|
Plagegeister aller Art und deren Bekämpfung: http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
02.02.2013, 18:05 | #16 |
/// TB-Ausbilder | http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, erst auf "Wiederholen". Sollte das nicht helfen, "Ignorieren". |
02.02.2013, 18:07 | #17 |
| http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme ok danke Hat funktioniert mit Wiederholen Blöd, dass man als Laie leider nicht mal so einfache Sachen allein kann.. Aber Gott sei dank gibt es dich, den Spezialisten. Gg
__________________ |
02.02.2013, 18:09 | #18 |
/// TB-Ausbilder | http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus,
__________________Alles klar. Ich warte auf deine nächste Antwort. |
02.02.2013, 18:11 | #19 |
| http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Kanns länger dauern? Der grüne Balken ist zwar weitergeladen worden, aber es steht jetzt eben bei dieser Datei.. Und es steht Zielverzeichnis und nicht dekomprimiere, wie bei den Dateien davor, die ich grad sehen kann?? ...und ich habe extra darauf geachtet, dass ich nicht mit der Maus an dem Fenster ankomme, wie in der Anleitung vorgeschrieben. Es hat ja weitergeladen bis zu dieser Datei von der Warnung.. Falls du das denkst |
02.02.2013, 21:46 | #20 |
/// TB-Ausbilder | http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und führe ComboFix dort aus. |
03.02.2013, 08:27 | #21 |
| http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Guten Morgen, in dem Menü "Erweiterte Startoptionen" steht an erster Stelle "Computer reparieren", das hab ich da noch nie gesehen Anscheinendnidt er echt schon hinüber unser Patient gg Ich bin jetzt noch im abgesicherten Modus Hier die Logfiles Code:
ATTFilter Shortcut Cleaner 1.2.0 by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2013 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/ Program started at: 02/02/2013 05:34:34 PM. Searching C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DeepBurner.lnk => C:\Program Files\Astonsoft\DeepBurner\DeepBurner.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192 * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk => C:\Program Files\ImgBurn\ImgBurn.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192 * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192 * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Malwarebytes Anti-Malware .lnk => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192 * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk => C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192 * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk => C:\Windows\System32\SnippingTool.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192 * Shortcut Cleaned: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk => C:\Program Files\Windows Live\Messenger\msnmsgr.exe hxxp://search.certified-toolbar.com?si=41460&st=shortcut&tid=3192 Searching C:\Users\Public\Desktop\ Searching C:\Users\Celine\Desktop\ 7 bad shortcuts found. Program finished at: 02/02/2013 05:34:38 PM Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s) Code:
ATTFilter ComboFix 13-02-02.05 - Celine 03.02.2013 8:27:41.2.2 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3573.3050 [GMT 1:00] ausgeführt von:: C:\Users\Celine\Desktop\ComboFix.exe Benutzte Befehlsschalter :: C:\Users\***\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) C:\prefs.js c:\program files\DownTangoFTbToolbar c:\program files\DownTangoFTbToolbar\chrome\DownTangoFTbToolbar.crx c:\program files\DownTangoFTbToolbar\InstallHelper.dll c:\program files\DownTangoFTbToolbar\InstallHelperNet4.dll c:\program files\DownTangoFTbToolbar\Interop.IWshRuntimeLibrary.dll c:\program files\DownTangoFTbToolbar\search.ico c:\program files\DownTangoFTbToolbar\setupicon.ico c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\chrome.manifest c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\chrome\DownTangoFTbToolbar_3192.jar c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\components\wtb_complete.js c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\install.js c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\install.rdf c:\program files\DownTangoFTbToolbar\support@DownTangoFTbToolbar.com\pop.htm c:\program files\DownTangoFTbToolbar\System.Data.SQLite.dll c:\program files\DownTangoFTbToolbar\ToolbarUninstall.exe c:\program files\DownTangoFTbToolbar\unins000.dat c:\program files\DownTangoFTbToolbar\unins000.exe c:\users\***\AppData\Local\DownTango c:\users\***\AppData\Roaming\DownTangoFTbToolbar c:\users\***\AppData\Roaming\DownTangoFTbToolbar\DownTangoFTbToolbar.dll C:\Windows\system32\DEBUG.log C:\Windows\system32\drivers\etc\hosts.ics C:\Windows\system32\muzapp.exe C:\Windows\wininit.ini |
03.02.2013, 10:37 | #22 |
/// TB-Ausbilder | http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, du kannst deinen Rechner wieder normal starten. Gibt es noch Probleme mit "search.certified-toolbar" oder andere Probleme, die auf Malware hindeuten? Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
03.02.2013, 13:04 | #23 |
| http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Meine Schutzprogramme sind jetzt durchgelaufen und beim Malware Antirebytes ist der PC plötzlich abgestürzt. Es gab zum Auswählen der Partitionen Windows Vista, hab ich ausgesucht und dann war wieder zum auswählen ob abgesicherter Modus oder nicht. Jetzt lass ich die Programme nochmal in dem Modus durchlaufen. Es kam auch eine Meldung, dass der PC unerwartet heruntergefahren wurde und wenn es eine Lösung gibt, ich Bescheid bekomme. |
03.02.2013, 13:39 | #24 | |
/// TB-Ausbilder | http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, Zitat:
Wenn ja, führe OTL wie beschrieben aus. Wenn nicht und du selber "rumdokern" willst, dann können wir das Thema hier ja zu machen. |
03.02.2013, 14:50 | #25 |
| http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Hallo, ja natürlich möchte ich die Bereinigung zu Ende machen. Meine Antivirusprogramme starten von alleine, nach einer gewissen Zeit. Ich habe die Programme nicht mehr im abgesicherten Modus laufen lassen, und OTL habe ich heute gleich, nachdem du mir geschrieben hattest durchlaufen lassen, UND gepostet, aber wie man sieht, hat es nicht funktioniert. vlt weil ich es im abgesicherten Modus gemacht habe.. anbei das Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.02.2013 11:11:15 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 61,28% Memory free 7,16 Gb Paging File | 5,95 Gb Available in Paging File | 83,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 1,09 Gb Free Space | 1,87% Space Free | Partition Type: NTFS Drive E: | 863,15 Gb Total Space | 653,51 Gb Free Space | 75,71% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe PRC - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe PRC - [2010.11.30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe PRC - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe PRC - [2010.11.30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.01.26 16:13:58 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS) SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService) SRV - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService) SRV - [2010.10.20 10:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.11.19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- E:\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2008.03.25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- E:\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2008.01.21 03:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS -- (SYMNDISV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Celine\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto) DRV - [2013.01.16 06:21:31 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130202.007\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.16 06:21:31 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130202.007\NAVENG.SYS -- (NAVENG) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.11.22 08:08:02 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20130201.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.08.09 06:40:52 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.09 06:40:52 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA) DRV - [2012.04.18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv) DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON) DRV - [2012.04.16 19:26:52 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.03.11 22:22:56 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.03.11 22:22:56 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.01.17 16:45:56 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS) DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.12.30 08:46:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.11.30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk) DRV - [2010.11.30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymDSMon.sys -- (SymDSMon) DRV - [2010.05.28 10:19:00 | 000,065,382 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C) DRV - [2010.02.04 14:37:43 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2009.08.28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.01.15 08:19:00 | 007,740,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.11.12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.02 12:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 BF 19 36 73 C6 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012.12.18 10:12:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2013.02.03 10:02:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.31 11:19:15 | 000,000,000 | ---D | M] O1 HOSTS File: ([2013.02.03 08:36:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A6CA5B-9E48-4C06-ABC8-62BDA031B5E8}: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E5639C9-D609-4797-9561-46F0D3F68116}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992CF479-A5B9-4C78-9B56-3BA2BF399FC1}: DhcpNameServer = 213.162.69.169 213.162.65.