|
Log-Analyse und Auswertung: Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren UsernWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.11.2012, 08:19 | #1 |
| Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hallo! Nun habe auch ich diesen Virus auf meinem alten Desktop mit Windows XP SP3 eingefangen. Glücklicherweise habe ich mehrere User und bin normalerweise nicht als Administrator eingeloggt, trotzdem ist es mir gelungen alle User außer "Gast" zu infizieren. Den Administrator User konnte ich mit Hife der Lektüre dieses Forums und Malwarebytes reinigen, nur mein Hauptbenutzer Konto ist noch immer lahm gelegt. Könnt Ihr mir helfen, meinen Computer nachhaltig zu reinigen? Anbei die Logfiles von Avira, Malwarebytes, OTL, Defogger. Vielen Dank! lg Honza Geändert von honza (26.11.2012 um 08:24 Uhr) Grund: Weiterer Log angehängt. |
27.11.2012, 09:23 | #2 |
/// the machine /// TB-Ausbilder | Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hi,
__________________Downloade Dir bitte AdwCleaner auf deinen Desktop.
Und ein frisches OTL log mit All Users bitte. Logs bitte nicht anhängen sondern in den Thread posten.
__________________ |
27.11.2012, 20:09 | #3 |
| Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hallo!
__________________Super! Hab AdwCleaner ausgeführt und kann wieder normal mit Hauptbenutzer einsteigen! Anbei die Logs: AdwCleaner: Code:
ATTFilter # AdwCleaner v2.009 - Datei am 27/11/2012 um 19:21:52 erstellt # Aktualisiert am 24/11/2012 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Administrator - *******SPC # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Uninstall.exe Datei Gelöscht : C:\Programme\Mozilla Firefox\searchplugins\babylon.xml Datei Gelöscht : C:\user.js Ordner Gelöscht : C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\BabylonToolbar Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Babylon Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BabylonToolbar Ordner Gelöscht : C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon Ordner Gelöscht : C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\BabylonToolbar Ordner Gelöscht : C:\Dokumente und Einstellungen\*******\Anwendungsdaten\BabylonToolbar Ordner Gelöscht : C:\Dokumente und Einstellungen\*******\Anwendungsdaten\PriceGong Ordner Gelöscht : C:\Programme\BabylonToolbar ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\BabylonToolbar Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Software ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109958&babsrc=NT_ss&mntrId=4cf8908f000000000000001617f055eb --> hxxp://www.google.com ************************* AdwCleaner[S1].txt - [4053 octets] - [27/11/2012 19:21:52] ########## EOF - C:\AdwCleaner[S1].txt - [4113 octets] ########## Code:
ATTFilter OTL logfile created on: 27.11.2012 19:43:05 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 990,36 Mb Total Physical Memory | 626,45 Mb Available Physical Memory | 63,26% Memory free 2,33 Gb Paging File | 2,01 Gb Available in Paging File | 86,04% Paging File free Paging file location(s): C:\pagefile.sys 1488 2976 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 175,78 Gb Total Space | 66,88 Gb Free Space | 38,05% Space Free | Partition Type: NTFS Computer Name: *******SPC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\MSI\Live Update 5\LU5.exe (Micro-Star International) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) PRC - C:\Programme\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.) PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) PRC - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\A-Trust GmbH\Bürgerkartensoftware\Xalan-C_1_10.dll () MOD - C:\Programme\A-Trust GmbH\Bürgerkartensoftware\XalanMessages_1_10.dll () MOD - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () MOD - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanDll.dll () MOD - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\acAuth.dll () MOD - C:\Programme\Adobe\Acrobat 5.0\Distillr\adistres.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (GMSIPCI) -- F:\INSTALL\GMSIPCI.SYS File not found DRV - (Changer) -- File not found DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (NTIOLib_1_0_4) -- C:\Programme\MSI\Live Update 5\NTIOLib.sys (MSI) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MSI_MSIBIOS_010507) -- C:\Programme\MSI\Live Update 5\msibios32_100507.sys (Your Corporation) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (FNETDEVI) -- C:\WINDOWS\system32\drivers\FNETDEVI.SYS (FNet Co., Ltd.) DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (cxbu0wdm) -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys (OMNIKEY) DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (actser) -- C:\WINDOWS\system32\drivers\actser.sys (Siemens AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\SearchScopes,DefaultScope = {8F9CC1A7-1105-4EFB-B40B-8B220179B5A5} IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\SearchScopes\{8F9CC1A7-1105-4EFB-B40B-8B220179B5A5}: "URL" = hxxp://www.google.at/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRC_de IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.ftp: ":" FF - prefs.js..network.proxy.gopher: ":" FF - prefs.js..network.proxy.http: ":" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: ":" FF - prefs.js..network.proxy.ssl: ":" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&babsrc=KW_ss&mntrId=4cf8908f000000000000001617f055eb&q=" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=4cf8908f000000000000001617f055eb" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.06 13:24:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.06 22:13:48 | 000,000,000 | ---D | M] [2010.11.06 13:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.06.05 19:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions [2010.11.06 13:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.19 21:28:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.05 19:00:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com [2010.11.06 13:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\staged-xpis [2009.03.18 13:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi [2011.11.09 21:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.20 17:58:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.13 19:29:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.11.09 21:23:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2009.02.01 12:54:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2008.01.17 12:33:20 | 000,087,576 | ---- | M] (FreeHand Systems) -- C:\Programme\mozilla firefox\plugins\nprmsl.dll [2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll [2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found O3 - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\Toolbar\WebBrowser: (no name) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CherryConfigDlg] C:\Programme\Cherry\SmartDevice\CT_API_Config\ConfigDlg.exe (Cherry GmbH) O4 - HKLM..\Run: [Live Update 5] C:\Programme\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PCCloneEX] C:\Programme\PCCloneEX\PCCloneEX.EXE File not found O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [] File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [acSecurityLayer] C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [MoneyAgent] C:\Programme\Microsoft Money\System\Money Express.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\a.sign Client.lnk = C:\Programme\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Configuration Utility HW.15.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.) O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} hxxp://downloads.freehandmusic.com/biblionet.cab (BiblioNetCtrl Class) O16 - DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} hxxp://downloads.freehandmusic.com/soleromusiccontrol.cab (SoleroMusicControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (RealPlayer G2 Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.leasaustria.com/dwa7W.cab (Domino Web Access 7 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F47E687B-551F-4043-89B3-F6E3F5DAD01E} hxxp://cam.wohnhof-orasteig.at/VDControl.CAB (VideoDeviceControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E825888-AF51-42FC-9078-F05A98B1B6CA}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.04.08 21:34:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{458e13b3-65d6-11df-899b-0018e72d9c98}\Shell - "" = AutoRun O33 - MountPoints2\{458e13b3-65d6-11df-899b-0018e72d9c98}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{458e13b3-65d6-11df-899b-0018e72d9c98}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{79907cb1-69ba-11df-899f-0018e72d9c98}\Shell - "" = AutoRun O33 - MountPoints2\{79907cb1-69ba-11df-899f-0018e72d9c98}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{79907cb1-69ba-11df-899f-0018e72d9c98}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.24 19:46:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSI [2012.11.18 15:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia [2012.11.18 15:07:16 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2012.11.18 15:07:01 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2012.11.18 08:18:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.18 08:18:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.18 07:15:07 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung [2012.11.17 20:54:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2007.12.23 17:01:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.27 19:41:28 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012.11.27 19:41:01 | 000,000,239 | ---- | M] () -- C:\WINDOWS\HBCIKRNL.INI [2012.11.27 19:40:55 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.27 19:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.27 19:26:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.26 22:58:03 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.26 08:24:21 | 000,023,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\logs.zip [2012.11.26 08:01:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.26 07:58:43 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.11.26 07:56:49 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iscypgdo.exe [2012.11.26 07:56:14 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2012.11.25 22:00:03 | 000,480,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe [2012.11.18 15:25:02 | 000,001,717 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk [2012.11.18 07:52:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.11.18 07:52:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.11.18 