|
Plagegeister aller Art und deren Bekämpfung: Vermute Fremdzugriff, brauche Hilfe ! Wie sichere ich mich gegen Hacker sicher ab und wie finde ich restlos alle Viren ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.01.2013, 22:11 | #1 |
| Vermute Fremdzugriff, brauche Hilfe ! Wie sichere ich mich gegen Hacker sicher ab und wie finde ich restlos alle Viren ? Hallo, auf meinem Computer passieren merkwürdige Sachen und ich wollte mich mal darüber informieren muss, was ich machen muss, um sicher jeden Hacker abwehren zu können und jeden Virus zu entfernen . Wie siehts mit dem Prozess Task-Host an ? Ist Hosten nicht ein upload ? |
30.01.2013, 02:39 | #2 |
/// Helfer-Team | Vermute Fremdzugriff, brauche Hilfe ! Wie sichere ich mich gegen Hacker sicher ab und wie finde ich restlos alle Viren ?Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
30.01.2013, 10:17 | #3 |
| Vermute Fremdzugriff, brauche Hilfe ! Wie sichere ich mich gegen Hacker sicher ab und wie finde ich restlos alle Viren ? Das hier ist mein Malware Log
__________________Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.29.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Jonny_High_Fly :: WINDOWS_7_ULTIM [Administrator] Schutz: Aktiviert 29.01.2013 22:57:17 mbam-log-2013-01-29 (22-57-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 455738 Laufzeit: 2 Stunde(n), 18 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 20 G:\1 - 12 [ alles ausser (Progs Rest) siehe unten, da ist die Verkbnüpfung dazu+ ]\08\Progs\IncrediMail.XE.2.v6.2.9.5163.DEUTSCH\Patch for Win7\incredimail.plus.v6.xx.xxxx.win7-patch.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt. G:\1 - 12 [ alles ausser (Progs Rest) siehe unten, da ist die Verkbnüpfung dazu+ ]\08\Progs\IncrediMail.XE.2.v6.2.9.5163.DEUTSCH\Patch for WinXP\incredimail.plus.v6.xx.xxxx.xp-patch.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt. C:\Program Files\Cloney´s\Clone CD\Clone CD ByBlack\KeyGen CORE\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Neuer Ordner\VideoConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Progs\VideoConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Progs\IncrediMail.XE.2.v6.2.9.5163.DEUTSCH\Patch for Win7\incredimail.plus.v6.xx.xxxx.win7-patch.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Progs\IncrediMail.XE.2.v6.2.9.5163.DEUTSCH\Patch for WinXP\incredimail.plus.v6.xx.xxxx.xp-patch.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Progs\File Savanger 3.2.22 inkl. Keygen\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Progs\File Savanger 3.2.22 inkl. Keygen\keygen.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Progs\Cloney´s\Clone CD\Key Generator v5.3\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Progs\Office 2010\Office 2010\Office 2010 entpackt\BIE\os_x86\bie_o10install86.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Win 7 Versionen\Windows 7 cracks\Yamicsoft.Windows.7.Manager.v2.1.6.Incl\KeyGen\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\A Speicherkarten\Win 7 Versionen\Windows.7.Ultimate.x86\cracks\Yamicsoft.Windows.7.Manager.v2.1.6.Incl\KeyGen\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\1 - 12 [ alles ausser (Progs Rest) siehe unten, da ist die Verkbnüpfung dazu+ ]\06\Windows 7 cracks\Yamicsoft.Windows.7.Manager.v2.1.6.Incl\KeyGen\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\1 - 12 [ alles ausser (Progs Rest) siehe unten, da ist die Verkbnüpfung dazu+ ]\08\Progs\File Savanger 3.2.22 inkl. Keygen\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\1 - 12 [ alles ausser (Progs Rest) siehe unten, da ist die Verkbnüpfung dazu+ ]\08\Progs\File Savanger 3.2.22 inkl. Keygen\keygen.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\1 - 12 [ alles ausser (Progs Rest) siehe unten, da ist die Verkbnüpfung dazu+ ]\09\Progs\Office 2010\Office 2010\Office 2010 entpackt\BIE\os_x86\bie_o10install86.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\1 - 12 [ alles ausser (Progs Rest) siehe unten, da ist die Verkbnüpfung dazu+ ]\11\Progs\Cloney´s\Clone CD\Key Generator v5.3\keygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\1 - 12 [ alles ausser (Progs Rest) siehe unten, da ist die Verkbnüpfung dazu+ ]\12 +4221,12 MB\Progs\VideoConverterSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. G:\1 - 12 [ alles ausser (Progs Rest) siehe unten, da ist die Verkbnüpfung dazu+ ]\Win 7\Microsoft.Windows.7.Ultimate.x86.Integrated.April.2011.GERMAN-MADMAX\cracks\Yamicsoft.Windows.7.Manager.v2.1.6.Incl\KeyGen\CORE10k.EXE (Dont.Steal.Our.Software) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Das hier sind meine laufenden Prozesse und Dienste : Hier die OTL Konfigurationseinstellung : Hier die OTL Log Datei :OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.01.2013 10:27:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonny_High_Fly\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,52 Mb Total Physical Memory | 135,69 Mb Available Physical Memory | 17,68% Memory