| |
| |||||||
Log-Analyse und Auswertung: Trojaner eingefangen - Logfiles beigefügtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.01.2013, 15:10
| #1 |
| |  Trojaner eingefangen - Logfiles beigefügt Ok, ich habe leider nicht viel Ahnung von dem Thema, aber ich versuche mein Problem möglichst verständlich und ausführlich zu beschreiben, in der Hoffnung, das mir jemand weiterhelfen kann. Ich hatte mir diverse Trojaner/Viren eingefangen, welche ich bis auf 2 mit Malwarebytes entfernen konnte. Die Beiden werden zwar von Malwarebytes erkannt, aber nach dem löschen und dem Neustart sind sie wieder da. Unter anderem scheinen Sie die Passwörter meines FTP Programms auszulesen, um irgendwelchen Code auf Index-Seiten einzutragen (habe ich gestern direkt gelöscht und leider nicht gespeichert). Nach dem Neustart erscheint folgende Meldung: Die in der Registrierung angegebene Anwendung "C:\Users\***\LOCALS~1\Temp\msvdfu.cmd" konnte nicht geladen oder gestartet werden. Stellen Sie sicher, das die Datei vorhanden ist, oder entfernen Sie den Eintrag mit Bezug auf diese Datei aus der Registrierung. Hier die Daten von Malwarebytes: alwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.15.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] 15.01.2013 14:06:58 mbam-log-2013-01-15 (14-06-58).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225329 Laufzeit: 6 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\***\LOCALS~1\Temp\msvdfu.cmd -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\***\LOCALS~1\Temp\msvdfu.cmd -> Löschen bei Neustart. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hier OTL: Code:
ATTFilter OTL logfile created on: 15.01.2013 10:10:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,42% Memory free 6,72 Gb Paging File | 5,40 Gb Available in Paging File | 80,43% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 30,94 Gb Free Space | 31,68% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.15 10:10:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.01.11 08:54:23 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.12.29 00:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.20 14:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.08.08 09:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.12.03 19:18:12 | 008,133,120 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe PRC - [2010.11.22 19:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe PRC - [2009.09.06 19:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009.08.15 22:45:37 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.01.19 18:14:44 | 000,186,664 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe PRC - [2009.01.19 18:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe PRC - [2008.08.19 01:01:52 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe PRC - [2008.06.12 03:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2007.07.12 19:59:00 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vspc1000.exe PRC - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 08:54:22 | 003,021,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2011.09.07 20:29:49 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll ========== Services (SafeList) ========== SRV - [2013.01.11 08:54:22 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.20 14:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.12.03 19:18:12 | 008,133,120 | ---- | M] () [Auto | Start_Pending] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2010.11.22 19:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc) SRV - [2010.10.18 01:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2010.02.19 18:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.11.03 01:52:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.09.06 19:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.01.19 18:13:44 | 002,789,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe -- (StarWindService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WPN111v.sys -- (WPN111) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.10.13 19:27:04 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2012.10.13 19:26:38 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011.12.19 11:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips) DRV - [2011.11.29 05:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs) DRV - [2011.10.26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE) DRV - [2009.11.12 19:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.08.15 22:51:29 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vaxscsi.sys -- (vaxscsi) DRV - [2009.08.15 20:55:11 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009.08.15 20:55:01 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2009.08.15 20:54:37 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi) DRV - [2008.10.06 17:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008.08.19 03:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2008.08.19 03:58:42 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008.08.18 21:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008.05.06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM) DRV - [2007.12.04 13:30:00 | 003,033,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spc1000.sys -- (SPC1000) DRV - [2007.07.12 19:58:00 | 000,088,320 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr) DRV - [2007.06.26 15:45:12 | 000,286,208 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WMP54Gv41x86.sys -- (rt61x86) DRV - [2007.02.16 17:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007.02.15 22:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2006.11.16 20:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50) DRV - [2006.11.16 20:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50) DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=E8D5DCAECCEE95B44F67D8508180C01A&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7 FF - prefs.js..extensions.enabledAddons: %7Bc151d79e-e61b-4a90-a887-5a46d38fba99%7D:2.8 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {c151d79e-e61b-4a90-a887-5a46d38fba99}:2.6.1 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@research.microsoft.com/HDView: C:\Program Files\Microsoft Research\HD View\nphdview.dll (Microsoft Research) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 08:54:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.11 08:54:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.16 11:44:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\***\AppData\Roaming\Move Networks [2010.02.01 00:12:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2C670716-5FE7-416B-9E89-95EC33416BAE}: C:\Users\***\AppData\Local\{2C670716-5FE7-416B-9E89-95EC33416BAE} [2011.05.16 04:05:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.11 08:54:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.11 08:54:17 | 000,000,000 | ---D | M] [2010.03.08 23:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.08 23:20:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.01.07 08:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nb699ykk.default\extensions [2012.09.02 16:02:12 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\nb699ykk.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.07.13 08:58:10 | 000,111,899 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\nb699ykk.default\extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99}.xpi [2013.01.11 08:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009.08.17 15:06:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.01.11 08:54:23 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.19 17:33:05 | 000,000,616 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: HD View (Enabled) = C:\Program Files\Microsoft Research\HD View\nphdview.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\***\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files\Ad-Aware Antivirus\SBRC.exe (GFI Software) O4 - HKLM..\Run: [spc1000] C:\Windows\vspc1000.exe (Sonix) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [EPSON SX130 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHJE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) F3 - HKCU WinNT: Load - (C:\Users\***\LOCALS~1\Temp\msvdfu.cmd) - File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9AF4B3C-13C2-4F9E-803C-590226BCD0B7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB4E2066-E779-4C57-B301-0B4B138A03FB}: DhcpNameServer = 10.4.101.1 10.4.102.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5edbab20-89e5-11de-a301-0022684b4348}\Shell - "" = AutoRun O33 - MountPoints2\{5edbab20-89e5-11de-a301-0022684b4348}\Shell\AutoRun\command - "" = E:\Autoplay.exe -auto O33 - MountPoints2\{d15dd9d5-8ff7-11de-a0a7-0022684b4348}\Shell - "" = AutoRun O33 - MountPoints2\{d15dd9d5-8ff7-11de-a0a7-0022684b4348}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.15 10:11:08 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\trojanerboard [2013.01.15 10:10:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.14 20:42:44 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\thai massage [2013.01.14 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\flyer [2013.01.11 08:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.07 09:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.01.07 09:46:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe [2013.01.05 09:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox ========== Files - Modified Within 30 Days ========== [2013.01.15 10:10:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.15 10:10:14 | 000,626,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.15 10:10:14 | 000,604,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.15 10:10:14 | 000,126,124 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.15 10:10:14 | 000,104,184 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.15 10:08:02 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.01.15 10:06:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.15 10:04:06 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 10:04:05 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 10:04:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.15 10:04:01 | 3488,759,808 | -HS- | M] () -- C:\hiberfil.sys [2013.01.15 10:02:48 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.15 10:01:42 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.15 09:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.14 20:07:16 | 002,470,307 | ---- | M] () -- C:\Users\***\Desktop\Jen_Titus_-_Oh_Death_-_Supernatural.mp3 [2013.01.14 20:06:07 | 000,020,201 | ---- | M] () -- C:\Users\***\Desktop\urlaub_2012.odt [2013.01.14 07:43:58 | 000,002,001 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013.01.12 18:14:18 | 001,945,698 | ---- | M] () -- C:\Users\***\Desktop\ProfessorChaos14.jpg [2013.01.10 10:58:23 | 002,818,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.08 21:05:21 | 000,001,456 | ---- | M] () -- C:\Users\***\AppData\Local\Adobe Save for Web 12.0 Prefs [2013.01.07 09:46:43 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe [2013.01.07 09:46:17 | 000,551,997 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.06 11:07:58 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.05 19:31:15 | 000,009,612 | ---- | M] () -- C:\Users\***\Desktop\Seitenabbild.png [2013.01.04 11:52:02 | 000,020,287 | ---- | M] () -- C:\Users\***\UStVA2012_4tes_Quartal_***.elfo [2013.01.03 10:11:22 | 000,000,957 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.03 10:11:17 | 000,000,925 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk [2012.12.20 11:44:14 | 000,016,384 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.19 10:22:47 | 000,132,773 | ---- | M] () -- C:\Users\***\Desktop\Rechnung_2012_11_15442526000751.pdf [2012.12.18 11:23:16 | 000,022,513 | ---- | M] () -- C:\Users\***\Desktop\kuepper.odt ========== Files Created - No Company Name ========== [2013.01.15 10:02:35 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.15 10:01:42 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.14 20:06:58 | 002,470,307 | ---- | C] () -- C:\Users\***\Desktop\Jen_Titus_-_Oh_Death_-_Supernatural.mp3 [2013.01.12 18:14:17 | 001,945,698 | ---- | C] () -- C:\Users\***\Desktop\ProfessorChaos14.jpg [2013.01.07 09:46:16 | 000,551,997 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.05 19:31:14 | 000,009,612 | ---- | C] () -- C:\Users\***\Desktop\Seitenabbild.png [2013.01.04 11:51:25 | 000,020,287 | ---- | C] () -- C:\Users\***\UStVA2012_4tes_Quartal_***.elfo [2013.01.03 18:20:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.12.19 10:22:46 | 000,132,773 | ---- | C] () -- C:\Users\***\Desktop\Rechnung_2012_11_15442526000751.pdf [2012.12.17 19:59:23 | 000,022,513 | ---- | C] () -- C:\Users\***\Desktop\kuepper.odt [2012.12.11 11:21:22 | 000,003,745 | ---- | C] () -- C:\Users\***\UStVA2012_IV._Quartal_***.elfo [2012.10.13 19:27:04 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2012.10.13 19:26:38 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2012.09.30 15:03:28 | 000,020,295 | ---- | C] () -- C:\Users\***\UStVA2012_III._Quartal_***.elfo [2012.06.14 16:18:32 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.05.06 16:06:20 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.04.30 08:09:37 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2012.04.30 08:08:18 | 000,002,856 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.03.27 07:30:00 | 000,266,153 | ---- | C] () -- C:\Users\***\AppData\Local\census.cache [2012.03.27 07:29:47 | 000,184,266 | ---- | C] () -- C:\Users\***\AppData\Local\ars.cache [2012.03.27 07:21:06 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2012.01.15 13:53:42 | 000,020,038 | ---- | C] () -- C:\Users\***\UStVA2012_***.elfo [2011.09.04 17:47:25 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Save for Web 12.0 Prefs [2011.06.12 19:28:02 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.06.12 19:28:02 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.05.16 04:05:03 | 000,000,120 | ---- | C] () -- C:\Users\***\AppData\Local\Ilomes.dat [2011.05.16 04:05:03 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\Cjuqeb.bin [2009.10.31 16:56:10 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.09.12 15:35:06 | 000,016,384 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.16 03:31:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.15 19:43:41 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2012.12.18 10:55:24 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$2830d4dd27ddbc2a001e35b0fbf7f563\@ [2012.10.29 17:55:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$2830d4dd27ddbc2a001e35b0fbf7f563\L [2013.01.06 13:11:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$2830d4dd27ddbc2a001e35b0fbf7f563\U [2006.11.02 13:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.06 11:36:14 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\6A13CA [2012.10.23 16:14:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2010.02.28 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2011.12.22 16:13:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Astute Graphics [2012.01.07 16:47:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AZURO office [2012.02.03 11:34:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2012.02.03 14:19:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH [2012.05.06 16:09:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CAD-KAS [2010.08.22 13:24:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2011.09.12 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.29 23:12:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.dmp.contentviewer [2012.06.29 09:00:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2012.06.04 20:31:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.aspexsoftware.Silhouette_Studio [2011.02.11 20:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.livebrush.EE0F52D0CFF1BA56197782BD0A4CB41E0C348310.1 [2013.01.15 10:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.01.15 13:51:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2011.11.28 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2012.04.30 08:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2009.10.04 01:48:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\My Games [2009.10.01 00:41:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2009.10.31 16:56:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2012.05.06 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RGS Envelope [2011.04.18 20:55:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT [2009.10.12 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ruff-FTP [2011.12.01 21:54:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.01.16 17:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.03.08 23:20:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom ========== Purity Check ========== < End of report > Hier OTL Extras Code:
ATTFilter OTL Extras logfile created on: 15.01.2013 10:10:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 57,42% Memory free
