|
Plagegeister aller Art und deren Bekämpfung: System Progessiv ProtectionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.01.2013, 22:05 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Progessiv Protection Einfach auf SCAN klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
07.01.2013, 22:28 | #17 |
| System Progessiv Protection Scan 1
__________________Code:
ATTFilter OTL logfile created on: 07.01.2013 22:08:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Andrea\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,95 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 63,44% Memory free 3,80 Gb Paging File | 3,15 Gb Available in Paging File | 82,92% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 25,26 Gb Total Space | 7,67 Gb Free Space | 30,35% Space Free | Partition Type: NTFS Drive D: | 49,09 Gb Total Space | 25,56 Gb Free Space | 52,08% Space Free | Partition Type: NTFS Drive E: | 7,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ANDREA-LAPI | User Name: Andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Andrea\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\Programme\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) PRC - C:\Programme\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) PRC - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) PRC - C:\Programme\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.) PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) PRC - C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) PRC - C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) PRC - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Programme\Ad-Aware Antivirus\Definitions\libMachoUniv.dll () MOD - C:\Programme\Ad-Aware Antivirus\Definitions\libBase64.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.210.21640__f25c74fcad379103\Status Lib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\SecurityDeviceInfoSetReg\1.6.210.21658__3a60a70419922317\SecurityDeviceInfoSetReg.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.210.21639__4ca2a925deedf37d\StatusInterfaces.dll () MOD - C:\WINDOWS\system32\preflib.dll () MOD - C:\WINDOWS\system32\bcm1xsup.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\WINDOWS\system32\Wavx_ESC_Logging.dll () MOD - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll () MOD - C:\WINDOWS\system32\wxvault.dll () MOD - C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\dlaapi_w.dll () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Programme\Spybot File not found SRV - (SDUpdateService) -- C:\Programme\Spybot File not found SRV - (SDScannerService) -- C:\Programme\Spybot File not found SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TdmService) -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (SMManager) -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (dcpsysmgrsvc) -- C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (Credential Vault Host Control Service) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (Credential Vault Host Storage) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (buttonsvc32) -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) SRV - (SecureStorageService) -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (tcsd_win32.exe) -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (ASFAgent) -- C:\Programme\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NvtSp50) -- System32\Drivers\NvtSp50.sys File not found DRV - (lbrtfdc) -- File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Andrea\LOKALE~1\Temp\catchme.sys File not found DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys () DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation) DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\PBADRV.sys (Dell Inc) DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (AsfAlrt) -- C:\WINDOWS\system32\drivers\Asfalrt.sys (Intel Corporation) DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USREL/8 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=B7743A8EDB52FF064046EA50E7136F17 IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\..\SearchScopes,DefaultScope = {6EC73D9D-E450-4FE6-BD9D-DA729DC7A72F} IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\..\SearchScopes\{6EC73D9D-E450-4FE6-BD9D-DA729DC7A72F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=B7743A8EDB52FF064046EA50E7136F17" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=B7743A8EDB52FF064046EA50E7136F17&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.04 18:38:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.12.10 22:55:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.06.03 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Extensions [2011.06.03 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.04 18:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\la5lclb7.default\extensions [2013.01.04 18:37:55 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\la5lclb7.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.12.27 23:57:45 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\la5lclb7.default\extensions\2020Player_IKEA@2020Technologies.com [2013.01.04 18:37:59 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\la5lclb7.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.10.30 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.30 20:47:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.04 23:04:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ChangeTPMAuth] C:\Programme\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.) O4 - HKLM..\Run: [DellConnectionManager] C:\Programme\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) O4 - HKLM..\Run: [DellControlPoint] C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Programme\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SearchProtection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Search Protection\_run.bat File not found O4 - HKLM..