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.03 09:05:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013.02.03 08:25:20 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.02.02 17:31:55 | 000,384,928 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Celine\Desktop\sc-cleaner.exe [2013.02.02 11:03:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.02 11:03:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.02 11:03:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.28 20:59:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.28 20:58:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.28 20:49:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.01.28 20:46:07 | 000,000,000 | ---D | C] -- C:\JRT [2013.01.28 20:17:06 | 005,029,149 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.01.24 13:57:29 | 000,033,616 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys [2013.01.24 12:12:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Celine\Desktop\OTL.exe [2013.01.23 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.23 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.01.23 14:30:17 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.01.23 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.01.23 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.01.23 14:12:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics [2013.01.23 14:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2013.01.23 14:11:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.01.22 14:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango [2013.01.22 14:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky [2013.01.17 11:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect [2013.01.06 21:47:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HandBrake [2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.06 20:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain [2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.06 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.03 11:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.03 11:02:41 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.02.03 10:07:48 | 000,674,760 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.03 10:07:48 | 000,634,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.03 10:07:48 | 000,145,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.03 10:07:48 | 000,119,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.03 10:01:32 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.02.03 10:00:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 10:00:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 10:00:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.03 09:58:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.03 08:36:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.02.02 19:12:05 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job [2013.02.02 17:32:50 | 005,029,149 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.02.02 17:31:56 | 000,384,928 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\sc-cleaner.exe [2013.02.01 08:13:05 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.30 08:57:47 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.28 20:02:09 | 000,580,235 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.24 15:16:43 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 12:22:57 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.24 12:20:51 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.23 14:36:50 | 000,444,863 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130123-143840.backup [2013.01.23 14:30:22 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.01.22 15:30:06 | 000,002,272 | ---- | M] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2} [2013.01.20 17:56:07 | 000,002,096 | ---- | M] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343} [2013.01.20 17:54:57 | 000,002,152 | ---- | M] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E} [2013.01.20 17:52:54 | 000,002,632 | ---- | M] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1} [2013.01.20 17:50:18 | 000,002,808 | ---- | M] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623} [2013.01.20 17:46:18 | 000,002,800 | ---- | M] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E} [2013.01.20 17:44:36 | 000,002,592 | ---- | M] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50} [2013.01.20 16:19:18 | 000,002,152 | ---- | M] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138} [2013.01.20 16:17:31 | 000,002,272 | ---- | M] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA} [2013.01.15 13:06:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.12 20:23:40 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db [2013.01.10 22:24:39 | 000,002,480 | ---- | M] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41} [2013.01.10 22:23:26 | 000,002,488 | ---- | M] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1} [2013.01.10 21:56:58 | 000,002,112 | ---- | M] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6} [2013.01.10 21:55:13 | 000,002,224 | ---- | M] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5} [2013.01.10 21:46:53 | 000,001,968 | ---- | M] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A} [2013.01.10 20:34:05 | 000,002,584 | ---- | M] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099} [2013.01.10 19:13:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 18:38:57 | 000,394,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.06 22:07:37 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.06 20:20:27 | 000,000,818 | ---- | M] () -- C:\Users\***\Desktop\Handbrake.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.02 11:03:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.02 11:03:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.02 11:03:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.02 11:03:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.28 20:02:09 | 000,580,235 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.24 15:16:43 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 12:22:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.24 12:20:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.23 14:31:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.23 14:31:04 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.23 14:31:02 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.23 14:30:22 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.23 14:30:22 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.22 15:30:03 | 000,002,272 | ---- | C] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2} [2013.01.22 14:35:12 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe [2013.01.20 17:56:07 | 000,002,096 | ---- | C] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343} [2013.01.20 17:54:57 | 000,002,152 | ---- | C] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E} [2013.01.20 17:52:54 | 000,002,632 | ---- | C] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1} [2013.01.20 17:50:17 | 000,002,808 | ---- | C] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623} [2013.01.20 17:46:16 | 000,002,800 | ---- | C] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E} [2013.01.20 17:44:33 | 000,002,592 | ---- | C] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50} [2013.01.20 16:19:16 | 000,002,152 | ---- | C] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138} [2013.01.20 16:17:29 | 000,002,272 | ---- | C] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA} [2013.01.15 13:06:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.10 22:24:38 | 000,002,480 | ---- | C] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41} [2013.01.10 22:23:25 | 000,002,488 | ---- | C] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1} [2013.01.10 21:56:55 | 000,002,112 | ---- | C] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6} [2013.01.10 21:55:09 | 000,002,224 | ---- | C] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5} [2013.01.10 21:46:53 | 000,001,968 | ---- | C] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A} [2013.01.10 20:34:00 | 000,002,584 | ---- | C] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099} [2013.01.06 