| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner legt Computer lahmWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.03.2013, 16:48
| #23 |
 |  GVU Trojaner legt Computer lahm wollte Platz sparen... ADW: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 10/03/2013 um 14:50:35 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : User - COMPUTER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SearchAnonymizer
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Ocs_SM]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (en-US)
*************************
AdwCleaner[S1].txt - [22170 octets] - [24/02/2013 10:44:25]
AdwCleaner[S2].txt - [1122 octets] - [10/03/2013 14:50:35]
########## EOF - C:\AdwCleaner[S2].txt - [1182 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.9 (03.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by User on 10.03.2013 at 14:58:10,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\User\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\vshare"
~~~ FireFox
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\user.js
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\extensions\software@loadtubes.com
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\prefs.js
user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1359407815320");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cargo", "3.1010000.10009");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
user_pref("sweetim.toolbar.cda.returnValue", "hide");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "false");
user_pref("sweetim.toolbar.newtab.enable", "true");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.2.callback", "");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.version", "1.9.0.0");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.03.2013 at 15:04:48,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter OTL logfile created on: 10.03.2013 15:10:06 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 72,76% Memory free 6,49 Gb Paging File | 5,45 Gb Available in Paging File | 83,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,50 Gb Total Space | 12,35 Gb Free Space | 21,11% Space Free | Partition Type: NTFS Drive D: | 407,17 Gb Total Space | 377,10 Gb Free Space | 92,62% Space Free | Partition Type: NTFS Computer Name: COMPUTER | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Programme\Comodo\COMODO Internet Security\cis.exe (COMODO) PRC - C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO) PRC - C:\Programme\Comodo\COMODO Internet Security\cavwp.exe (COMODO) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\XSrvSetup.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl () ========== Services (SafeList) ========== SRV - (SDWSCService) -- C:\Program Files\Spybot File not found SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found SRV - (SDScannerService) -- C:\Program Files\Spybot File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (cmdAgent) -- C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (cmdvirth) -- C:\Programme\Comodo\COMODO Internet Security\cmdvirth.exe (COMODO) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (AppleChargerSrv) -- C:\Windows\System32\AppleChargerSrv.exe () SRV - (JMB36X) -- C:\Windows\System32\XSrvSetup.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO) DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO) DRV - (amd_sata) -- C:\Windows\System32\drivers\amd_sata.sys (Advanced Micro Devices) DRV - (amd_xata) -- C:\Windows\System32\drivers\amd_xata.sys (Advanced Micro Devices) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (AppleCharger) -- C:\Windows\System32\drivers\AppleCharger.sys () DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\User\Desktop IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.stimme.de/ IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{8C3FFAEA-8D30-45DC-8130-ACCC3EAFE8C5}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{A41F9BD5-8099-4C95-A6BD-5F29BC9EDE9E}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{BBC2C47B-A90A-49A1-B872-03D9EF581AAA}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{C241842D-C18B-4927-962C-6E030D14110B}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{D1969390-1B2E-4274-8C03-3CA34A894085}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\..\SearchScopes\{F0A98150-2135-4DCF-AEA5-9C15D5E26FD6}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=1d34d434-b538-4954-8725-2e21a19c401b&pid=winsoftware&mode=bounce&k=0 IE - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.stimme.de/" FF - prefs.js..extensions.enabledAddons: software%40loadtubes.com:1.01 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: support%40Senseless.TV:1 FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.17 22:11:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.28 22:17:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.24 10:44:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.20 17:30:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.28 22:17:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.24 10:44:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.02.20 17:30:05 | 000,000,000 | ---D | M] [2010.11.01 13:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2010.11.01 13:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.03.10 15:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wpp3pji7.default\extensions [2012.12.01 16:40:59 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.21 19:52:42 | 000,001,871 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\searchplugins\{0E75C47B-1374-4000-8965-C1A99EF65FD0}.xml [2012.08.21 19:52:42 | 000,002,078 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\searchplugins\{723EF4DB-8719-4008-9E5B-7A27490C5D9E}.xml [2012.08.21 19:52:42 | 000,002,189 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\wpp3pji7.default\searchplugins\{F4A52853-1EC9-45AB-8991-50458EB81AD9}.xml [2013.01.28 22:17:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.17 22:11:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPP3PJI7.