07:33:07 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.17 20:54:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.11.17 13:51:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.17 13:30:21 | 000,452,790 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.17 13:30:21 | 000,435,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.17 13:30:21 | 000,068,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.17 13:30:20 | 000,081,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.26 08:14:13 | 000,023,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\logs.zip [2012.11.26 07:58:22 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.11.26 07:56:48 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iscypgdo.exe [2012.11.26 07:56:14 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2012.11.25 21:59:57 | 000,480,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe [2012.11.18 15:24:59 | 000,001,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk [2012.02.28 22:03:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.12 22:01:28 | 000,005,606 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Utility.xml [2007.12.23 17:01:44 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inst.exe [2007.12.23 17:01:44 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.cat [2007.12.23 17:01:44 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.inf [2007.11.29 21:52:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\PUTTY.RND [2007.04.09 20:57:51 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2008.04.12 09:28:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Vielen Dank für die Anleitung und Weihnachtsputz meines Rechners! lg honza |
28.11.2012, 07:32 | #4 |
/// the machine /// TB-Ausbilder | Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hi, Fixen mit OTL
Code:
ATTFilter :OTL FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=4cf8908f000000000000001617f055eb" O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found O3 - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\Toolbar\WebBrowser: (no name) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - No CLSID value found. O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [] File not found :Commands [emptytemp]
ESET Online Scanner
Und ein frisches OTL log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.11.2012, 07:19 | #5 |
| Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hallo! Super, nebenbei wurden an die 1GB Temp-Files freigeschaufelt. Und tatsächlich gibt es noch immer einige Funde. Hier die Logfiles: OTL: Code:
ATTFilter All processes killed ========== OTL ========== Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=4cf8908f000000000000001617f055eb" removed from browser.startup.homepage Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{56361A71-4E9F-401D-9E12-8AEAA3D7A672} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56361A71-4E9F-401D-9E12-8AEAA3D7A672}\ not found. Registry value HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 1302878949 bytes ->Temporary Internet Files folder emptied: 754887721 bytes ->Java cache emptied: 17466615 bytes ->FireFox cache emptied: 27144232 bytes ->Flash cache emptied: 9587 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Gast ->Temp folder emptied: 482264 bytes ->Temporary Internet Files folder emptied: 11016494 bytes ->Java cache emptied: 527804 bytes ->Flash cache emptied: 506 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 14531106 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: ******* ->Temp folder emptied: 255531952 bytes ->Temporary Internet Files folder emptied: 648762932 bytes ->Java cache emptied: 135168796 bytes ->FireFox cache emptied: 17804083 bytes ->Opera cache emptied: 19627248 bytes ->Flash cache emptied: 1102570 bytes User: +++++++ ->Temp folder emptied: 18761702 bytes ->Temporary Internet Files folder emptied: 65916234 bytes ->Java cache emptied: 181229 bytes ->Flash cache emptied: 405 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2148906 bytes %systemroot%\System32 .tmp files removed: 12724103 bytes %systemroot%\System32\dllcache .tmp files removed: 584192 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 90444208 bytes RecycleBin emptied: 4278980245 bytes Total Files Cleaned = 7.321,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11282012_215944 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=8c24604a53c9284f892078ad67a5f1c7 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-29 01:12:19 # local_time=2012-11-29 02:12:19 (+0100, Westeuropäische Normalzeit) # country="Austria" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1792 16777175 100 0 32359764 32359764 0 0 # compatibility_mode=8192 67108863 100 0 3841 3841 0 0 # scanned=163021 # found=2 # cleaned=0 # scan_time=13782 C:\Dokumente und Einstellungen\All Users\Dokumente\Computer\Software\nero\Nero-7.8.5.0_deu_update.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I C:\Dokumente und Einstellungen\*******\Anwendungsdaten\phonostar-Player\update2.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I lg honza Geändert von honza (29.11.2012 um 07:32 Uhr) Grund: anonymisiert |
29.11.2012, 08:10 | #6 |
/// the machine /// TB-Ausbilder | Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Und das frische OTL log?