20:20:25 | 000,000,818 | ---- | C] () -- C:\Users\***\Desktop\Handbrake.lnk [2012.12.17 15:11:09 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2012.11.15 13:11:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.11.15 13:11:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2012.09.27 18:06:21 | 000,000,005 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan [2012.06.27 20:54:11 | 000,119,410 | ---- | C] () -- C:\Windows\hpqins00.dat [2012.05.22 18:12:12 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2012.04.15 19:31:16 | 000,145,696 | ---- | C] () -- C:\Windows\hpoins18.dat.temp [2012.04.15 19:31:16 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp [2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Textures [2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Services [2012.03.24 08:20:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Pads [2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Schema [2012.03.24 08:20:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads [2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\SupportPrinters [2012.03.24 08:20:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.03.11 11:44:22 | 000,000,498 | ---- | C] () -- C:\Users\***\AppData\Roaming\DELTAUserMetrics.osl [2012.01.22 19:16:43 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2012.01.22 19:16:43 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2012.01.22 19:16:43 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.01.22 19:16:43 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat [2011.06.09 20:21:08 | 001,206,784 | -HS- | C] () -- C:\Users\***\ehthumbs_vista.db [2011.04.22 17:31:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.22 17:31:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2010.10.10 14:24:06 | 000,002,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\$_hpcst$.hpc [2009.10.10 07:11:52 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.05.13 19:25:41 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.04.04 19:51:52 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2009.04.01 15:53:18 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.30 10:38:09 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.24 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.12.26 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING [2012.04.30 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2009.05.15 19:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS [2011.02.27 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitZipper [2012.11.15 09:36:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.04.30 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.18 09:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2013.01.02 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.08.10 09:51:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ebner [2012.03.31 10:57:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronic Arts [2009.09.28 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media [2012.10.08 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fisher-Price [2013.01.01 19:56:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter [2012.11.15 13:22:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF [2011.10.04 07:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2013.01.06 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2012.01.05 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEROLD Business Data [2011.10.14 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.03.13 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express [2009.05.13 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.11.23 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2010.03.03 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.04.12 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at [2012.03.24 08:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon [2009.04.12 08:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Novosoft [2012.07.12 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuclear Coffee [2009.03.30 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.04.18 08:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2010.10.10 14:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.12.26 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect [2009.10.10 07:11:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.02.04 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc [2010.07.25 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS [2010.02.18 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache [2011.05.01 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl [2009.06.21 08:52:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\S.A.D [2011.06.17 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.03.31 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shareaza [2011.04.17 11:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod [2012.11.02 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft [2010.11.04 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.09.02 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StoneLoopsCT [2010.10.16 22:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2010.11.24 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2013.01.23 14:57:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2010.03.19 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions [2011.10.05 10:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964 @Alternate Data Stream - 16 bytes -> C:\Users\***\Downloads:Shareaza.GUID @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D287FACF @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D0894A08 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Und ich möchte nicht selbst rumdoktern, ich habe dir sogar noch weitere Fragen gestellt. Ich habe geantwortet, dass das Cerifield Toolbar weg ist, genauso Ask Toolbar, Down Tango usw. Meine Frage war was mit Samsung Kies und HPSupply ist, weil das noch in der Systemsteuerung ist und ich sonst keine weiteren Probleme in der Art habe. Meine zweite Frage war, warum der Flashpalyer nicht mehr geht, obwohl die aktuellste Version auf dem PC ist... Hallo, ja natürlich möchte ich die Bereinigung zu Ende machen. Meine Antivirusprogramme starten von alleine, nach einer gewissen Zeit. Ich habe die Programme nicht mehr im abgesicherten Modus laufen lassen, und OTL habe ich heute gleich, nachdem du mir geschrieben hattest durchlaufen lassen, UND gepostet, aber wie man sieht, hat es nicht funktioniert. vlt weil ich es im abgesicherten Modus gemacht habe.. anbei das Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.02.2013 11:11:15 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 61,28% Memory free 7,16 Gb Paging File | 5,95 Gb Available in Paging File | 83,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 1,09 Gb Free Space | 1,87% Space Free | Partition Type: NTFS Drive E: | 863,15 Gb Total Space | 653,51 Gb Free Space | 75,71% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe PRC - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe PRC - [2010.11.30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe PRC - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe PRC - [2010.11.30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.01.26 16:13:58 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS) SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService) SRV - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService) SRV - [2010.10.20 10:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.11.19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- E:\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2008.03.25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- E:\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2008.01.21 03:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS -- (SYMNDISV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Celine\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto) DRV - [2013.01.16 06:21:31 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130202.007\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.16 06:21:31 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130202.007\NAVENG.SYS -- (NAVENG) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.11.22 08:08:02 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20130201.