\Run: [SecureUpgrade] C:\Programme\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [USCService] C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [WavXMgr] C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) O4 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Dell ControlPoint System Manager.lnk = C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Andrea\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\tester\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348420611214 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 16:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.07 21:04:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andrea\Desktop\OTL.exe [2013.01.06 16:29:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.05 19:45:22 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Andrea\Desktop\tdsskiller.exe [2013.01.05 19:44:29 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Andrea\Desktop\aswMBR.exe [2013.01.04 23:00:13 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.04 22:58:51 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.04 22:48:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.04 22:48:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.04 22:48:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.04 22:48:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.04 22:40:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.04 22:40:34 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Andrea\Startmenü\Programme\Verwaltung [2013.01.04 22:40:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.04 22:35:28 | 005,019,583 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Andrea\Desktop\ComboFix.exe [2013.01.04 18:46:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Antivirus [2013.01.04 18:44:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\LavasoftStatistics [2013.01.04 18:39:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus [2013.01.04 18:39:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2013.01.04 18:39:28 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus [2013.01.04 18:39:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations [2013.01.04 18:39:05 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013.01.04 18:39:05 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013.01.04 18:38:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\adawarebp [2013.01.04 18:38:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection [2013.01.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Programme\Toolbar Cleaner [2013.01.04 18:37:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\blekko [2013.01.04 18:36:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Ad-Aware Antivirus [2013.01.04 18:35:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2013.01.04 18:34:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2 [2013.01.04 18:34:50 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013.01.04 18:34:44 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2 [2013.01.04 14:59:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Andrea\Recent [2013.01.03 16:46:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Malwarebytes [2013.01.03 16:46:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.03 16:46:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.03 16:46:30 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.03 16:46:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.03 16:35:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2013.01.03 16:35:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2013.01.03 16:35:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2013.01.03 16:23:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2013.01.03 16:23:47 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2013.01.02 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1ACC1A62A0173FD600001ACBFF9C457B [2012.12.10 22:55:15 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2012.12.09 14:43:12 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Andrea\eigene Dateien\Amazon MP3 [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.07 21:04:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andrea\Desktop\OTL.exe [2013.01.07 20:06:57 | 000,001,589 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk [2013.01.07 20:06:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat [2013.01.07 20:06:22 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.07 20:06:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.07 20:03:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.07 20:03:00 | 2097,045,504 | -HS- | M] () -- C:\hiberfil.sys [2013.01.05 20:25:50 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\MBR.dat [2013.01.05 19:45:13 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Andrea\Desktop\tdsskiller.exe [2013.01.05 19:43:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Andrea\Desktop\aswMBR.exe [2013.01.05 18:42:40 | 000,551,997 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\adwcleaner.exe [2013.01.04 23:04:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.04 23:00:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.01.04 22:35:00 | 005,019,583 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Andrea\Desktop\ComboFix.exe [2013.01.04 18:46:45 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job [2013.01.04 18:39:04 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013.01.04 18:39:04 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013.01.04 18:35:03 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.04 18:35:03 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.04 18:34:56 | 000,001,802 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.01.04 18:23:02 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:46:32 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.03 16:23:48 | 000,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.01.01 17:21:34 | 000,046,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.27 13:49:01 | 000,461,356 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.12.27 13:49:01 | 000,443,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.12.27 13:49:01 | 000,086,042 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.12.27 13:49:01 | 