272}" = protocol=17 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{379608A0-5852-473F-BFDB-7CFDC952E29C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{77EA58B6-9705-4D65-8649-C8F15D91B7FD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AB86C0E1-C327-4EA6-A930-899A063F53B1}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{BCD4992B-2756-4394-89FB-6721089F55AC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CF38C860-096D-4DB5-92D4-91BC77BFF335}" = protocol=6 | dir=in | app=c:\program files\common files\acronis\syncagent\syncagentsrv.exe |
"{FDE9A7EB-62F6-4A42-B900-BDBAA22A15CF}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{FF1420AC-F18E-47E6-96A3-D16D6C333462}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{0A136DC9-03F9-41B7-9887-1227181786C3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{2488EA68-BBBC-4977-A88C-4F808EB52124}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7BD2B21D-46D3-473D-9405-9BEDB4E47818}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{B62318B8-B927-4EA9-A538-7FC4956F14CA}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{F49FB033-E8C7-4516-88B9-2F6C4007A829}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{804B100B-F5DE-4695-8CEB-8FA1A6F8425D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8DE28CE4-620D-480F-9B2C-9F544CEBEDCE}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{989AB90B-C873-4A1C-A9AD-236F4D0AFA88}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{A0437708-5A69-4246-BB05-60F9C052DAD5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{E5F54E56-4515-48E2-9138-FF763090728D}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-145C DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = ASUS USB2.0 Webcam
"{4F9477A1-CD01-4930-A28B-341CEF163879}_is1" = Fachin & Friedrich Toolpaket 9.3 (März 2009)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}" = Acronis*True*Image*Home 2012
"{77DDEEB4-CBF4-4B4C-8366-07E8CC03692B}Visible" = Acronis*True*Image*Home 2012
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOKR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOKR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOKR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFD6973A-76F1-487A-AE41-FD77BAAF00C6}" = Firma und Verein
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"0B624A43DD66DBF5CF3EDFA9741A364E688062A4" = Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DesktopIconAmazon" = Desktop Icon für Amazon
"Google Chrome" = Google Chrome
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{619387A7-F174-457C-9A4F-AB68D928D1A2}" = funkwerk Eumex 401 WIN-Tools V2.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"myphotobook" = myphotobook 3.65
"Nussknacker 2" = Nussknacker 2
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.10.1652" = Opera 12.10
"OUTLOOKR" = Microsoft Office Outlook 2007
"Ravensburger tiptoi" = Ravensburger tiptoi
"REHADAT-Elan 2008 V_is1" = REHADAT-Elan 2008 V
"SearchAnonymizer" = SearchAnonymizer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"sv.net" = sv.net
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.09.2011 04:41:05 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.09.2011 04:41:05 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.10.2011 11:52:46 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 02.10.2011 11:52:46 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 03.10.2011 03:38:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 03:46:04 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 12:57:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.10.2011 12:57:36 | Computer Name = Spiegelberg-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ OSession Events ]
Error - 23.09.2009 14:28:06 | Computer Name = Spiegelberg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 58
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.10.2009 16:36:51 | Computer Name = Spiegelberg-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126
seconds with 120 seconds of active time. This session ended with a crash.
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter Webroot AntiZeroAccess 0.8 Log File
Execution time: 12/11/2012 - 16:01
Host operation System: Windows Vista X86 version 6.0.6002 Service Pack 2
16:01:20 - CheckSystem - Begin to check system...
16:01:20 - OpenRootDrive - Opening system root volume and physical drive....
16:01:20 - C Root Drive: Disk number: 0 Start sector: 0x00000800 Partition Size: 0x09376000 sectors.
16:01:20 - PrevX Main driver extracted in "C:\Windows\system32\drivers\ZeroAccess.sys".
16:01:20 - InstallAndStartDriver - Main driver was installed and now is running.
16:01:20 - CheckSystem - Disk class driver state is OK.
16:01:24 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
16:01:24 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
16:01:24 - Execution Ended!
|
|
13.11.2012, 04:54
| #11 | ||
| /// Helfer-Team | falscher Linkaufruf nach Google oder Yahoo Suche 1. die Hosts-Datei wieder auf die Standardwerte zurücksetzen: Zitat:
2. Punkt 3. bitte noch erledigen!:-> http://www.trojaner-board.de/126726-...tml#post954694 ► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen ► Unter Dienste: Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen 3. -> Plugincheck 4. Zitat:
Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
5. Inhalt posten: C:\TDSSKiller_Quarantine ► Hast du jetzt noch irgendwelche Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! Geändert von kira (13.11.2012 um 05:00 Uhr) |
|
13.11.2012, 17:50
| #12 |
| | falscher Linkaufruf nach Google oder Yahoo Suche Nein keine Probleme mehr SUPER  hier noch der Inhalt der TDSSKiller Code:
ATTFilter [InfectedObject]
Type: Service
Name: 58086f2a
Type: Kernel driver (0x1)
Start: Demand (0x3)
ImagePath: \systemroot\711919704:2818019541.exe
Code:
ATTFilter [InfectedObject]
Verdict: Rootkit.Win32.PMax.gen
Ansonsten VIELEN DANK für deine Hilfe  OH man ich war mit dem zweiten Benutzer noch angemeldet jetz der OTL LOG Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Spiegelberg\Desktop\cmd.bat deleted successfully.
C:\Users\Spiegelberg\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Anne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Anne.Spiegelberg-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Spiegelberg
->Temp folder emptied: 1396404 bytes
->Temporary Internet Files folder emptied: 20318792 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31950 bytes
RecycleBin emptied: 20564 bytes
Total Files Cleaned = 21,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11132012_155732
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
14.11.2012, 05:07
| #13 | ||
| /// Helfer-Team | falscher Linkaufruf nach Google oder Yahoo Suche ** Lass dein System in der nächste Zeit noch unter Beobachtung! wenn alles gut verlaufen ist und dein System läuft stabil,mache folgendes: 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter CCleaner
2. Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
3. Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden: Also mach bitte folgendes:
4. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen) z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) 5. ► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand! -> Installiere jedes Update das Dir angeboten wird, wiederhole den Vorgang so oft, bis nicht mehr gibt Lesestoff Nr.1: Gib Kriminellen Handlungen keine Chance! Zitat:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
Wenn Du uns unterstützen möchtest→ Spendekonto gruß kira
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
| Themen zu falscher Linkaufruf nach Google oder Yahoo Suche |
| anlage, antivir, avira, avira searchfree toolbar, babylontoolbar, bho, browser, browser manager, desktop, error, firefox, flash player, google, homepage, iexplore.exe, install.exe, kaspersky, linkaufruf, object, office 2007, plug-in, problem, proxy, realtek, registry, scan, security, senden, software, suchmaschine, svchost.exe, vista |
.
) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse. 
Linear-Darstellung