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.08.09 06:40:52 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.09 06:40:52 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA) DRV - [2012.04.18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv) DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON) DRV - [2012.04.16 19:26:52 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.03.11 22:22:56 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.03.11 22:22:56 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.01.17 16:45:56 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS) DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.12.30 08:46:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.11.30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk) DRV - [2010.11.30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymDSMon.sys -- (SymDSMon) DRV - [2010.05.28 10:19:00 | 000,065,382 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C) DRV - [2010.02.04 14:37:43 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2009.08.28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.01.15 08:19:00 | 007,740,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.11.12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.02 12:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 BF 19 36 73 C6 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012.12.18 10:12:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2013.02.03 10:02:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.31 11:19:15 | 000,000,000 | ---D | M] O1 HOSTS File: ([2013.02.03 08:36:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A6CA5B-9E48-4C06-ABC8-62BDA031B5E8}: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E5639C9-D609-4797-9561-46F0D3F68116}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992CF479-A5B9-4C78-9B56-3BA2BF399FC1}: DhcpNameServer = 213.162.69.169 213.162.65.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.03 09:05:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013.02.03 08:25:20 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.02.02 17:31:55 | 000,384,928 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Celine\Desktop\sc-cleaner.exe [2013.02.02 11:03:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.02 11:03:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.02 11:03:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.28 20:59:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.28 20:58:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.28 20:49:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.01.28 20:46:07 | 000,000,000 | ---D | C] -- C:\JRT [2013.01.28 20:17:06 | 005,029,149 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.01.24 13:57:29 | 000,033,616 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys [2013.01.24 12:12:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Celine\Desktop\OTL.exe [2013.01.23 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.23 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.01.23 14:30:17 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.01.23 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.01.23 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.01.23 14:12:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics [2013.01.23 14:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2013.01.23 14:11:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.01.22 14:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango [2013.01.22 14:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky [2013.01.17 11:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect [2013.01.06 21:47:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HandBrake [2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.06 20:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain [2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.06 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.03 11:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.03 11:02:41 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.02.03 10:07:48 | 000,674,760 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.03 10:07:48 | 000,634,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.03 10:07:48 | 000,145,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.03 10:07:48 | 000,119,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.03 10:01:32 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.02.03 10:00:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 10:00:50 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 10:00:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.03 09:58:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.03 08:36:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.02.02 19:12:05 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job [2013.02.02 17:32:50 | 005,029,149 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.02.02 17:31:56 | 000,384,928 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\***\Desktop\sc-cleaner.exe [2013.02.01 08:13:05 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.30 08:57:47 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.28 20:02:09 | 000,580,235 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.24 15:16:43 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 12:22:57 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.24 12:20:51 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.23 14:36:50 | 000,444,863 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130123-143840.backup [2013.01.23 14:30:22 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.01.22 15:30:06 | 000,002,272 | ---- | M] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2} [2013.01.20 17:56:07 | 000,002,096 | ---- | M] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343} [2013.01.20 17:54:57 | 000,002,152 | ---- | M] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E} [2013.01.20 17:52:54 | 000,002,632 | ---- | M] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1} [2013.01.20 17:50:18 | 000,002,808 | ---- | M] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623} [2013.01.20 17:46:18 | 000,002,800 | ---- | M] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E} [2013.01.20 17:44:36 | 000,002,592 | ---- | M] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50} [2013.01.20 16:19:18 | 000,002,152 | ---- | M] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138} [2013.01.20 16:17:31 | 000,002,272 | ---- | M] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA} [2013.01.15 13:06:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.12 20:23:40 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db [2013.01.10 22:24:39 | 000,002,480 | ---- | M] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41} [2013.01.10 22:23:26 | 000,002,488 | ---- | M] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1} [2013.01.10 21:56:58 | 000,002,112 | ---- | M] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6} [2013.01.10 21:55:13 | 000,002,224 | ---- | M] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5} [2013.01.10 21:46:53 | 000,001,968 | ---- | M] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A} [2013.01.10 20:34:05 | 000,002,584 | ---- | M] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099} [2013.01.10 19:13:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 18:38:57 | 000,394,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.06 22:07:37 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.06 20:20:27 | 000,000,818 | ---- | M] () -- C:\Users\***\Desktop\Handbrake.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.02 11:03:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.02 11:03:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.02 11:03:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.02 11:03:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.28 20:02:09 | 000,580,235 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.24 15:16:43 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 12:22:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.24 12:20:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.23 14:31:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.23 14:31:04 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.23 14:31:02 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.23 14:30:22 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.23 14:30:22 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.22 15:30:03 | 000,002,272 | ---- | C] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2} [2013.01.22 14:35:12 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe [2013.01.20 17:56:07 | 000,002,096 | ---- | C] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343} [2013.01.20 17:54:57 | 000,002,152 | ---- | C] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E} [2013.01.20 17:52:54 | 000,002,632 | ---- | C] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1} [2013.01.20 17:50:17 | 000,002,808 | ---- | C] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623} [2013.01.20 17:46:16 | 000,002,800 | ---- | C] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E} [2013.01.20 17:44:33 | 000,002,592 | ---- | C] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50} [2013.01.20 16:19:16 | 000,002,152 | ---- | C] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138} [2013.01.20 16:17:29 | 000,002,272 | ---- | C] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA} [2013.01.15 13:06:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.10 22:24:38 | 000,002,480 | ---- | C] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41} [2013.01.10 22:23:25 | 000,002,488 | ---- | C] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1} [2013.01.10 21:56:55 | 000,002,112 | ---- | C] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6} [2013.01.10 