000,072,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.05 20:25:50 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\MBR.dat [2013.01.05 18:42:45 | 000,551,997 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\adwcleaner.exe [2013.01.04 23:00:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.01.04 23:00:13 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.04 22:48:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.04 22:48:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.04 22:48:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.04 22:48:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.04 22:48:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.04 18:46:45 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job [2013.01.04 18:39:34 | 000,001,589 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk [2013.01.04 18:35:03 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.04 18:35:02 | 000,000,612 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.04 18:35:02 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.04 18:34:56 | 000,001,808 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk [2013.01.04 18:34:56 | 000,001,802 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.01.04 18:23:02 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:46:32 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.03 16:23:48 | 000,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.09.02 20:19:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2012.06.16 11:18:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.22 18:26:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2009.06.05 12:45:55 | 000,046,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.30 14:55:41 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.05.30 14:55:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat ========== ZeroAccess Check ========== [2008.04.25 16:06:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.03.03 00:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.01.2013 22:08:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Andrea\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,95 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 63,44% Memory free 3,80 Gb Paging File | 3,15 Gb Available in Paging File | 82,92% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 25,26 Gb Total Space | 7,67 Gb Free Space | 30,35% Space Free | Partition Type: NTFS Drive D: | 49,09 Gb Total Space | 25,56 Gb Free Space | 52,08% Space Free | Partition Type: NTFS Drive E: | 7,27 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ANDREA-LAPI | User Name: Andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration "{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0 "{2484631E-A7B3-4847-ACBB-4D881E6E9D5A}" = Dell ControlPoint Connection Manager "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{62F29D1C-D526-40F4-B4D0-840F043C2CC1}" = Dell ControlPoint System Manager "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{86A8FD76-3268-4102-9674-7118881EC2C0}" = Wave Infrastructure Installer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch "{99E39418-A6C1-4D2B-AF9F-9152C93F03A9}" = Dell Control Point "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.1 - Deutsch "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "{DAC07FB2-2C63-44B2-8344-AB7542C936D2}" = DCP32MMWrapper "{DB58A549-42CA-4081-986A-633479DE413F}" = SO32MMWrapper "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) "adawaretb" = Ad-Aware Security Add-on "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte "CCleaner" = CCleaner "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OnlineControl_is1" = OnlineControl 1.2 "Torga_is1" = Torga "VLC media player" = VLC media player 0.9.9 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "XnView_is1" = XnView 1.96.1 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.01.2013 06:59:53 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 06.01.2013 07:00:45 | Computer Name = ANDREA-LAPI | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 06.01.2013 10:21:39 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 06.01.2013 10:21:41 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 06.01.2013 12:41:51 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 06.01.2013 12:41:53 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 06.01.2013 12:46:01 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 06.01.2013 12:46:03 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 07.01.2013 15:06:41 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 07.01.2013 15:06:44 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM [ System Events ] Error - 06.01.2013 12:45:57 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 06.01.2013 12:45:57 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 06.01.2013 12:46:00 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Skype Updater. Error - 07.01.2013 14:55:02 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 07.01.2013 14:55:02 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 07.01.2013 14:55:02 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Skype Updater. Error - 07.01.2013 15:03:10 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 07.01.2013 15:03:10 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 07.01.2013 15:03:10 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Skype Updater. Error - 07.01.2013 16:11:43 | Computer Name = ANDREA-LAPI | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. < End of report > |
07.01.2013, 22:38 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Progessiv ProtectionCode:
ATTFilter Windows XP Professional Edition Service Pack 3 Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ |
07.01.2013, 23:34 | #19 |
| System Progessiv Protection Huhu, ehrlich gesagt kenne ich mich da nicht so aus. Ist aber mein ganz normaler Pc für zu Hause bzw. Laptop. Aber hoffe mal dass es zum Betriebssystem gehört. Ich hab damals mir ein anderes Betriebsystem gekauft und draufspielen lassen, wollte kein Vista. Kann sein dass mir damals der Verkäufer dass dann so in die Hand gedrückt hat als ich gesagt habe ich mag XP haben. Sollte es nicht zum Betriebssystem gehören oder sich das mit meiner Antwort nicht erklärt, weiiß ja nicht ob ich richtig liege dann müsst ich erstmal bei dem nachfragen der den Laptop eingerichtet hat. |