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WPP3PJI7.DEFAULT\EXTENSIONS\SOFTWARE@LOADTUBES.COM [2012.12.28 21:36:51 | 000,000,000 | ---D | M] (SenselessTV Video Plugin) -- C:\USERS\USER\APPDATA\ROAMING\SENSELESSTV\FFEXTENSION [2013.01.28 22:17:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.26 22:16:29 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.26 22:16:29 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013.02.07 21:31:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (SDHelper) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000..\Run: [COMODO Internet Security] C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO) O4 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3015292610-3859147213-2815788766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control) O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://notes.kwpartner.de/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://notes.kwpartner.de/dwa85W.cab (IBM Lotus iNotes 8.5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00BEA70F-AE5F-4DA7-91FA-4496FE787B40}: NameServer = 156.154.70.25,156.154.71.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C2FB04-7377-47A5-B748-F817A1EEE1F3}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C2FB04-7377-47A5-B748-F817A1EEE1F3}: NameServer = 8.26.56.26,156.154.70.22 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.10 15:07:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.10 14:58:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.10 14:58:01 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.09 21:31:21 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.09 21:31:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.09 21:31:12 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.09 21:31:12 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.09 21:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.09 21:02:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype [2013.03.09 11:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.07 22:42:40 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV [2013.02.26 22:31:41 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.26 22:31:40 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.26 22:31:39 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.26 22:31:39 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.26 22:31:39 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.26 22:31:39 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.26 22:31:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.26 22:31:39 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.26 22:31:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.26 22:31:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.26 22:31:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.26 22:31:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.26 22:31:39 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.26 22:31:38 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.26 22:31:38 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.26 22:31:38 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.26 22:31:38 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.26 22:31:38 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.26 22:31:38 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.26 22:31:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.26 22:31:38 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.26 22:31:38 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.26 22:31:38 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.26 22:31:38 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.26 22:31:37 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.02.20 17:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.02.14 18:22:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.14 18:22:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.14 18:22:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.14 18:22:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.14 18:22:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.14 18:22:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.14 18:22:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.14 18:22:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.14 18:20:02 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.14 18:20:02 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.14 18:19:59 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.14 18:19:59 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.14 18:19:59 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll ========== Files - Modified Within 30 Days ========== [2013.03.10 15:07:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.10 15:06:03 | 000,001,869 | ---- | M] () -- C:\Users\User\Desktop\JRT.zip [2013.03.10 15:05:35 | 000,001,810 | ---- | M] () -- C:\Users\User\Desktop\JRT.7z [2013.03.10 14:58:41 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.10 14:58:41 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.10 14:58:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.10 14:56:26 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.10 14:56:26 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.10 14:56:26 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.10 14:56:26 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.10 14:54:01 | 000,000,758 | ---- | M] () -- C:\Users\User\Desktop\AdwCleaner[S2].zip [2013.03.10 14:51:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.10 14:51:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.10 14:49:01 | 001,163,024 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat [2013.03.10 14:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.09 21:31:09 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.03.09 21:31:09 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.09 21:31:09 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.03.09 21:31:09 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.03.09 21:31:09 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.03.09 