21:55:09 | 000,002,224 | ---- | C] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5} [2013.01.10 21:46:53 | 000,001,968 | ---- | C] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A} [2013.01.10 20:34:00 | 000,002,584 | ---- | C] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099} [2013.01.06 20:20:25 | 000,000,818 | ---- | C] () -- C:\Users\***\Desktop\Handbrake.lnk [2012.12.17 15:11:09 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2012.11.15 13:11:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.11.15 13:11:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2012.09.27 18:06:21 | 000,000,005 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan [2012.06.27 20:54:11 | 000,119,410 | ---- | C] () -- C:\Windows\hpqins00.dat [2012.05.22 18:12:12 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2012.04.15 19:31:16 | 000,145,696 | ---- | C] () -- C:\Windows\hpoins18.dat.temp [2012.04.15 19:31:16 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp [2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Textures [2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Services [2012.03.24 08:20:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Pads [2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Schema [2012.03.24 08:20:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads [2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\SupportPrinters [2012.03.24 08:20:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.03.11 11:44:22 | 000,000,498 | ---- | C] () -- C:\Users\***\AppData\Roaming\DELTAUserMetrics.osl [2012.01.22 19:16:43 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2012.01.22 19:16:43 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2012.01.22 19:16:43 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.01.22 19:16:43 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat [2011.06.09 20:21:08 | 001,206,784 | -HS- | C] () -- C:\Users\***\ehthumbs_vista.db [2011.04.22 17:31:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.22 17:31:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2010.10.10 14:24:06 | 000,002,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\$_hpcst$.hpc [2009.10.10 07:11:52 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.05.13 19:25:41 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.04.04 19:51:52 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2009.04.01 15:53:18 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.30 10:38:09 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.24 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.12.26 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING [2012.04.30 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2009.05.15 19:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS [2011.02.27 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitZipper [2012.11.15 09:36:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.04.30 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.18 09:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2013.01.02 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.08.10 09:51:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ebner [2012.03.31 10:57:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronic Arts [2009.09.28 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media [2012.10.08 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fisher-Price [2013.01.01 19:56:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter [2012.11.15 13:22:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF [2011.10.04 07:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2013.01.06 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2012.01.05 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEROLD Business Data [2011.10.14 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.03.13 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express [2009.05.13 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.11.23 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2010.03.03 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.04.12 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at [2012.03.24 08:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon [2009.04.12 08:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Novosoft [2012.07.12 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuclear Coffee [2009.03.30 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.04.18 08:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2010.10.10 14:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.12.26 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect [2009.10.10 07:11:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.02.04 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc [2010.07.25 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS [2010.02.18 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache [2011.05.01 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl [2009.06.21 08:52:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\S.A.D [2011.06.17 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.03.31 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shareaza [2011.04.17 11:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod [2012.11.02 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft [2010.11.04 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.09.02 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StoneLoopsCT [2010.10.16 22:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2010.11.24 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2013.01.23 14:57:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2010.03.19 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions [2011.10.05 10:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964 @Alternate Data Stream - 16 bytes -> C:\Users\***\Downloads:Shareaza.GUID @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D287FACF @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D0894A08 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Und ich möchte nicht selbst rumdoktern, ich habe dir sogar noch weitere Fragen gestellt. Ich habe geantwortet, dass das Cerifield Toolbar weg ist, genauso Ask Toolbar, Down Tango usw. Meine Frage war was mit Samsung Kies und HPSupply ist, weil das noch in der Systemsteuerung ist und ich sonst keine weiteren Probleme in der Art habe. Meine zweite Frage war, warum der Flashpalyer nicht mehr geht, obwohl die aktuellste Version auf dem PC ist... Schau das ist doch ein "Ka***".. Jetzt ist es dafür gleich wieder 2x gepostet, ich verstehe nicht, warum das immer hängt und spinnt Ich drücke nur 1x auf Antworten, warte ob man es sieht und wenn nicht, dann erst ein 2x. Das einzige was sonst noch auftritt ist, dass ich nur durch aktualisieren der Seite sehe, dass ich eingeloggt bin.. Das ist halt auch ziemlich nervig, dass die Seite nicht normal ladet nachdem ich meine Zugansdaten eingegeben habe! |
04.02.2013, 09:05 | #26 | ||
/// TB-Ausbilder | http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, Zitat:
Zitat:
Warum du solche Probleme mit dem Forum hier hast, ist schon etwas komisch. Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2 Fixen mit OTL
Code:
ATTFilter :OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. [2013.01.22 14:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango [2013.01.22 14:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky [2012.12.26 17:40:08 | 000,000,000 | ---D | M] -- %appdata%\APP_NAME_NON_STRING @Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D287FACF @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D0894A08 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 :commands [Emptytemp]
Schritt 3
Schritt 4 ESET Online Scanner
Schritt 5 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 6 Downloade Dir bitte SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
04.02.2013, 15:48 | #27 |