free 1,95 Gb Paging File | 0,47 Gb Available in Paging File | 24,00% Paging File free Paging file location(s): c:\pagefile.sys 16 4095f:\pagefil [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 15,03 Gb Free Space | 20,17% Space Free | Partition Type: NTFS Drive F: | 248,09 Gb Total Space | 25,37 Gb Free Space | 10,23% Space Free | Partition Type: NTFS Drive G: | 50,00 Gb Total Space | 11,07 Gb Free Space | 22,15% Space Free | Partition Type: NTFS Computer Name: WINDOWS_7_ULTIM | User Name: Jonny_High_Fly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jonny_High_Fly\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - c:\Programme\Trillian\plugins\skypekit.exe () PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Programme\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\ProgramData\{9E56ECED-DC0F-4D2B-8090-839305CF6B2C}\Server.exe (SlySoft Inc.) PRC - C:\Windows\System32\mmc.exe (Microsoft Corporation) PRC - C:\Programme\Google\Google Talk\googletalk.exe (Google) ========== Modules (No Company Name) ========== MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll () MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\libglesv2.dll () MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\libegl.dll () MOD - C:\Programme\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll () MOD - c:\Programme\Trillian\plugins\skypekit.exe () MOD - C:\Programme\Trillian\libpng15.dll () MOD - C:\Programme\Trillian\libungif.dll () MOD - C:\Programme\Trillian\zlib1.dll () MOD - c:\users\jonny_high_fly\appdata\roaming\trillian\languages\de\buddy.dll () MOD - c:\users\jonny_high_fly\appdata\roaming\trillian\languages\de\events.dll () MOD - c:\users\jonny_high_fly\appdata\roaming\trillian\languages\de\talk.dll () MOD - c:\users\jonny_high_fly\appdata\roaming\trillian\languages\de\trillian.dll () MOD - c:\users\jonny_high_fly\appdata\roaming\trillian\languages\de\toolkit.dll () MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll () MOD - C:\Programme\Tobit Radio.fx\Client\tobitclt.dll () MOD - C:\Programme\Tobit Radio.fx\Client\rfx-client$.ger () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Services (SafeList) ========== SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe File not found SRV - (ALDITALKVerbindungsassistent_Service) -- F:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (Radio.fx) -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (GJService) -- C:\ProgramData\{9E56ECED-DC0F-4D2B-8090-839305CF6B2C}\Server.exe (SlySoft Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (MaplomL) -- C:\Windows\System32\drivers\maploml.sys (SlySoft Inc.) DRV - (Maplom) -- C:\Windows\System32\drivers\maplom.sys (SlySoft Inc.) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1022346674-2213080179-1745960570-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1022346674-2213080179-1745960570-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1022346674-2213080179-1745960570-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 1A 06 FF BC FB CD 01 [binary data] IE - HKU\S-1-5-21-1022346674-2213080179-1745960570-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1022346674-2213080179-1745960570-1002\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKU\S-1-5-21-1022346674-2213080179-1745960570-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Jonny_High_Fly\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Jonny_High_Fly\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jonny_High_Fly\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jonny_High_Fly\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.07.05 06:45:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.26 19:32:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.05 06:45:37 | 000,000,000 | ---D | M] [2013.01.26 19:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonny_High_Fly\AppData\Roaming\mozilla\Extensions [2013.01.27 16:24:11 | 000,002,376 | ---- | M] () -- C:\Users\Jonny_High_Fly\AppData\Roaming\mozilla\firefox\profiles\hyvinbo7.default\searchplugins\icq.xml [2013.01.26 19:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: NPLastPass (Enabled) = C:\Users\Jonny_High_Fly\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.1_0\nplastpass.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe Reader 6\Reader\Browser\nppdf32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\i-Tunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe Reader 6\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Programme\LastPass Windows\LPBar.dll (LastPass) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\Flash FXP 4\IEFlash.dll (IniCom Networks, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Programme\LastPass Windows\LPBar.dll (LastPass) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found O4 - HKU\S-1-5-21-1022346674-2213080179-1745960570-1002..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKU\S-1-5-21-1022346674-2213080179-1745960570-1002..