08.01.2013, 19:33 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Progessiv Protection Bitte mal den aktuellen adwCleaner 2.105 runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
08.01.2013, 20:07 | #21 |
| System Progessiv ProtectionCode:
ATTFilter # AdwCleaner v2.105 - Datei am 08/01/2013 um 20:06:18 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Andrea - ANDREA-LAPI # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Andrea\Desktop\adwcleaner(2).exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [6839 octets] - [05/01/2013 18:43:35] AdwCleaner[R2].txt - [6899 octets] - [05/01/2013 19:46:17] AdwCleaner[R3].txt - [853 octets] - [08/01/2013 20:06:18] AdwCleaner[S1].txt - [6800 octets] - [05/01/2013 19:46:58] ########## EOF - C:\AdwCleaner[R3].txt - [972 octets] ########## |
08.01.2013, 20:37 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Progessiv Protection adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
08.01.2013, 21:12 | #23 |
| System Progessiv Protection adwcleaner Code:
ATTFilter # AdwCleaner v2.105 - Datei am 08/01/2013 um 20:57:05 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits) # Benutzer : Andrea - ANDREA-LAPI # Bootmodus : Normal # Ausgeführt unter : C:\Dokumente und Einstellungen\Andrea\Desktop\adwcleaner(2).exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Die Registrierungsdatenbank ist sauber. ************************* AdwCleaner[R1].txt - [6839 octets] - [05/01/2013 18:43:35] AdwCleaner[R2].txt - [6899 octets] - [05/01/2013 19:46:17] AdwCleaner[R3].txt - [1040 octets] - [08/01/2013 20:06:18] AdwCleaner[S1].txt - [6800 octets] - [05/01/2013 19:46:58] AdwCleaner[S2].txt - [975 octets] - [08/01/2013 20:57:05] ########## EOF - C:\AdwCleaner[S2].txt - [1034 octets] ########## Code:
ATTFilter OTL logfile created on: 08.01.2013 21:01:05 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Andrea\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,95 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 63,50% Memory free 3,80 Gb Paging File | 3,17 Gb Available in Paging File | 83,28% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 25,26 Gb Total Space | 8,12 Gb Free Space | 32,15% Space Free | Partition Type: NTFS Drive D: | 49,09 Gb Total Space | 25,56 Gb Free Space | 52,07% Space Free | Partition Type: NTFS Computer Name: ANDREA-LAPI | User Name: Andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Andrea\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\Programme\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) PRC - C:\Programme\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) PRC - C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) PRC - C:\Programme\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.) PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) PRC - C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) PRC - C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) PRC - C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) PRC - C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\d8ca3b9fefcda19eeecd55c239f504ba\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\31b7eef43a23e7c6e93594be583f3d08\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Programme\Ad-Aware Antivirus\Definitions\libMachoUniv.dll () MOD - C:\Programme\Ad-Aware Antivirus\Definitions\libBase64.dll () MOD - C:\Programme\Spybot - Search & Destroy 2\sqlite3.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\Status Lib\1.6.210.21640__f25c74fcad379103\Status Lib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\SecurityDeviceInfoSetReg\1.6.210.21658__3a60a70419922317\SecurityDeviceInfoSetReg.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\StatusInterfaces\1.6.210.21639__4ca2a925deedf37d\StatusInterfaces.dll () MOD - C:\WINDOWS\system32\preflib.dll () MOD - C:\WINDOWS\system32\bcm1xsup.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\WINDOWS\system32\Wavx_ESC_Logging.dll () MOD - C:\WINDOWS\system32\wxvault.dll () MOD - C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_DEU.dll () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Programme\Spybot File not found SRV - (SDUpdateService) -- C:\Programme\Spybot File not found SRV - (SDScannerService) -- C:\Programme\Spybot File not found SRV - (Ad-Aware Service) -- C:\Programme\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SBAMSvc) -- C:\Programme\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (TdmService) -- C:\Programme\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (SMManager) -- C:\Programme\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (dcpsysmgrsvc) -- C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (Credential Vault Host Control Service) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (Credential Vault Host Storage) -- C:\Programme\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (buttonsvc32) -- C:\Programme\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) SRV - (SecureStorageService) -- C:\Programme\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (tcsd_win32.exe) -- C:\Programme\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (ASFAgent) -- C:\Programme\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NvtSp50) -- System32\Drivers\NvtSp50.sys File not found DRV - (lbrtfdc) -- File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Andrea\LOKALE~1\Temp\catchme.sys File not found DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (PCASp50) -- C:\WINDOWS\system32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys () DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (IntcHdmiAddService) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation) DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (PBADRV) -- C:\WINDOWS\system32\drivers\PBADRV.sys (Dell Inc) DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (AsfAlrt) -- C:\WINDOWS\system32\drivers\Asfalrt.sys (Intel Corporation) DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USREL/8 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USREL/8 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=B7743A8EDB52FF064046EA50E7136F17 IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\..