__________________ --> Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern |
30.11.2012, 07:48 | #7 |
| Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hallo! Ah ja, anbei: OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.11.2012 07:25:34 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 990,36 Mb Total Physical Memory | 598,74 Mb Available Physical Memory | 60,46% Memory free 2,33 Gb Paging File | 1,99 Gb Available in Paging File | 85,50% Paging File free Paging file location(s): C:\pagefile.sys 1488 2976 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 175,78 Gb Total Space | 71,20 Gb Free Space | 40,50% Space Free | Partition Type: NTFS Computer Name: *******SPC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\MSI\Live Update 5\LU5.exe (Micro-Star International) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) PRC - C:\Programme\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.) PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) PRC - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\A-Trust GmbH\Bürgerkartensoftware\Xalan-C_1_10.dll () MOD - C:\Programme\A-Trust GmbH\Bürgerkartensoftware\XalanMessages_1_10.dll () MOD - C:\WINDOWS\system32\mmfinfo.dll () MOD - C:\WINDOWS\system32\mkunicode.dll () MOD - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () MOD - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanDll.dll () MOD - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\acAuth.dll () MOD - C:\Programme\Adobe\Acrobat 5.0\Distillr\adistres.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (GMSIPCI) -- F:\INSTALL\GMSIPCI.SYS File not found DRV - (Changer) -- File not found DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (NTIOLib_1_0_4) -- C:\Programme\MSI\Live Update 5\NTIOLib.sys (MSI) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MSI_MSIBIOS_010507) -- C:\Programme\MSI\Live Update 5\msibios32_100507.sys (Your Corporation) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (FNETDEVI) -- C:\WINDOWS\system32\drivers\FNETDEVI.SYS (FNet Co., Ltd.) DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (cxbu0wdm) -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys (OMNIKEY) DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (actser) -- C:\WINDOWS\system32\drivers\actser.sys (Siemens AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.at/ IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes,DefaultScope = {4D85D8B1-B241-4F55-BB3B-417C1E978A27} IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{438BA2A3-7605-4433-91CD-2F9B09A2D5B2}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{4D85D8B1-B241-4F55-BB3B-417C1E978A27}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRC_de IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{56361A71-4E9F-401D-9E12-8AEAA3D7A672}: "URL" = hxxp://mil.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{6F14E696-CC58-464D-9126-2B423E2C139B}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{76D2086F-89B2-4F34-8ACD-55143B0097FD}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{A113C5FE-631A-4841-8139-F5D86DF19A1E}: "URL" = hxxp://www.webcrawler.com/webcrawler/ws/results/Web/{searchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{F2BFF02E-CB3C-4E89-BDC9-63C4AD327D12}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 62.157.186.16:80 IE - HKU\S-1-5-21-117609710-1547161642-725345543-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-117609710-1547161642-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-117609710-1547161642-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-117609710-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\SearchScopes,DefaultScope = {8F9CC1A7-1105-4EFB-B40B-8B220179B5A5} IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\SearchScopes\{8F9CC1A7-1105-4EFB-B40B-8B220179B5A5}: "URL" = hxxp://www.google.at/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRC_de IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\..\SearchScopes,DefaultScope = {4A12906D-E039-4699-9D50-8A442E8F43CD} IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\..\SearchScopes\{4A12906D-E039-4699-9D50-8A442E8F43CD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRC_de IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-117609710-1547161642-725345543-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.ftp: ":" FF - prefs.js..network.proxy.gopher: ":" FF - prefs.js..network.proxy.http: ":" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: ":" FF - prefs.js..network.proxy.ssl: ":" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&babsrc=KW_ss&mntrId=4cf8908f000000000000001617f055eb&q=" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=4cf8908f000000000000001617f055eb" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.06 13:24:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.06 22:13:48 | 000,000,000 | ---D | M] [2010.11.06 13:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.06.05 19:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions [2010.11.06 13:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.19 21:28:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.05 19:00:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com [2010.11.06 13:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\staged-xpis [2009.03.18 13:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi [2011.11.09 21:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.20 17:58:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.13 19:29:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.11.09 21:23:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2009.02.01 12:54:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2008.01.17 12:33:20 | 000,087,576 | ---- | M] (FreeHand Systems) -- C:\Programme\mozilla firefox\plugins\nprmsl.dll [2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll [2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\Toolbar\WebBrowser: (no name) - {56361A71-4E9F-401D-9E12-8AEAA3D7A672} - No CLSID value found. O3 - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-117609710-1547161642-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-117609710-1547161642-725345543-501\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CherryConfigDlg] C:\Programme\Cherry\SmartDevice\CT_API_Config\ConfigDlg.exe (Cherry GmbH) O4 - HKLM..