\Run: [icq] C:\Users\Jonny_High_Fly\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKU\S-1-5-21-1022346674-2213080179-1745960570-1002..\Run: [rfxsrvtray] C:\Program Files\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Programme\Common Files\lpuninstall.exe (LastPass) O4 - Startup: C:\Users\Jonny_High_Fly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Programme\Trillian\trillian.exe (Cerulean Studios) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass Windows\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass Windows\context.html?cmd=fillforms File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Programme\LastPass Windows\LPBar.dll (LastPass) O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Programme\LastPass Windows\LPBar.dll (LastPass) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Programme\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6EC02F0-62B6-49B9-A1C6-84684C34BF27}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.30 10:08:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonny_High_Fly\Desktop\OTL.exe [2013.01.29 22:55:02 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\Malwarebytes [2013.01.29 22:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.29 22:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.29 22:53:59 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.01.29 22:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.01.29 22:43:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.29 22:27:04 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Local\Programs [2013.01.29 20:45:28 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\Desktop\BKA Kontakt-Dateien [2013.01.29 17:28:33 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\Trillian [2013.01.28 21:31:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe [2013.01.28 21:31:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys [2013.01.28 21:30:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll [2013.01.28 21:30:58 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll [2013.01.28 21:30:55 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys [2013.01.28 21:30:49 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.01.28 21:30:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll [2013.01.28 21:30:49 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe [2013.01.28 21:30:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll [2013.01.28 21:30:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.01.28 21:30:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll [2013.01.28 21:30:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll [2013.01.28 21:30:48 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe [2013.01.28 21:30:48 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll [2013.01.28 21:30:46 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2013.01.28 21:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.01.28 21:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.01.28 19:20:00 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2013.01.28 19:19:24 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.01.28 18:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.01.28 18:55:51 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk [2013.01.28 18:44:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.28 18:44:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.01.28 11:10:05 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\Desktop\Windows 7 Themes [2013.01.28 11:09:38 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\Tobit [2013.01.28 11:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tobit.Software [2013.01.28 11:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\Tobit Radio.fx [2013.01.28 11:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tobit [2013.01.28 11:07:16 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXCUnins.exe [2013.01.28 11:07:13 | 003,537,752 | ---- | C] (Tobit.Software) -- C:\Windows\RXSUnins.exe [2013.01.28 11:03:26 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\WinRAR [2013.01.27 16:23:57 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ [2013.01.27 16:20:02 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\ICQM [2013.01.27 16:19:32 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\ICQ-Profile [2013.01.27 16:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.27 16:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.01.27 11:56:08 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013.01.27 11:56:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.01.27 11:44:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.01.27 11:44:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.01.27 11:44:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.01.27 11:44:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.01.27 11:44:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.01.27 11:44:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.01.27 