\SearchScopes\{6EC73D9D-E450-4FE6-BD9D-DA729DC7A72F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=B7743A8EDB52FF064046EA50E7136F17" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=B7743A8EDB52FF064046EA50E7136F17&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Programme\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.04 18:38:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.12.10 22:55:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.06.03 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Extensions [2011.06.03 21:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.04 18:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\la5lclb7.default\extensions [2013.01.04 18:37:55 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\la5lclb7.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2012.12.27 23:57:45 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\la5lclb7.default\extensions\2020Player_IKEA@2020Technologies.com [2013.01.04 18:37:59 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Mozilla\Firefox\Profiles\la5lclb7.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.10.30 20:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.30 20:47:13 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.04 23:04:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Programme\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ChangeTPMAuth] C:\Programme\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.) O4 - HKLM..\Run: [DellConnectionManager] C:\Programme\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) O4 - HKLM..\Run: [DellControlPoint] C:\Programme\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Programme\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SearchProtection] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Search Protection\_run.bat File not found O4 - HKLM..\Run: [SecureUpgrade] C:\Programme\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [USCService] C:\Programme\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [WavXMgr] C:\Programme\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) O4 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Dell ControlPoint System Manager.lnk = C:\Programme\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Andrea\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\tester\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348420611214 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 16:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.07 21:04:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andrea\Desktop\OTL.exe [2013.01.06 16:29:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.05 19:45:22 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Andrea\Desktop\tdsskiller.exe [2013.01.05 19:44:29 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Andrea\Desktop\aswMBR.exe [2013.01.04 23:00:13 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.04 22:58:51 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.04 22:48:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.04 22:48:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.04 22:48:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.04 22:48:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.04 22:40:37 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.04 22:40:34 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Andrea\Startmenü\Programme\Verwaltung [2013.01.04 22:40:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.04 22:35:28 | 005,019,583 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Andrea\Desktop\ComboFix.exe [2013.01.04 18:46:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Antivirus [2013.01.04 18:44:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\LavasoftStatistics [2013.01.04 18:39:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ad-Aware Antivirus [2013.01.04 18:39:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2013.01.04 18:39:28 | 000,000,000 | ---D | C] -- C:\Programme\Ad-Aware Antivirus [2013.01.04 18:39:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations [2013.01.04 18:39:05 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013.01.04 18:39:05 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013.01.04 18:38:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\adawarebp [2013.01.04 18:38:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ad-Aware Browsing Protection [2013.01.04 18:37:59 | 000,000,000 | ---D | C] -- C:\Programme\Toolbar Cleaner [2013.01.04 18:37:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\blekko [2013.01.04 18:36:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Ad-Aware Antivirus [2013.01.04 18:35:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2013.01.04 18:34:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2 [2013.01.04 18:34:50 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013.01.04 18:34:44 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy 2 [2013.01.04 14:59:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Andrea\Recent [2013.01.03 16:46:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andrea\Anwendungsdaten\Malwarebytes [2013.01.03 16:46:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.03 16:46:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.03 16:46:30 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.03 16:46:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.03 16:35:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2013.01.03 16:35:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2013.01.03 16:35:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2013.01.03 16:23:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2013.01.03 16:23:47 