| http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Hallo, die zwei Softwareprogramme lassen sich nicht deinstallieren, das ist ja das Problem Ich habe sie schon mehrmals deinstalliert, beim Samsung Kies zb. stand auch "Deinstallation erfolgreich", beim HPPSupply kommt immer eine Fehlermeldung von vornherein CCleaner ist brav deinstalliert (Dieser hatte sich sowieso von alleine geschlossen beim letzten mal, als ich eine Reinigung starten wollte) Ich habe über die Adobeseite (auf deinem Link und nach deiner Anleitung) den Flashplayer 11runtergeladen, allerdings habe ich den schon vorher 3x runtergeladen und installiert (deswegen habe ich ja gesagt, dass ich die aktuellste Version habe-->Systemsteuerung im Anhang) ABER: Er geht allerdings noch immer nicht! Beispiel: In Facebook spiele ich "Candy Crush Saga".. seit das mit dem Certified Toolbar war, schrieb dort die Seite, dass ich eine neuere Version vom Flashplayer benötige, dort habe ich dann immer die aktuelle runtergeladen, aber wie gesagt, Deinstallation wurde als erfolgreich angezeigt, aber es funktionierte trotzdem nie und davor schon, und das ohne Probleme Hier die Logfiles: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango folder moved successfully. C:\Program Files\Red Sky folder moved successfully. C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING\Logs folder moved successfully. C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING folder moved successfully. ADS C:\ProgramData\TEMP:D3A96964 deleted successfully. ADS C:\ProgramData\TEMP:D287FACF deleted successfully. ADS C:\ProgramData\TEMP:D0894A08 deleted successfully. ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: *** ->Temp folder emptied: 1752490 bytes ->Temporary Internet Files folder emptied: 5988699 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 291 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Mcx2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Mcx3 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Mcx4 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Mcx5 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1279639 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2214 bytes RecycleBin emptied: 930639149 bytes Total Files Cleaned = 896,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02042013_103834 Files\Folders moved on Reboot... File move failed. C:\Windows\SE2E046BA.tmp scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.04.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ***: *** [Administrator] 04.02.2013 10:47:02 mbam-log-2013-02-04 (10-47-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 350754 Laufzeit: 6 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
04.02.2013, 15:49 | #28 |
| http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Hallo, die zwei Softwareprogramme lassen sich nicht deinstallieren, das ist ja das Problem Ich habe sie schon mehrmals deinstalliert, beim Samsung Kies zb. stand auch "Deinstallation erfolgreich", beim HPPSupply kommt immer eine Fehlermeldung von vornherein CCleaner ist brav deinstalliert (Dieser hatte sich sowieso von alleine geschlossen beim letzten mal, als ich eine Reinigung starten wollte) Ich habe über die Adobeseite (auf deinem Link und nach deiner Anleitung) den Flashplayer 11runtergeladen, allerdings habe ich den schon vorher 3x runtergeladen und installiert (deswegen habe ich ja gesagt, dass ich die aktuellste Version habe-->Systemsteuerung im Anhang) ABER: Er geht allerdings noch immer nicht! Beispiel: In Facebook spiele ich "Candy Crush Saga".. seit das mit dem Certified Toolbar war, schrieb dort die Seite, dass ich eine neuere Version vom Flashplayer benötige, dort habe ich dann immer die aktuelle runtergeladen, aber wie gesagt, Deinstallation wurde als erfolgreich angezeigt, aber es funktionierte trotzdem nie und davor schon, und das ohne Probleme Hier die Logfiles: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango folder moved successfully. C:\Program Files\Red Sky folder moved successfully. C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING\Logs folder moved successfully. C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING folder moved successfully. ADS C:\ProgramData\TEMP:D3A96964 deleted successfully. ADS C:\ProgramData\TEMP:D287FACF deleted successfully. ADS C:\ProgramData\TEMP:D0894A08 deleted successfully. ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: *** ->Temp folder emptied: 1752490 bytes ->Temporary Internet Files folder emptied: 5988699 bytes ->Java cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 291 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Mcx2 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Mcx3 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Mcx4 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Mcx5 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1279639 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2214 bytes RecycleBin emptied: 930639149 bytes Total Files Cleaned = 896,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02042013_103834 Files\Folders moved on Reboot... File move failed. C:\Windows\SE2E046BA.tmp scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.04.02 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 ***: *** [Administrator] 04.02.2013 10:47:02 mbam-log-2013-02-04 (10-47-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 350754 Laufzeit: 6 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=6e59c09851f7bd4e9dc3653542408a1f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-04 12:27:12 # local_time=2013-02-04 01:27:12 (+0100, Mitteleuropäische Zeit) # country="Austria" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=3591 16777213 100 99 2259746 122577417 0 0 # compatibility_mode=5892 16776638 100 100 202032 197513560 0 0 # scanned=212391 # found=3 # cleaned=0 # scan_time=8008 C:\ProgramData\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger29.zip Win32/Bagle.gen.zip worm ADE3F8BBD426EDEF05050E88C533E5587923E9D9 I C:\Users\All Users\Spybot - Search & Destroy\Recovery\FraudFacebookMessenger29.zip Win32/Bagle.gen.zip worm ADE3F8BBD426EDEF05050E88C533E5587923E9D9 I M:\Schule\Hira USBSTICK\autorun.inf INF/Autorun worm C4D445BF1D58420B488BEE1B98D5430C96B03BF9 I Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.70.0.1100 Java 7 Update 7 Java(TM) SE Development Kit 6 Update 13 Java DB 10.4.1.3 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Könntest du mir einen Gefallen tun? Kann man jeden doppelten Post löschen? Ich kann ja das leider nicht Mich stört das ur, hoffe, dass das geht! Danke lg |
04.02.2013, 17:34 | #29 | |
/// TB-Ausbilder | http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, vielen Dank für deine Erläuterungen, jetzt verstehe ich dich besser. Und dank deines Screenshots kann ich dir sagen, dass du zwar den Flash Player für den Internet Explorer installiert hast, aber nicht für Firefox: Adobe Flash Player 11 Active X <<--- Das ist für den Internet Explorer Du hast dir anscheinend nur immer den Flash Player für den Internet Explorer heruntergeladen, nicht aber für Firefox, kann das sein? Ich hab da mal eine Frage: Was ist Laufwerk M? Ein USB-Stick, oder? Zitat:
Wenn wir Pech haben, hast du damit deinen Rechner wieder infiziert... Schließe deinen USB-Stick an den Rechner an. Vergewissere dich unter Start > Computer, dass der Stick als Laufwerk M erkannt wird, sonst wird der Fix nicht funktionieren: Fixen mit OTL
Code:
ATTFilter :files M:\Schule\Hira USBSTICK\autorun.inf :Commands [reboot]
Anschließend nochmal ein OTL-Scan: Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
04.02.2013, 21:06 | #30 |
| http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Hi. Bei deiner letzten Anleitung stand, dass ich alle externen Festplatten (M ist eine externe) und USB Sticks anstecken soll, das habe ich getan.. Tut mir leid, falls jetzt wieder Viren drauf sind. Ich verwende NUR den Internet Explorer, ich mag den Firefox nicht. Brauche ich das extra dort auch den Flashplayer? Bis jetzt habe ich auf das nie geachtet, bzw. wusste es nicht. Hier die Files: Code:
ATTFilter ========== FILES ========== M:\Schule\Hira USBSTICK\autorun.inf moved successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 02042013_193327 Code:
ATTFilter OTL logfile created on: 04.02.2013 19:42:30 - Run 4***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 64,77% Memory free 7,16 Gb Paging File | 6,15 Gb Available in Paging File | 85,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 58,59 Gb Total Space | 0,92 Gb Free Space | 1,58% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 0,59 Gb Free Space | 0,20% Space Free | Partition Type: NTFS Drive E: | 863,15 Gb Total Space | 653,51 Gb Free Space | 75,71% Space Free | Partition Type: NTFS Drive K: | 7,39 Gb Total Space | 7,39 Gb Free Space | 99,88% Space Free | Partition Type: FAT32 Drive L: | 29,80 Gb Total Space | 4,30 Gb Free Space | 14,42% Space Free | Partition Type: FAT32 Drive M: | 931,51 Gb Total Space | 0,02 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\***\Celine\Desktop\OTL.