11:44:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.01.27 11:44:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.01.27 10:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2013.01.27 10:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft [2013.01.27 10:49:50 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2013.01.27 10:49:50 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2013.01.27 10:42:38 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2013.01.27 10:42:33 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2013.01.27 10:42:31 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2013.01.27 10:24:42 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\Skype [2013.01.27 09:53:42 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.26 19:34:02 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\Mozilla [2013.01.26 19:34:02 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Local\Mozilla [2013.01.26 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Local\CrashDumps [2013.01.26 17:45:04 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.26 17:44:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2013.01.26 17:41:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2013.01.26 17:39:07 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2013.01.26 17:36:21 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013.01.26 17:36:21 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll [2013.01.26 17:36:20 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.01.26 17:36:20 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll [2013.01.26 17:36:19 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2013.01.26 17:32:06 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2013.01.26 17:30:57 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2013.01.26 17:29:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2013.01.26 17:28:50 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013.01.26 17:28:50 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.01.26 17:28:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.01.26 17:28:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.01.26 17:28:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.26 17:28:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.26 17:28:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.26 17:28:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.01.26 17:28:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.01.26 17:28:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.26 17:28:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.01.26 17:28:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.01.26 17:27:44 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2013.01.26 17:27:25 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.01.26 17:27:22 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.01.26 17:27:05 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.01.26 17:26:06 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll [2013.01.26 17:26:06 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll [2013.01.26 17:24:37 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs [2013.01.26 17:24:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs [2013.01.26 17:24:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs [2013.01.26 17:24:36 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs [2013.01.26 17:24:36 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs [2013.01.26 17:24:36 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs [2013.01.26 17:24:36 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2013.01.26 17:24:36 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs [2013.01.26 17:24:36 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs [2013.01.26 17:24:35 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013.01.26 17:24:35 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2013.01.26 17:24:35 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs [2013.01.26 17:24:32 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs [2013.01.26 17:24:32 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2013.01.26 17:24:32 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs [2013.01.26 17:24:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs [2013.01.26 17:23:39 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.26 17:23:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2013.01.26 17:23:10 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2013.01.26 17:18:37 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.01.26 16:43:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013.01.26 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Roaming\Auslogics [2013.01.26 13:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.26 13:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.01.26 13:05:34 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Local\Apps [2013.01.26 13:05:32 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Local\Deployment [2013.01.26 13:04:41 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2013.01.26 13:04:39 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2013.01.26 13:03:16 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2013.01.26 13:03:16 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2013.01.26 13:03:16 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2013.01.26 13:01:10 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2013.01.26 13:01:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2013.01.26 12:59:34 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Local\ElevatedDiagnostics [2013.01.26 12:58:00 | 000,000,000 | ---D | C] -- C:\Users\Jonny_High_Fly\AppData\Local\Diagnostics [2012.06.14 18:29:02 | 010,112,544 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe ========== Files - Modified Within 30 Days ========== [2013.01.30 10:15:43 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.30 10:15:33 | 000,202,098 | ---- | M] () -- C:\Users\Jonny_High_Fly\Desktop\Dienste 4.jpg [2013.01.30 10:15:11 | 000,198,916 | ---- | M] () -- C:\Users\Jonny_High_Fly\Desktop\Dienste 3.jpg [2013.01.30 10:14:41 | 000,200,792 | ---- | M] () -- C:\Users\Jonny_High_Fly\Desktop\Dienste 2.jpg [2013.01.30 10:13:55 | 000,201,843 | ---- | M] () -- C:\Users\Jonny_High_Fly\Desktop\Dienste 1.jpg [2013.01.30 10:13:09 | 000,162,467 | ---- | M] () -- C:\Users\Jonny_High_Fly\Desktop\Prozesse.jpg [2013.01.30 10:12:00 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022346674-2213080179-1745960570-1000UA.job [2013.01.30 10:09:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonny_High_Fly\Desktop\OTL.exe [2013.01.30 10:01:05 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022346674-2213080179-1745960570-1002UA.job [2013.01.30 09:58:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.30 09:51:39 | 000,014,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 09:51:39 | 000,014,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.30 09:27:51 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.30 09:25:58 | 000,000,251 | -HS- | M] () -- C:\ProgramData\.zreglib [2013.01.30 09:25:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.30 09:25:34 | 603,598,848 | -HS- | M] () -- C:\hiberfil.sys [2013.01.29 22:45:46 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.01.29 22:43:58 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.29 22:43:58 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.29 22:43:58 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.29 22:43:58 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.29 22:38:13 | 000,000,698 | ---- | M] () -- C:\Users\Jonny_High_Fly\Desktop\bitdefender_isecurity_2013 - Verknüpfung.lnk [2013.01.29 22:37:41 | 000,001,268 | ---- | M] () -- C:\Users\Jonny_High_Fly\Desktop\Maleware checker mbam-setup-1.70.0.1100 - Verknüpfung.lnk [2013.01.29 20:45:29 | 000,024,855 | ---- | M] () -- C:\Users\Jonny_High_Fly\Desktop\BKA Kontakt.htm [2013.01.29 19:12:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022346674-2213080179-1745960570-1000Core.job [2013.01.29 19:03:19 | 000,013,120 | ---- | M] () -- C:\Users\Jonny_High_Fly\Desktop\config.bin [2013.01.29 19:01:07 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022346674-2213080179-1745960570-1002Core.job [2013.01.29 17:28:33 | 000,001,005 | ---- | M] () -- C:\Users\Jonny_High_Fly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2013.01.27 12:27:39 | 000,408,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.27 09:53:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.27 09:53:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.01.30 10:15:32 | 000,202,098 | ---- | C] () -- C:\Users\Jonny_High_Fly\Desktop\Dienste 4.jpg [2013.01.30 10:15:10 | 000,198,916 | ---- | C] () -- C:\Users\Jonny_High_Fly\Desktop\Dienste 3.jpg [2013.01.30 10:14:41 | 000,200,792 | ---- | C] () -- C:\Users\Jonny_High_Fly\Desktop\Dienste 2.jpg [2013.01.30 10:13:54 | 000,201,843 | ---- | C] () -- C:\Users\Jonny_High_Fly\Desktop\Dienste 1.jpg [2013.01.30 10:13:09 | 000,162,467 | ---- | C] () -- C:\Users\Jonny_High_Fly\Desktop\Prozesse.jpg [2013.01.29 22:38:13 | 000,000,698 | ---- | C] () -- C:\Users\Jonny_High_Fly\Desktop\bitdefender_isecurity_2013 - Verknüpfung.lnk [2013.01.29 22:37:40 | 000,001,268 | ---- | C] () -- C:\Users\Jonny_High_Fly\Desktop\Maleware checker mbam-setup-1.70.0.1100 - Verknüpfung.lnk [2013.01.29 20:45:24 | 000,024,855 | ---- | C] () -- C:\Users\Jonny_High_Fly\Desktop\BKA Kontakt.htm [2013.01.29 19:02:54 | 000,013,120 | ---- | C] () -- C:\Users\Jonny_High_Fly\Desktop\config.bin [2013.01.29 17:28:33 | 000,001,005 | ---- | C] () -- C:\Users\Jonny_High_Fly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk [2013.01.29 17:28:32 | 000,001,071 | ---- | C] () -- C:\Users\Jonny_High_Fly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk [2013.01.28 18:56:37 | 000,001,156 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022346674-2213080179-1745960570-1002UA.job [2013.01.28 