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2013.01.02 20:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1ACC1A62A0173FD600001ACBFF9C457B [2012.12.10 22:55:15 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.08 20:59:27 | 000,001,589 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk [2013.01.08 20:58:57 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat [2013.01.08 20:58:49 | 000,000,612 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.08 20:58:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.08 20:58:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.08 20:58:24 | 2097,045,504 | -HS- | M] () -- C:\hiberfil.sys [2013.01.08 20:04:59 | 000,554,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\adwcleaner(2).exe [2013.01.07 21:04:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andrea\Desktop\OTL.exe [2013.01.05 20:25:50 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\MBR.dat [2013.01.05 19:45:13 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Andrea\Desktop\tdsskiller.exe [2013.01.05 19:43:26 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Andrea\Desktop\aswMBR.exe [2013.01.04 23:04:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.04 23:00:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.01.04 22:35:00 | 005,019,583 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Andrea\Desktop\ComboFix.exe [2013.01.04 18:46:45 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job [2013.01.04 18:39:04 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe [2013.01.04 18:39:04 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys [2013.01.04 18:35:03 | 000,000,608 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.04 18:35:03 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.04 18:34:56 | 000,001,802 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.01.04 18:23:02 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:46:32 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.03 16:23:48 | 000,000,656 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2013.01.01 17:21:34 | 000,046,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.27 13:49:01 | 000,461,356 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.12.27 13:49:01 | 000,443,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.12.27 13:49:01 | 000,086,042 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.12.27 13:49:01 | 000,072,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.08 20:05:07 | 000,554,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\adwcleaner(2).exe [2013.01.05 20:25:50 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Desktop\MBR.dat [2013.01.04 23:00:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.01.04 23:00:13 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.04 22:48:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.04 22:48:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.04 22:48:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.04 22:48:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.04 22:48:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.04 18:46:45 | 000,001,082 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job [2013.01.04 18:39:34 | 000,001,589 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware Antivirus.lnk [2013.01.04 18:35:03 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.04 18:35:02 | 000,000,612 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.04 18:35:02 | 000,000,608 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.04 18:34:56 | 000,001,808 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk [2013.01.04 18:34:56 | 000,001,802 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk [2013.01.04 18:23:02 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.03 16:46:32 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.03 16:23:48 | 000,000,656 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk [2012.09.02 20:19:25 | 000,000,027 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2012.06.16 11:18:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.02.22 18:26:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2009.06.05 12:45:55 | 000,046,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.30 14:55:41 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.05.30 14:55:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Andrea\Lokale Einstellungen\Anwendungsdaten\WavXMapDrive.bat ========== ZeroAccess Check ========== [2008.04.25 16:06:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.03.03 00:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.01.2013 21:01:05 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Andrea\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,95 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 63,50% Memory free 3,80 Gb Paging File | 3,17 Gb Available in Paging File | 83,28% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 25,26 Gb Total Space | 8,12 Gb Free Space | 32,15% Space Free | Partition Type: NTFS Drive D: | 49,09 Gb Total Space | 25,56 Gb Free Space | 52,07% Space Free | Partition Type: NTFS Computer Name: ANDREA-LAPI | User Name: Andrea | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3610555739-839953634-1637864091-1006\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration "{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0 "{2484631E-A7B3-4847-ACBB-4D881E6E9D5A}" = Dell ControlPoint Connection Manager "{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager "{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{62F29D1C-D526-40F4-B4D0-840F043C2CC1}" = Dell ControlPoint System Manager "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{86A8FD76-3268-4102-9674-7118881EC2C0}" = Wave Infrastructure Installer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch "{99E39418-A6C1-4D2B-AF9F-9152C93F03A9}" = Dell Control Point "{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C875FEA-B49E-49F7-AE62-0F9B91F90982}" = SRS Premium Sound "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.1 - Deutsch "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack "{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "{DAC07FB2-2C63-44B2-8344-AB7542C936D2}" = DCP32MMWrapper "{DB58A549-42CA-4081-986A-633479DE413F}" = SO32MMWrapper "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows-Treiberpaket - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) "adawaretb" = Ad-Aware Security Add-on "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte "CCleaner" = CCleaner "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software "InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager "InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup "InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin "InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards "InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "OnlineControl_is1" = OnlineControl 1.2 "Torga_is1" = Torga "VLC media player" = VLC media player 0.9.9 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "XnView_is1" = XnView 1.96.1 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 06.01.2013 12:41:51 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 06.01.2013 12:41:53 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 06.01.2013 12:46:01 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 06.01.2013 12:46:03 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 07.01.2013 15:06:41 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 07.01.2013 15:06:44 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 08.01.2013 14:59:59 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 08.01.2013 15:00:01 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 08.01.2013 15:59:09 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM Error - 08.01.2013 15:59:10 | Computer Name = ANDREA-LAPI | Source = Wave TCG Client Services | ID = 123 Description = The NTRU TSS is not running, Wave Software is unable to communicate to TPM [ System Events ] Error - 07.01.2013 15:03:10 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 07.01.2013 15:03:10 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Skype Updater. Error - 07.01.2013 16:11:43 | Computer Name = ANDREA-LAPI | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 08.01.2013 14:57:45 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 08.01.2013 14:57:45 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 08.01.2013 14:57:45 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Skype Updater. Error - 08.01.2013 15:27:02 | Computer Name = ANDREA-LAPI | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 08.01.2013 15:58:36 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D 2 Security Center Service. Error - 08.01.2013 15:58:36 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 08.01.2013 15:58:36 | Computer Name = ANDREA-LAPI | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Skype Updater. < End of report > Was ich schon beim ersten OTL Extra scan nicht verstanden habe ist dass da Zeiten angegeben sind mit den Updates da war der Pc aus, wieso da dann das stattgefunden haben soll- |
08.01.2013, 21:19 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Progessiv Protection Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
09.01.2013, 20:24 | #25 |
| System Progessiv Protection malware bytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.09.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Andrea :: ANDREA-LAPI [Administrator] Schutz: Aktiviert 09.01.2013 18:21:39 mbam-log-2013-01-09 (18-21-39).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 254684 Laufzeit: 5 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) da hat das solange gescannt für soo wenig Text Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=2ccd180704c16a46b3fc5cdf895144af # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-09 07:16:26 # local_time=2013-01-09 08:16:26 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=77059 # found=0 # cleaned=0 # scan_time=5234 |
10.01.2013, 00:04 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Progessiv Protection Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
10.01.2013, 21:18 | #27 |
| System Progessiv Protection Hallo cosinus, nein andere Funde gab es nicht, habe grade auch nochmal Avira laufen lassen, die haben auch nichts gefunden Nur was mich halt verwirrt hat, hat ich ja schon geschrieben, dass Fehlermeldungen kamen für Updates als der PC aus war. Aber da du dazu nix gesagt hast denke ich mal, ist das normal Passwörter sollt ich zu Sicherheit noch ändern oder? Daher ein riesiges DANKESCHÖN für die tolle Hilfe |
10.01.2013, 21:43 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Progessiv Protection Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
10.01.2013, 22:54 | #29 |
| System Progessiv Protection Hallo Cosinus, hat alles bis auf ein paar Sachen geklappt. Programme hatte ich schon vorher ohne das OTL angefangen runterzulöschen. Combo Fix will erneut scannen, wenn ich dass so eingebe wie du es mir geschrieben hast. Keine Ahnung warum. Und der IE spinnt rum, installiert die Updates nicht bzw. das Secura findet welche die er nicht findet, und das was er findet mag er auch net installieren. Aber der zickt schon länger rum, zeigt auch keine Bilder mehr an. Gibts ne Möglichkeit den ganz runterzunehmen und neu zu installieren? Ach habs Java vergessen aber komme da irgendwie nicht weiter. Habe da ja total viele Systeme zu Auswahl, dass ich ein Xp habe weiß ich. Aber nicht welches von denen: Windows x86 Online Windows x86 Offline Windows x86 Windows x64 Windows x64 Vielleicht kannst du mir da auch noch weiterhelfen |
11.01.2013, 00:08 | #30 |
/// Winkelfunktion /// TB-Süch-Tiger™ | System Progessiv Protection Da du XP hast nimmst du am besten Windows x86 Offline Noch besser: du deinstalliert Java vollständig wirklich benötigen tut man es selten bis garnicht
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu System Progessiv Protection |
alles gelöscht, brauch, erste mal, forum, frage, gefunde, gelöscht, herrausfinden, hoffe, informationen, installier, malwarebytes, nicht sicher, progressiv, protection, spybot, system, sytem, tagen, troja, wirklich |