21:31:09 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.03.07 22:44:01 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.07 22:44:01 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.24 17:32:47 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.02.14 22:22:56 | 000,298,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.10 15:06:03 | 000,001,869 | ---- | C] () -- C:\Users\User\Desktop\JRT.zip [2013.03.10 15:05:35 | 000,001,810 | ---- | C] () -- C:\Users\User\Desktop\JRT.7z [2013.03.10 14:54:01 | 000,000,758 | ---- | C] () -- C:\Users\User\Desktop\AdwCleaner[S2].zip [2013.02.06 22:08:58 | 000,087,310 | ---- | C] () -- C:\Windows\System32\drivers\fvstore.dat [2013.02.06 16:18:01 | 001,163,024 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat [2013.02.03 16:50:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.03 16:50:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.03 16:50:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.03 16:50:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.03 16:50:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.03.20 18:33:53 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012.03.20 18:32:42 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.03.20 18:32:42 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.03.20 18:32:41 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.03.20 18:32:41 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.12.14 21:14:40 | 000,001,283 | ---- | C] () -- C:\Windows\System32\.ini [2010.11.06 22:16:45 | 000,011,264 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.01 11:41:33 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\OpenOffice.org [2012.09.29 13:42:04 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\Thunderbird [2012.09.29 14:47:27 | 000,000,000 | ---D | M] -- C:\Users\Sabine\AppData\Roaming\TuneUp Software [2012.09.16 10:48:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Abelssoft [2012.12.04 19:12:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited [2012.10.24 20:42:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CCS64 [2012.07.19 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DesktopIconForAmazon [2011.03.13 13:07:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EurekaLog [2011.04.03 12:36:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Imaxel [2012.08.21 19:52:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OCS [2010.11.03 22:29:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2012.08.21 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera [2011.04.24 19:30:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RavensburgerTipToi [2011.03.10 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\S.A.D [2012.12.28 21:36:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SenselessTV [2010.11.01 13:58:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird [2013.01.02 22:15:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2011.10.03 11:36:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Uniblue [2013.02.06 16:02:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateStar [2011.06.09 21:47:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateStar Drivers ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C64BF02A < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.03.2013 15:10:06 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 72,76% Memory free
6,49 Gb Paging File | 5,45 Gb Available in Paging File | 83,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 12,35 Gb Free Space | 21,11% Space Free | Partition Type: NTFS
Drive D: | 407,17 Gb Total Space | 377,10 Gb Free Space | 92,62% Space Free | Partition Type: NTFS
Computer Name: COMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17111942-A063-4B03-AD04-FBEC26BEDBC9}" = lport=137 | protocol=17 | dir=in | app=system |
"{31D20A24-EB68-4F71-93BF-3ABE90A561C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{320DE523-6022-4430-BD81-99DCEB83A895}" = rport=138 | protocol=17 | dir=out | app=system |
"{3CAFDFF2-DB3A-41B8-9159-998F6032B195}" = rport=139 | protocol=6 | dir=out | app=system |
"{41468095-B45A-4906-A68E-C098C8EF6A68}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4B761C16-22C5-4089-83B6-3CA5B13C3054}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{611F9E8C-E6F4-48AA-BE97-3DE12ED03170}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{683BF683-0B42-4BAF-A451-70A4F43E6A05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{813760A9-D95B-4D0B-A25F-9631B6C207D5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{84506418-3A2D-4B13-A49D-4A1CA47399D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{893B6457-3319-4971-A6E5-00D039C5673A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93C9B23A-6E16-4792-B95C-F3A10C1F40B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{A5718403-BA77-4863-B0F1-F2ABA7827066}" = rport=445 | protocol=6 | dir=out | app=system |
"{AAF923C8-C21F-45F6-822E-E74BDF45D14E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE59FC35-19B3-41F2-8A1C-702C5D94E3E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{B1333986-3CB6-4A76-A346-C6DE5E151306}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1891205-019D-4BCD-8C22-47B019AD35C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE4B2538-6774-41BC-B9B0-738B20EC7151}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBD18EE9-1552-4813-80D6-9FF69C8BA00C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F74B0554-BEBD-4038-BBE8-6C8E0CC52E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F9375A1A-4113-4CEE-A216-D40A52DC0FF7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC47DFCE-FFD3-4C02-BAAE-171551118366}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FCF6E518-6473-4C76-A0E1-A345111BE475}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06BA630E-E744-465F-8793-0C0DD3527D9C}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{0D9701C4-DE26-42DB-A5D5-06926F5DDBCF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{119413BB-D4C1-472A-8C86-1EF63FA19C48}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{32131827-636A-4934-A397-AFFC06B0BF31}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{38D341B8-C3DC-46FD-A3B2-264455E9BF5A}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{408779A4-36F6-4D67-AFD3-1369BA309675}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48A2C4EE-87B4-4B28-8494-87CE5FCBF58B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{57E5B0DC-5ECA-417A-85B0-9644DD364D89}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{58E47989-33E0-477E-90FC-8136C870565B}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{5F64D70C-9C82-46B6-B437-91777091A8CA}" = protocol=6 | dir=out | app=system |