18:56:29 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1022346674-2213080179-1745960570-1002Core.job [2013.01.28 11:07:12 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2013.01.27 10:50:06 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.01.27 10:42:29 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.01.27 09:53:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.26 19:15:22 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2013.01.26 13:09:41 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.26 13:09:16 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.15 09:39:40 | 000,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.06.14 16:25:07 | 000,000,214 | ---- | C] () -- C:\Windows\wininit.ini [2012.06.13 22:52:53 | 000,305,021 | ---- | C] () -- C:\Users\Jonny_High_Fly\Homer.themepack [2012.05.26 16:07:58 | 000,000,251 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.23 01:47:25 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2012.05.23 01:47:25 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2012.03.23 16:57:21 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.03.23 16:55:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:EC889888 < End of report > Hier die Extras.txt, die von OTL erstellt wurde : OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.01.2013 10:27:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jonny_High_Fly\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 767,52 Mb Total Physical Memory | 135,69 Mb Available Physical Memory | 17,68% Memory free 1,95 Gb Paging File | 0,47 Gb Available in Paging File | 24,00% Paging File free Paging file location(s): c:\pagefile.sys 16 4095f:\pagefil [Binary data over 200 bytes] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,53 Gb Total Space | 15,03 Gb Free Space | 20,17% Space Free | Partition Type: NTFS Drive F: | 248,09 Gb Total Space | 25,37 Gb Free Space | 10,23% Space Free | Partition Type: NTFS Drive G: | 50,00 Gb Total Space | 11,07 Gb Free Space | 22,15% Space Free | Partition Type: NTFS Computer Name: WINDOWS_7_ULTIM | User Name: Jonny_High_Fly | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1022346674-2213080179-1745960570-1002\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\FlashFXP 4\FlashFXP.exe" = C:\Program Files\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 "C:\Program Files\Flash FXP 4\FlashFXP.exe" = C:\Program Files\Flash FXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashFXP 4\FlashFXP.exe" = C:\Program Files\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 "C:\Program Files\Flash FXP 4\FlashFXP.exe" = C:\Program Files\Flash FXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4C5A8D24-25DC-4753-B710-1D6DCA21E367}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0840E18E-380E-40C1-B691-3EDD741FE9DA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{0D1C56D0-A709-4D99-A2A5-C33A91757F94}" = protocol=6 | dir=in | app=c:\users\jonny_high_fly\appdata\roaming\icqm\icq.exe | "{0F2B9DD1-364F-4EBF-8F5D-C94E501054AF}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | "{17704740-AA24-4C88-9394-54F3D878376D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{19C6D51D-738B-4FB9-88C7-FCC779A99201}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1E7D88FE-7DD9-455F-8EEA-CDD89130DD70}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{20F4F997-4759-47C7-B6CD-DEAE096631F1}" = protocol=17 | dir=in | app=c:\users\jonny_high_fly\appdata\roaming\icqm\icq.exe | "{3A44CF7C-A0ED-4A48-A3D8-EF0146831483}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "{4ECEA981-DB38-437C-B31C-729B4E2B92A3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{5430F0D4-AF6E-4F4D-BB32-7094C7F96E6C}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "{5DFF90DB-4894-417B-84A1-4C14F3E55576}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{616207E7-C350-4AB5-B264-1B3F88ABC8A9}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "{633BFA9D-A53D-476D-9249-2B7B0D9A50DB}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe | "{6C473962-313B-4D0A-80F4-986A5283F240}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{6CADADAD-B608-46E7-9A3B-FF1E0D22AE76}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | "{6D573CE1-063B-4842-8B12-7EDD2108A8B1}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | "{6E7B6B53-1B69-49A6-91AB-27B92DE1D4C2}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe | "{7610A435-8136-4D08-9F7F-D4B6247B3F59}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe | "{778FAFC4-6960-49C9-ACF5-0D06885FB9F6}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "{861CE1D4-7B22-4992-85EE-013EC3F97ED5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{86770001-B73D-4917-9D9B-C7051E8AD520}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | "{9BAE95E6-E4E7-46DF-A4AE-0F94E9AAA833}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | "{9E5FAA20-6437-49F7-B9C5-42A3FF70B6FB}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | "{AEAB177F-1903-4472-B4BE-80A212BBEE03}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{B22E55D2-DD39-4721-92C4-08AA20C91665}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | "{BB1B3343-2846-4E8B-BF02-AE4198192E65}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{BD3844F0-B0D2-45CD-8265-4536F9282E43}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "{C53CE854-C70F-4253-AC00-C028EF7FB4D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F14DCBC5-C3BB-4EA9-87C2-5C49EE3CAA01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F4989CE8-8723-4128-AC1C-45C74571E242}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{FC1CC8BF-F741-4A15-ACC3-13B66CA7D707}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | "TCP Query User{0308C0F5-054F-4645-98FD-0F8F558AD4FD}F:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=f:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{3D481104-2087-4869-90DF-9EF044B7FBEC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{4C98C5A6-2ED2-49C3-AE55-3693C971BEBE}C:\program files\trillian\plugins\skypekit.exe" = protocol=6 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | "TCP Query User{5AAD3004-A242-421D-BB38-AFBE541A8926}F:\$$$\spiele\siedler 5\installiertes spiel\extra2\bin\settlershok.exe" = protocol=6 | dir=in | app=f:\$$$\spiele\siedler 5\installiertes spiel\extra2\bin\settlershok.exe | "TCP Query User{D7B54BBD-78FD-49DA-8BE0-85800EA0276A}C:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=6 | dir=in | app=c:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe | "TCP Query User{FB9287FC-55A4-439F-8039-30A0DEEAA266}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{1559BD14-CCB4-475F-A41E-A15F07933B04}F:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=f:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{15E47F00-E4BE-40E4-B8D5-CC0CBC2E4DDB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4A2E7CB4-93B8-4525-8C5F-3079BD51C7DD}C:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe" = protocol=17 | dir=in | app=c:\program files\panda security\panda antivirus pro 2012\apvxdwin.exe | "UDP Query User{699032CF-1871-4421-A9C4-28BC328F57CF}C:\program files\trillian\plugins\skypekit.exe" = protocol=17 | dir=in | app=c:\program files\trillian\plugins\skypekit.exe | "UDP Query User{7B280090-3220-484B-9816-5AF7031622A1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{9BA7F35A-0522-497E-8963-ED9FB083F9BA}F:\$$$\spiele\siedler 5\installiertes spiel\extra2\bin\settlershok.exe" = protocol=17 | dir=in | app=f:\$$$\spiele\siedler 5\installiertes spiel\extra2\bin\settlershok.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{51485B01-005D-40DA-A416-097995B61268}" = Nero 11 Collection 1 "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1 "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 261.01 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 261.01 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B5DA1BBC-27F1-4A18-A2E8-38ED2314D458}_is1" = CloneCD v5.3.1.4 ByBlack "{B7E01095-8BAA-456E-8AED-504C3CCADBA0}" = Nero 11 "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{E08DE897-B6AF-4DFF-9E90-131E80C876B4}" = DIE SIEDLER - Das Erbe der Könige - Gold Edition "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "CloneCD" = CloneCD "FLV Player" = FLV Player 2.0 (build 25) "Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.20.221 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221 "Game Jackal Manager_is1" = Game Jackal Manager v3.2.0.6 "Game Jackal v4_is1" = Game Jackal v4.0.2.5 (32 bit) "Google Chrome" = Google Chrome "ImgBurn" = ImgBurn "IncrediMail" = IncrediMail 2.0 "IsoBuster_is1" = IsoBuster 1.9.1 "LastPass" = LastPass (uninstall only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "RealPlayer 12.0" = RealPlayer "SpeedFan" = SpeedFan (remove only) "TeamViewer 6" = TeamViewer 6 "Tobit Radio.fx Server" = Radio.fx "Trillian" = Trillian "VirtualCloneDrive" = VirtualCloneDrive "vReveal" = vReveal "WinRAR archiver" = WinRAR 4.11 (32-Bit) "Xilisoft Burn Pro" = Xilisoft Burn Pro "Xilisoft ISO Burner" = Xilisoft ISO Burner "Xilisoft ISO Maker" = Xilisoft ISO Créateur "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1022346674-2213080179-1745960570-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer) "LastPass" = LastPass (uninstall only) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.01.2013 04:36:24 | Computer Name = Windows_7_Ultim | Source = MsiInstaller | ID = 11714 Description = Error - 29.01.2013 12:42:36 | Computer Name = Windows_7_Ultim | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: trillian.exe, Version: 5.3.0.12, Zeitstempel: 0x50f5c138 Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161, Zeitstempel: 0x4dace5b9 Ausnahmecode: 0xc0000417 Fehleroffset: 0x0006ccd5 ID des fehlerhaften Prozesses: 0x1178 Startzeit der fehlerhaften Anwendung: 0x01cdfe3ea82a09d3 Pfad der fehlerhaften Anwendung: C:\Program Files\Trillian\trillian.exe Pfad des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll Berichtskennung: e2599c2e-6a32-11e2-b152-00110a00b5f6 Error - 29.01.2013 15:17:03 | Computer Name = Windows_7_Ultim | Source = Application Hang | ID = 1002 Description = Programm trillian.exe, Version 5.3.0.12 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: bd4 Startzeit: 01cdfe3fb96e38c9 Endzeit: 3257 Anwendungspfad: C:\Program Files\Trillian\trillian.exe Berichts-ID: 52d1aeb3-6a48-11e2-b152-00110a00b5f6 Error - 29.01.2013 15:34:32 | Computer Name = Windows_7_Ultim | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 390 Startzeit: 01cdfe570ec543d2 Endzeit: 437 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 29.01.2013 15:44:56 | Computer Name = Windows_7_Ultim | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 15e4 Startzeit: 01cdfe57a9a3bdce Endzeit: 32 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 29.01.2013 15:46:53 | Computer Name = Windows_7_Ultim | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 614 Startzeit: 01cdfe591da80af8 Endzeit: 63 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: Error - 29.01.2013 17:41:32 | Computer Name = Windows_7_Ultim | Source = ConnectifySvc | ID = 0 Description = Error - 29.01.2013 17:50:23 | Computer Name = Windows_7_Ultim | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 29.01.2013 20:29:02 | Computer Name = Windows_7_Ultim | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 30.01.2013 04:25:57 | Computer Name = Windows_7_Ultim | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 29.01.2013 20:29:02 | Computer Name = Windows_7_Ultim | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ALDITALKVerbindungsassistent_Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 29.01.2013 20:29:02 | Computer Name = Windows_7_Ultim | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: %%14001 Error - 29.01.2013 20:29:02 | Computer Name = Windows_7_Ultim | Source = Application Popup | ID = 875 Description = Treiber atksgt.sys konnte nicht geladen werden. Error - 29.01.2013 20:29:02 | Computer Name = Windows_7_Ultim | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 30.01.2013 04:25:57 | Computer Name = Windows_7_Ultim | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ALDITALKVerbindungsassistent_Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 30.01.2013 04:25:57 | Computer Name = Windows_7_Ultim | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet: %%14001 Error - 30.01.2013 04:25:57 | Computer Name = Windows_7_Ultim | Source = Application Popup | ID = 875 Description = Treiber atksgt.sys konnte nicht geladen werden. Error - 30.01.2013 04:25:57 | Computer Name = Windows_7_Ultim | Source = Service Control Manager | ID = 7000 Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 30.01.2013 04:33:34 | Computer Name = Windows_7_Ultim | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Defender" wurde nicht richtig gestartet. Error - 30.01.2013 04:37:04 | Computer Name = Windows_7_Ultim | Source = Service Control Manager | ID = 7022 Description = Der Dienst "Windows Update" wurde nicht richtig gestartet. < End of report > Hier der Security Task Manager : Hier meine Systeminformationen : Betriebssystemname Microsoft Windows 7 Ultimate Version 6.1.7601 Service Pack 1 Build 7601 Zusätzliche Betriebssystembeschreibung Nicht verfügbar Betriebssystemhersteller Microsoft Corporation Systemname -------------------------- Systemhersteller Hewlett-Packard Systemmodell hp workstation xw4100 Systemtyp X86-basierter PC Prozessor Intel(R) Pentium(R) 4 CPU 2.40GHz, 2394 MHz, 1 Kern(e), 1 logische(r) Prozessor(en) BIOS-Version/-Datum Hewlett-Packard 786B3 v1.18, 01.04.2004 SMBIOS-Version 2.3 Windows-Verzeichnis C:\Windows Systemverzeichnis C:\Windows\system32 Startgerät \Device\HarddiskVolume1 Gebietsschema Deutschland Hardwareabstraktionsebene Version = "6.1.7601.17514" Benutzername -------------------------------- Zeitzone Mitteleuropäische Zeit Installierter physikalischer Speicher (RAM) 768 MB Gesamter realer Speicher 768 MB Verfügbarer realer Speicher 100 MB Gesamter virtueller Speicher 2,04 GB Verfügbarer virtueller Speicher 585 MB Größe der Auslagerungsdatei 1,29 GB Auslagerungsdatei C:\pagefile.sys Ich habe einen HP XW 4100 Computer geändert habe ich nur die Grafikkarte : Nvidia Geforce 6200 ( 512 mb ) und den RAM, es ist ein 256 Mb und ein 512 MB verbaut . Datenblatt HP XW 4100 |
30.01.2013, 16:56 | #4 | |
/// Helfer-Team | Vermute Fremdzugriff, brauche Hilfe ! Wie sichere ich mich gegen Hacker sicher ab und wie finde ich restlos alle Viren ?Zitat:
Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. |
Themen zu Vermute Fremdzugriff, brauche Hilfe ! Wie sichere ich mich gegen Hacker sicher ab und wie finde ich restlos alle Viren ? |
abwehren, adware.agent, brauche, brauche hilfe, compu, computer, dont.steal.our.software, entfernen, fremdzugriff, hacker, informieren, merkwürdige, passieren, pup.hacktool.patcher, riskware.tool.ck, riskware.tool.hck, sache, sachen, trojan.agent.ck, upload, vermute, viren ?, virus |