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe PRC - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe PRC - [2010.11.30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe PRC - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe PRC - [2010.11.30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013.02.04 14:45:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS) SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService) SRV - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService) SRV - [2010.10.20 10:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.11.19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- E:\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2008.03.25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- E:\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2008.01.21 03:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS -- (SYMNDISV) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS -- (SYMFW) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto) DRV - [2013.01.16 06:21:31 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130204.004\NAVEX15.SYS -- (NAVEX15) DRV - [2013.01.16 06:21:31 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130204.004\NAVENG.SYS -- (NAVENG) DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86) DRV - [2012.11.22 08:08:02 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20130201.001\IDSvix86.sys -- (IDSVix86) DRV - [2012.08.09 06:40:52 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012.08.09 06:40:52 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP) DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX) DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS) DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA) DRV - [2012.04.18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv) DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON) DRV - [2012.04.16 19:26:52 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012.03.11 22:22:56 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.03.11 22:22:56 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012.01.17 16:45:56 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS) DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.12.30 08:46:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.11.30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk) DRV - [2010.11.30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymDSMon.sys -- (SymDSMon) DRV - [2010.05.28 10:19:00 | 000,065,382 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C) DRV - [2010.02.04 14:37:43 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2009.08.28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.01.15 08:19:00 | 007,740,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.11.12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.02 12:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.04.03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 BF 19 36 73 C6 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012.12.18 10:12:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2013.02.04 19:40:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.31 11:19:15 | 000,000,000 | ---D | M] O1 HOSTS File: ([2013.02.03 08:36:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A6CA5B-9E48-4C06-ABC8-62BDA031B5E8}: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E5639C9-D609-4797-9561-46F0D3F68116}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992CF479-A5B9-4C78-9B56-3BA2BF399FC1}: DhcpNameServer = 213.162.69.169 213.162.65.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.03.31 09:35:30 | 000,000,102 | ---- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011.08.04 18:13:52 | 000,000,110 | -H-- | M] () - L:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.04 11:10:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2013.02.04 10:38:34 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.03 09:05:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.02.03 08:36:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013.02.03 08:25:20 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.02.02 17:31:55 | 000,384,928 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Celine\Desktop\sc-cleaner.exe [2013.02.02 11:03:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.02 11:03:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.02 11:03:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.28 20:59:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.28 20:58:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.28 20:49:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.01.28 20:46:07 | 000,000,000 | ---D | C] -- C:\JRT [2013.01.28 20:17:06 | 005,029,149 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.01.24 13:57:29 | 000,033,616 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfiark.sys [2013.01.24 12:12:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.23 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.23 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.01.23 14:30:17 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013.01.23 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013.01.23 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.01.23 14:12:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics [2013.01.23 14:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus [2013.01.23 14:11:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.01.17 11:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect [2013.01.06 21:47:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HandBrake [2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain [2013.01.06 20:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain [2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake [2013.01.06 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.04 19:43:46 | 000,674,760 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.04 19:43:46 | 000,634,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.04 19:43:46 | 000,145,428 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.04 19:43:46 | 000,119,450 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.04 19:38:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 19:38:29 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 19:37:08 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.02.04 19:37:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.02.04 19:36:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 19:33:52 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.04 19:28:00 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job [2013.02.04 19:10:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 15:38:20 | 000,194,756 | ---- | M] () -- C:\Users\***\Desktop\Systemsteuerung.jpg [2013.02.04 14:45:08 | 000,881,914 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe [2013.02.04 11:10:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2013.02.03 20:12:07 | 000,001,968 | ---- | M] () -- C:\{02077D6C-6EC6-4C0D-AA47-A45313B50F93} [2013.02.03 12:52:43 | 524,283,061 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.03 08:36:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.02.02 17:32:50 | 005,029,149 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.02.02 17:31:56 | 000,384,928 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Celine\Desktop\sc-cleaner.exe [2013.02.01 08:13:05 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.30 08:57:47 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.28 20:02:09 | 000,580,235 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.24 15:16:43 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 12:22:57 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.24 12:20:51 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.23 14:36:50 | 000,444,863 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130123-143840.backup [2013.01.23 14:30:22 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys [2013.01.22 15:30:06 | 000,002,272 | ---- | M] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2} [2013.01.20 17:56:07 | 000,002,096 | ---- | M] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343} [2013.01.20 17:54:57 | 000,002,152 | ---- | M] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E} [2013.01.20 17:52:54 | 000,002,632 | ---- | M] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1} [2013.01.20 17:50:18 | 000,002,808 | ---- | M] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623} [2013.01.20 17:46:18 | 000,002,800 | ---- | M] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E} [2013.01.20 17:44:36 | 000,002,592 | ---- | M] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50} [2013.01.20 16:19:18 | 000,002,152 | ---- | M] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138} [2013.01.20 16:17:31 | 000,002,272 | ---- | M] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA} [2013.01.15 13:06:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.12 20:23:40 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db [2013.01.10 22:24:39 | 000,002,480 | ---- | M] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41} [2013.01.10 22:23:26 | 000,002,488 | ---- | M] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1} [2013.01.10 21:56:58 | 000,002,112 | ---- | M] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6} [2013.01.10 21:55:13 | 000,002,224 | ---- | M] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5} [2013.01.10 21:46:53 | 000,001,968 | ---- | M] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A} [2013.01.10 20:34:05 | 000,002,584 | ---- | M] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099} [2013.01.10 19:13:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 18:38:57 | 000,394,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.06 22:07:37 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.06 20:20:27 | 000,000,818 | ---- | M] () -- C:\Users\***\Desktop\Handbrake.