6,72 Gb Paging File | 5,40 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 30,94 Gb Free Space | 31,68% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{059CF2AE-188F-45D3-8231-B79A131AC8C2}" = Philips SPC1000NC Webcam
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1" = Mein Büro
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}" = Adobe Creative Suite 4 Web Premium
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter Driver - WMP54Gv4.1
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{548B75EC-90CB-40DB-A198-FE7D43D72506}" = Phantasm CS for Adobe Illustrator CS3/CS4/CS5
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C161645-724C-4CD9-972F-7F6C36C1AABE}" = DesignPro Flaschen-Etiketten
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{60E59A6C-7399-495A-B85C-C829F4E59602}" = Adobe Creative Suite 5.5 Design Premium
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6a4b0a4f-58d0-430c-becc-aa50733cd761}" = Ad-Aware Antivirus
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72CF705C-0BD0-4B7F-4F1D-7E2BE86D7440}" = Livebrush Lite
"{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}" = Adobe Setup
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0A9496F-93C8-4258-AD51-1CEAA7DF81D7}" = Silhouette Studio
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B174218F-22EA-45F4-B745-1EAF2F8C3722}" = Xara Xtreme 5
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4DF2CED4A3F0255B2228A629BC8B64D5D47A37C4" = Windows Driver Package - Philips (SPC1000) Image (07/06/2007 5.8.8.028)
"AB076FF359D7ED09338BED944754FA8949B67836" = Windows Driver Package - Philips CE (phaudlwr) MEDIA (06/19/2007 1.0.0.7)
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4db064343401efd6449f33f8411c14b" = Adobe Creative Suite 4 Web Premium
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"BookSmart® 3.4.0 3.4.0" = BookSmart® 3.4.0 3.4.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"com.livebrush.EE0F52D0CFF1BA56197782BD0A4CB41E0C348310.1" = Livebrush Lite
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular 13.0.0.8086u" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"EPSON SX130 Series" = EPSON SX130 Series Printer Uninstall
"Google Chrome" = Google Chrome
"InstallShield_{5C161645-724C-4CD9-972F-7F6C36C1AABE}" = DesignPro Flaschen-Etiketten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Pen Tablet
"Ruff-FTP_is1" = Ruff-Tech
"Shop for HP Supplies" = Shop for HP Supplies
"TomTom HOME" = TomTom HOME 2.8.2.2264
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Media Player" = Move Media Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.01.2013 02:42:16 | Computer Name = *** | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
find the path specified. .
Error - 14.01.2013 02:43:56 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 14.01.2013 07:49:29 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Acrobat.exe, Version 9.0.0.332, Zeitstempel
0x4850eb76, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000041, Prozess-ID 0x990, Anwendungsstartzeit
01cdf24d00b62dab.
Error - 14.01.2013 10:44:49 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Pen_Tablet.exe, Version 5.1.1.1, Zeitstempel
0x4974d0d8, fehlerhaftes Modul Pen_Tablet.exe, Version 5.1.1.1, Zeitstempel 0x4974d0d8,
Ausnahmecode 0xc0000005, Fehleroffset 0x001aa334, Prozess-ID 0xdd4, Anwendungsstartzeit
01cdf222607f98fb.
Error - 14.01.2013 16:56:06 | Computer Name = *** | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
find the path specified. .
Error - 14.01.2013 16:57:46 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 15.01.2013 02:08:46 | Computer Name = *** | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
find the path specified. .
Error - 15.01.2013 02:10:26 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 15.01.2013 05:04:04 | Computer Name = *** | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not open configuration file C:/xampp/apache/conf/httpd.conf: The system cannot
find the path specified. .
Error - 15.01.2013 05:05:45 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 15.01.2013 02:10:26 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description =
Error - 15.01.2013 02:11:29 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 15.01.2013 05:02:56 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 15.01.2013 05:05:45 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description =
Error - 15.01.2013 05:05:45 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description =
Error - 15.01.2013 05:05:45 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description =
Error - 15.01.2013 05:05:45 | Computer Name = *** | Source = Service Control Manager | ID = 7003
Description =
Error - 15.01.2013 05:05:45 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description =
Error - 15.01.2013 05:05:45 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description =
Error - 15.01.2013 05:06:53 | Computer Name = *** | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
< End of report >
Defogger hat nichts gefunden. Gmer habe ich gestoppt, nachdem es nach ungefähr 4 Stunden immernoch nicht durch war. Falls es benötigt wird, lasse ich es später noch einmal durchlaufen. Ich hoffe, das mir jemand weiterhelfen kann.  |
| Themen zu Trojaner eingefangen - Logfiles beigefügt |
| 32 bit, ad-aware, adobe, antivirus, audiograbber, autorun, cdburnerxp, cs4/contributeieplugin.dll, entfernen, error, firefox, flash player, format, home, hängen, install.exe, mozilla, nvidia update, photoshop, plug-in, problem, pum.userwload, realtek, recycle.bin, registry, rundll, security, software, super, trojan.ransom, trojan.siredef.c, trojaner, vista, visual studio |
Baum-Darstellung