"{6F4F0945-E9F2-4BA7-917D-85D03B5CF133}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6FC3D579-670B-4637-B78C-CCEA77EDAC4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72901C4B-743D-4C12-8444-DB88A4421BCB}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{7E2BD0CF-DE9E-4810-99B5-0431A3058F99}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{921B875F-AD10-44B7-AE85-7A36A619A285}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{96863968-B227-4B69-8CE6-DF142A8385CF}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{AD61645F-C9F7-4AEC-9384-C54F06B82795}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{B1297F70-0CA4-45CE-8BD8-02D97A553847}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B12D7FE8-55F2-418F-AA70-055593B8A653}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B31ACCC5-DB96-4C20-93F1-F09E5C935F1A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4E56A12-E0CC-4AC2-B845-947BCFF47DAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA366400-BE09-4E5D-B5A0-43E6622A2F75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB56A034-F993-4D76-8703-B56F51764492}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D84176CD-E33D-46C3-8A53-A4CDEF934884}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D94DB7A9-29E9-4D34-BF8D-2E60C58D87ED}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{E48BF1DF-4247-494C-9C73-9E9CCCE961ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EA54189D-034B-4429-BE55-38B7E29B7FB1}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{EA62426E-9743-47CA-85D7-AC5458020FF0}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{EF8F4A7B-566C-4272-95EC-D5621BE87492}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{F3A7A8B0-0048-47EE-AE46-FDCF552E546C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F97008F9-6F34-401F-B84D-2A6249B347F2}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{FD465F26-3BCF-464F-8669-02526BA473D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2654-4377-8F53-55F4-83B70EE44C73}" = CCC Help Dutch
"{01DD9D3D-FA8A-E148-008D-5CDF1BE8911F}" = CCC Help Korean
"{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static
"{072224C5-0C98-0902-9A71-89D4A8F3E810}" = CCC Help Thai
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27C6CB2E-415B-6020-91FC-BA5CE3B912AC}" = CCC Help Russian
"{2889745F-A0E3-4C73-8318-B6C408B96E83}}_is1" = FOTOParadies
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista
"{48D5DBBA-7B60-B832-59DB-BE252C2E5A23}" = CCC Help Finnish
"{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{53AFCE35-1653-91F4-8991-900731F32111}" = CCC Help Norwegian
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{568EF3B9-C672-E82A-BCD4-A88072578521}" = CCC Help Swedish
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{654733F2-22EC-776F-9C2D-CF3C4F578768}" = CCC Help Danish
"{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek
"{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All
"{6F235FE4-8EC6-3FAB-1739-A434BFE76E27}" = CCC Help Chinese Standard
"{7DCB635C-D999-9496-A6D1-AAABD23A04FD}" = ATI AVIVO Codecs
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80827F8B-CBF5-FBF9-B91B-8DC58737A040}" = AMD Drag and Drop Transcoding
"{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EEA437C-F436-755C-6B39-1840A33F45CF}" = Catalyst Control Center InstallProxy
"{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German
"{A317EF8E-66FB-94B6-C4FA-96A0AED1AB2F}" = CCC Help Chinese Traditional
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B2AF5585-FACF-7760-5C68-F2DC6BBACE47}" = CCC Help Czech
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7B5A370-3DFF-4F0E-AE11-FD267C4938AA}" = CCS64 V3.9
"{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English
"{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
"{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian
"{D5134D14-A38D-A217-4310-5C8B6DFA08D0}" = HydraVision
"{D79E2563-3FDD-0A62-187A-5BE5F920F317}" = CCC Help Turkish
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F768C380-A17C-B2DE-77CC-AB35434BE818}" = ccc-utility
"{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French
"{FBD77AF9-B6DA-7383-14D8-FDC7CEBD2ADC}" = ATI Catalyst Install Manager
"{FFB4E67D-DEF9-30BC-39F6-E9C1B05539F9}" = CCC Help Japanese
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVI Media Player_is1" = AVI Media Player 1.0
"BearShare" = BearShare
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CyberGhost VPN_is1" = CyberGhost VPN Patch 4.7.19
"DivX Setup" = DivX-Setup
"dm Digi Foto" = dm Digi Foto
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Ravensburger tiptoi" = Ravensburger tiptoi
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== Last 20 Event Log Errors ==========
[ Spybot - Search and Destroy Events ]
Error - 30.11.2012 15:59:22 | Computer Name = Computer | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 11.01.2013 17:39:58 | Computer Name = Computer | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 12.01.2013 05:30:22 | Computer Name = Computer | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 03.02.2013 14:52:50 | Computer Name = Computer | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
< End of report >
|
| Themen zu GVU Trojaner legt Computer lahm |
| abend, adware/pornpop.a.12, adware/pornpop.a.17, benutzer, bereits, compu, computer, computer lahm, gvu trojaner, hallo zusammen, heute, js/jehblock.a, kaspersky, lahm, nichts, pc läuft, troja, trojaner, zusammen |
Baum-Darstellung