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.04 15:38:20 | 000,194,756 | ---- | C] () -- C:\Users\***\Desktop\Systemsteuerung.jpg [2013.02.04 14:45:08 | 000,881,914 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe [2013.02.03 20:12:06 | 000,001,968 | ---- | C] () -- C:\{02077D6C-6EC6-4C0D-AA47-A45313B50F93} [2013.02.03 12:52:43 | 524,283,061 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.02 11:03:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.02 11:03:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.02 11:03:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.02 11:03:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.28 20:02:09 | 000,580,235 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.24 15:16:43 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 12:22:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.24 12:20:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.01.23 14:31:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.01.23 14:31:04 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.01.23 14:31:02 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.01.23 14:30:22 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.23 14:30:22 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.22 15:30:03 | 000,002,272 | ---- | C] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2} [2013.01.22 14:35:12 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe [2013.01.20 17:56:07 | 000,002,096 | ---- | C] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343} [2013.01.20 17:54:57 | 000,002,152 | ---- | C] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E} [2013.01.20 17:52:54 | 000,002,632 | ---- | C] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1} [2013.01.20 17:50:17 | 000,002,808 | ---- | C] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623} [2013.01.20 17:46:16 | 000,002,800 | ---- | C] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E} [2013.01.20 17:44:33 | 000,002,592 | ---- | C] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50} [2013.01.20 16:19:16 | 000,002,152 | ---- | C] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138} [2013.01.20 16:17:29 | 000,002,272 | ---- | C] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA} [2013.01.15 13:06:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013.01.10 22:24:38 | 000,002,480 | ---- | C] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41} [2013.01.10 22:23:25 | 000,002,488 | ---- | C] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1} [2013.01.10 21:56:55 | 000,002,112 | ---- | C] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6} [2013.01.10 21:55:09 | 000,002,224 | ---- | C] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5} [2013.01.10 21:46:53 | 000,001,968 | ---- | C] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A} [2013.01.10 20:34:00 | 000,002,584 | ---- | C] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099} [2013.01.06 20:20:25 | 000,000,818 | ---- | C] () -- C:\Users\***\Desktop\Handbrake.lnk [2012.12.17 15:11:09 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2012.11.15 13:11:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.11.15 13:11:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2012.09.27 18:06:21 | 000,000,005 | ---- | C] () -- C:\Users\Celine\AppData\Roaming\mbam.context.scan [2012.06.27 20:54:11 | 000,119,410 | ---- | C] () -- C:\Windows\hpqins00.dat [2012.05.22 18:12:12 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe [2012.04.15 19:31:16 | 000,145,696 | ---- | C] () -- C:\Windows\hpoins18.dat.temp [2012.04.15 19:31:16 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp [2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Textures [2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Services [2012.03.24 08:20:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Pads [2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Schema [2012.03.24 08:20:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads [2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\SupportPrinters [2012.03.24 08:20:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.03.11 11:44:22 | 000,000,498 | ---- | C] () -- C:\Users\***\AppData\Roaming\DELTAUserMetrics.osl [2012.01.22 19:16:43 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2012.01.22 19:16:43 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2012.01.22 19:16:43 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.01.22 19:16:43 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat [2011.06.09 20:21:08 | 001,206,784 | -HS- | C] () -- C:\Users\***\ehthumbs_vista.db [2011.04.22 17:31:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.22 17:31:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2010.10.10 14:24:06 | 000,002,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\$_hpcst$.hpc [2009.10.10 07:11:52 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.05.13 19:25:41 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.04.04 19:51:52 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2009.04.01 15:53:18 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.30 10:38:09 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.01.24 15:19:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.04.30 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus [2009.05.15 19:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS [2011.02.27 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitZipper [2012.11.15 09:36:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.04.30 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.18 09:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2013.01.02 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.08.10 09:51:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ebner [2012.03.31 10:57:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronic Arts [2009.09.28 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media [2012.10.08 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fisher-Price [2013.01.01 19:56:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter [2012.11.15 13:22:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF [2011.10.04 07:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2013.01.06 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2012.01.05 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEROLD Business Data [2011.10.14 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.03.13 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express [2009.05.13 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.11.23 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2010.03.03 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.04.12 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at [2012.03.24 08:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon [2009.04.12 08:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Novosoft [2012.07.12 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuclear Coffee [2009.03.30 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.04.18 08:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin [2010.10.10 14:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.12.26 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect [2009.10.10 07:11:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.02.04 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc [2010.07.25 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS [2010.02.18 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache [2011.05.01 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl [2009.06.21 08:52:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\S.A.D [2011.06.17 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.03.31 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shareaza [2011.04.17 11:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod [2012.11.02 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft [2010.11.04 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.09.02 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StoneLoopsCT [2010.10.16 22:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2010.11.24 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2013.01.23 14:57:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent [2010.03.19 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions [2011.10.05 10:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964 @Alternate Data Stream - 16 bytes -> C:\Users\***\Downloads:Shareaza.GUID < End of report > PS: Ist es normal, dass jetzt dieser Virus (Datei) von dem Ordner vom M in dem Ordner vom OTL ist? Das waren Dateien von einer Freundin (Hira) ihren USB Stick, die ich noch immer gespeichert habe. Ist diese Autorun-Datei immer ein Virus? Ich hab manchmal das am USB Stick und dann lösch ich das einfach immer.. Wegen Flash Player.. bei Myvideo zb. gehts auch nicht, dafür aber in Youtube schon..das ist alles bisschen komisch, ich verstehs nicht warum! Obwohl ich für Firefox auch schon den Player installiert habe! |
Themen zu http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme |
32 bit, ad-aware, andere probleme, antivirus, avg secure search, bho, bonjour, browser, canon, enigma, error, excel, firefox, flash player, google, home, install.exe, intranet, jdownloader, msiexec.exe, object, office 2007, plug-in, problem, realtek, refresh, registry, safer networking, scan, secure search, security, senden, software, starten, svchost.exe, symantec, viren, vista, vtoolbarupdater |