\Run: [Live Update 5] C:\Programme\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PCCloneEX] C:\Programme\PCCloneEX\PCCloneEX.EXE File not found O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [] C:\Dokumente und Einstellungen\*******\ndqvqvtlfelh.exe File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [03994227] C:\DOKUME~1\ALLUSE~1\ANWEND~1\03994227\03994227.exe File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [GMX_GMX Upload-Manager] "C:\Programme\gmx\GMX Upload-Manager\DAVSRV.EXE" /hide File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [Helper] C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Helper\bin\liveu.exe File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [Memret] C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Adobe\Update\getloc.exe () O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [mscj] c:\dokumente und einstellungen\*******\anwendungsdaten\msa\mscj.exe File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [mscj.exe] C:\Dokumente und Einstellungen\*******\Anwendungsdaten\MSA\mscj.exe File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [NokiaSuite.exe] C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [phonostar-PlayerTimer] C:\Programme\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [phonostarTimer] C:\Programme\phonostar-Player\phonostarTimer.exe () O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1004..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [acSecurityLayer] C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [MoneyAgent] C:\Programme\Microsoft Money\System\Money Express.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-501..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-501..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\a.sign Client.lnk = C:\Programme\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Configuration Utility HW.15.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-117609710-1547161642-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-117609710-1547161642-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O7 - HKU\S-1-5-21-117609710-1547161642-725345543-501\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.) O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..Trusted Domains: bmf.gv.at ([finanzonline] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..Trusted Domains: gmx.at ([www] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..Trusted Domains: gmx.net ([service] https in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..Trusted Domains: sparkasse.at ([www] https in Vertrauenswürdige Sites) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} hxxp://downloads.freehandmusic.com/biblionet.cab (BiblioNetCtrl Class) O16 - DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} hxxp://downloads.freehandmusic.com/soleromusiccontrol.cab (SoleroMusicControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (RealPlayer G2 Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.leasaustria.com/dwa7W.cab (Domino Web Access 7 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F47E687B-551F-4043-89B3-F6E3F5DAD01E} hxxp://cam.wohnhof-orasteig.at/VDControl.CAB (VideoDeviceControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E825888-AF51-42FC-9078-F05A98B1B6CA}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.04.08 21:34:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{458e13b3-65d6-11df-899b-0018e72d9c98}\Shell - "" = AutoRun O33 - MountPoints2\{458e13b3-65d6-11df-899b-0018e72d9c98}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{458e13b3-65d6-11df-899b-0018e72d9c98}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{79907cb1-69ba-11df-899f-0018e72d9c98}\Shell - "" = AutoRun O33 - MountPoints2\{79907cb1-69ba-11df-899f-0018e72d9c98}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{79907cb1-69ba-11df-899f-0018e72d9c98}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.28 22:18:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.11.28 21:59:44 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.24 19:46:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSI [2012.11.18 15:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia [2012.11.18 15:07:16 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2012.11.18 15:07:01 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2012.11.18 08:18:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.18 08:18:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.18 07:15:07 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung [2012.11.17 20:54:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2007.12.23 17:01:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.11.30 07:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.30 07:22:19 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012.11.30 07:02:25 | 000,000,239 | ---- | M] () -- C:\WINDOWS\HBCIKRNL.INI [2012.11.30 07:01:18 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.30 07:00:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.30 07:00:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.29 06:58:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.26 08:24:21 | 000,023,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\logs.zip [2012.11.26 07:58:43 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.11.26 07:56:49 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iscypgdo.exe [2012.11.26 07:56:14 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2012.11.25 22:00:03 | 000,480,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe [2012.11.18 15:25:02 | 000,001,717 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk [2012.11.18 07:52:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.11.18 07:52:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.11.18 07:33:07 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.17 20:54:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.11.17 13:51:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.17 13:30:21 | 000,452,790 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.17 13:30:21 | 000,435,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.17 13:30:21 | 000,068,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.17 13:30:20 | 000,081,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat ========== Files Created - No Company Name ========== [2012.11.26 08:14:13 | 000,023,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\logs.zip [2012.11.26 07:58:22 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.11.26 07:56:48 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iscypgdo.exe [2012.11.26 07:56:14 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2012.11.25 21:59:57 | 000,480,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe [2012.11.18 15:24:59 | 000,001,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk [2012.02.28 22:03:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.12 22:01:28 | 000,005,606 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Utility.xml [2007.12.23 17:01:44 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inst.exe [2007.12.23 17:01:44 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.cat [2007.12.23 17:01:44 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.inf [2007.11.29 21:52:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\PUTTY.RND [2007.04.09 20:57:51 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2008.04.12 09:28:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Bin schon gespannt, was es sagt. danke, lg honza |
30.11.2012, 08:21 | #8 | |
/// the machine /// TB-Ausbilder | Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Ein paar Überbleibsel die noch weg müssen, aber vorher ein paar Fragen: Hast du den Proxy gesetzt? Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.11.2012, 09:45 | #9 |
| Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hallo! Interessant. Ist laut Google eine IT Firma in Baden Würthenberg. Auf einer Anti-Scam Seite habe ich gefunden: "Suspected network sharing device". hxxp://anti-scam.de/cgi-bin/yabb2/YaBB.pl?num=1317657437 Danke, werde ich entfernen! Computer läuft sonst gut. Ich sehe noch nach, ob Avira immer noch was findet. Vielen Dank bislang! |
30.11.2012, 11:28 | #10 |
/// the machine /// TB-Ausbilder | Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Brauchst Du nicht, das nehm ich im Fix gleich mit raus Fixen mit OTL
Code:
ATTFilter :OTL IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{A113C5FE-631A-4841-8139-F5D86DF19A1E}: "URL" = hxxp://www.webcrawler.com/webcrawler/ws/results/Web/{searchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\..\SearchScopes\{F2BFF02E-CB3C-4E89-BDC9-63C4AD327D12}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKU\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 62.157.186.16:80 [2012.06.05 19:00:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [] C:\Dokumente und Einstellungen\*******\ndqvqvtlfelh.exe File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [03994227] C:\DOKUME~1\ALLUSE~1\ANWEND~1\03994227\03994227.exe File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [GMX_GMX Upload-Manager] "C:\Programme\gmx\GMX Upload-Manager\DAVSRV.EXE" /hide File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [Helper] C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Helper\bin\liveu.exe File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [Memret] C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Adobe\Update\getloc.exe () O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [mscj] c:\dokumente und einstellungen\*******\anwendungsdaten\msa\mscj.exe File not found O4 - HKU\S-1-5-21-117609710-1547161642-725345543-1003..\Run: [mscj.exe] C:\Dokumente und Einstellungen\*******\Anwendungsdaten\MSA\mscj.exe File not found :Commands [emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
30.11.2012, 20:27 | #11 |
| Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hallo! Habs den OTL Fix durchgeführt. Hier das Logfiles: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{A113C5FE-631A-4841-8139-F5D86DF19A1E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A113C5FE-631A-4841-8139-F5D86DF19A1E}\ not found. Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{F2BFF02E-CB3C-4E89-BDC9-63C4AD327D12}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2BFF02E-CB3C-4E89-BDC9-63C4AD327D12}\ not found. Unable to set value : HKU\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E! C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com\content folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com\components folder moved successfully. C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\ffxtlbr@babylon.com folder moved successfully. Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run not found. File C:\Dokumente und Einstellungen\*******\Anwendungsdaten\Adobe\Update\getloc.exe not found. Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run not found. Registry key HKEY_USERS\S-1-5-21-117609710-1547161642-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 68890 bytes ->Temporary Internet Files folder emptied: 43501348 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 492 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: ******* ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Susanne ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 42,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11302012_194754 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.11.2012 20:04:42 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 990,36 Mb Total Physical Memory | 644,30 Mb Available Physical Memory | 65,06% Memory free 2,33 Gb Paging File | 2,01 Gb Available in Paging File | 86,42% Paging File free Paging file location(s): C:\pagefile.sys 1488 2976 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 175,78 Gb Total Space | 71,12 Gb Free Space | 40,46% Space Free | Partition Type: NTFS Computer Name: *******SPC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\MSI\Live Update 5\LU5.exe (Micro-Star International) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) PRC - C:\Programme\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd.) PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) PRC - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) PRC - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\A-Trust GmbH\Bürgerkartensoftware\Xalan-C_1_10.dll () MOD - C:\Programme\A-Trust GmbH\Bürgerkartensoftware\XalanMessages_1_10.dll () MOD - C:\WINDOWS\system32\mmfinfo.dll () MOD - C:\WINDOWS\system32\mkunicode.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () MOD - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanDll.dll () MOD - C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\acAuth.dll () MOD - C:\Programme\Adobe\Acrobat 5.0\Distillr\adistres.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (GMSIPCI) -- F:\INSTALL\GMSIPCI.SYS File not found DRV - (Changer) -- File not found DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (DrvAgent32) -- C:\WINDOWS\system32\drivers\DrvAgent32.sys (Phoenix Technologies) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (NTIOLib_1_0_4) -- C:\Programme\MSI\Live Update 5\NTIOLib.sys (MSI) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (MSI_MSIBIOS_010507) -- C:\Programme\MSI\Live Update 5\msibios32_100507.sys (Your Corporation) DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (FNETDEVI) -- C:\WINDOWS\system32\drivers\FNETDEVI.SYS (FNet Co., Ltd.) DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (cxbu0wdm) -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys (OMNIKEY) DRV - (videX32) -- C:\WINDOWS\system32\drivers\videX32.sys (VIA Technologies, Inc.) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (actser) -- C:\WINDOWS\system32\drivers\actser.sys (Siemens AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\SearchScopes,DefaultScope = {8F9CC1A7-1105-4EFB-B40B-8B220179B5A5} IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\..\SearchScopes\{8F9CC1A7-1105-4EFB-B40B-8B220179B5A5}: "URL" = hxxp://www.google.at/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRC_de IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-117609710-1547161642-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.ftp: ":" FF - prefs.js..network.proxy.gopher: ":" FF - prefs.js..network.proxy.http: ":" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: ":" FF - prefs.js..network.proxy.ssl: ":" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&babsrc=KW_ss&mntrId=4cf8908f000000000000001617f055eb&q=" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&babsrc=HP_ss&mntrId=4cf8908f000000000000001617f055eb" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.06 13:24:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.06 22:13:48 | 000,000,000 | ---D | M] [2010.11.06 13:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.06.05 19:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions [2010.11.06 13:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.19 21:28:52 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.11.06 13:35:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\staged-xpis [2009.03.18 13:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\bq007tl9.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi [2011.11.09 21:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.20 17:58:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.13 19:29:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.11.09 21:23:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2009.02.01 12:54:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2008.01.17 12:33:20 | 000,087,576 | ---- | M] (FreeHand Systems) -- C:\Programme\mozilla firefox\plugins\nprmsl.dll [2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll [2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CherryConfigDlg] C:\Programme\Cherry\SmartDevice\CT_API_Config\ConfigDlg.exe (Cherry GmbH) O4 - HKLM..\Run: [Live Update 5] C:\Programme\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PCCloneEX] C:\Programme\PCCloneEX\PCCloneEX.EXE File not found O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" File not found O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [acSecurityLayer] C:\Programme\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [MoneyAgent] C:\Programme\Microsoft Money\System\Money Express.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-117609710-1547161642-725345543-500..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\a.sign Client.lnk = C:\Programme\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Wireless Configuration Utility HW.15.lnk = C:\Programme\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-117609710-1547161642-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.) O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} hxxp://downloads.freehandmusic.com/biblionet.cab (BiblioNetCtrl Class) O16 - DPF: {6A4F3A11-99B7-4BD1-AF88-B7354D1DAECD} hxxp://downloads.freehandmusic.com/soleromusiccontrol.cab (SoleroMusicControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class) O16 - DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (RealPlayer G2 Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://webmail.leasaustria.com/dwa7W.cab (Domino Web Access 7 Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F47E687B-551F-4043-89B3-F6E3F5DAD01E} hxxp://cam.wohnhof-orasteig.at/VDControl.CAB (VideoDeviceControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E825888-AF51-42FC-9078-F05A98B1B6CA}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.04.08 21:34:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{458e13b3-65d6-11df-899b-0018e72d9c98}\Shell - "" = AutoRun O33 - MountPoints2\{458e13b3-65d6-11df-899b-0018e72d9c98}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{458e13b3-65d6-11df-899b-0018e72d9c98}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{79907cb1-69ba-11df-899f-0018e72d9c98}\Shell - "" = AutoRun O33 - MountPoints2\{79907cb1-69ba-11df-899f-0018e72d9c98}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{79907cb1-69ba-11df-899f-0018e72d9c98}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.30 20:09:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Info [2012.11.28 22:18:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.11.28 21:59:44 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.24 19:46:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MSI [2012.11.18 15:25:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia [2012.11.18 15:07:16 | 000,019,072 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2012.11.18 15:07:01 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2012.11.18 08:18:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.11.18 08:18:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.11.18 07:15:07 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Verwaltung [2012.11.17 20:54:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2007.12.23 17:01:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.11.30 20:02:28 | 000,000,239 | ---- | M] () -- C:\WINDOWS\HBCIKRNL.INI [2012.11.30 20:02:22 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2012.11.30 19:58:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.11.30 19:54:06 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.11.30 19:52:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.30 19:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.30 07:00:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.26 08:24:21 | 000,023,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\logs.zip [2012.11.26 07:58:43 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.11.26 07:56:49 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iscypgdo.exe [2012.11.26 07:56:14 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2012.11.25 22:00:03 | 000,480,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe [2012.11.18 15:25:02 | 000,001,717 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk [2012.11.18 07:52:45 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012.11.18 07:52:42 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012.11.18 07:33:07 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.11.17 20:54:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.11.17 13:51:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.11.17 13:30:21 | 000,452,790 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.11.17 13:30:21 | 000,435,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.11.17 13:30:21 | 000,068,782 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.11.17 13:30:20 | 000,081,622 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat ========== Files Created - No Company Name ========== [2012.11.26 08:14:13 | 000,023,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\logs.zip [2012.11.26 07:58:22 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2012.11.26 07:56:48 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iscypgdo.exe [2012.11.26 07:56:14 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2012.11.25 21:59:57 | 000,480,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\adwcleaner.exe [2012.11.18 15:24:59 | 000,001,717 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk [2012.02.28 22:03:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.12 22:01:28 | 000,005,606 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Utility.xml [2007.12.23 17:01:44 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inst.exe [2007.12.23 17:01:44 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.cat [2007.12.23 17:01:44 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\pcouffin.inf [2007.11.29 21:52:13 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\PUTTY.RND [2007.04.09 20:57:51 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2008.04.12 09:28:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 03:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Danke, honza |
01.12.2012, 19:42 | #12 |
/// the machine /// TB-Ausbilder | Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.12.2012, 22:02 | #13 |
| Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hallo! Nein, passt alles. Mein Computer ist schön clean. Danke für die Unterstützung! lg honza |
03.12.2012, 08:32 | #14 |
/// the machine /// TB-Ausbilder | Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern AdwCleaner öffnen > Uninstall OTL öffnen > Button Bereinigung drücken Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. __________________
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.12.2012, 18:16 | #15 |
| Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern Hallo! Ich werde die Tipps gerne befolgen - von meiner Seite keine Fragen mehr offen! Ich möchte noch einen Tipp von meiner Seite anfügen: man sollte normalerweise nicht als Administrator eingeloggt sein! Vielen Dank & Herzliche Grüsse! |
Themen zu Polizei Cyber Crime Investigation Department auf Windows XP SP3 mit mehreren Usern |
administrator, alten, anbei, benutzer, compu, computer, cyber, cyber crime investigation department, cyber crime investigation department polizei, desktop, forums, konnte, konto, lahm, logfiles, malwarebytes, mehrere user, mehreren, nachhaltig, polizei, reinigen, sp3, usern, virus, windows, windows xp, windows xp sp3 |