|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit WebcamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.02.2013, 01:11 | #1 |
| GVU Trojaner mit Webcam Hallo zusammen, ich habe mir gestern Abend leider auch den GVU-Trojaner eingefangen. Ich habe zunächst im abgesicherten Modus einen Systemherstellung von letzter Woche gemacht, um wieder Zugriff auf meinen Laptop zu bekommen. Wenn ich versuche Malwarebytes durchlaufen zu lassen, stürzt das Programm immer bei einer Datei ab C:\Volume Information System\SPP\SPPGroupCache\{D68C144E-3C2F-4FE4-87A0-3BA0377308BC}_DriverPackageInfo Könnt ihr mir vielleicht weiterhelfen, dass ich das Ding wieder los bin? Dankeschön schnon einmal im Vorraus. Hier die log files OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 03.02.2013 00:04:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,48% Memory free 4,00 Gb Paging File | 2,65 Gb Available in Paging File | 66,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 41,13 Gb Free Space | 42,16% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 129,21 Gb Free Space | 95,55% Space Free | Partition Type: NTFS Drive F: | 526,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.03 00:02:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012.12.26 10:09:06 | 000,171,976 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2012.12.26 10:05:32 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe PRC - [2012.12.26 10:03:22 | 000,203,400 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\SystemCore\mcshield.exe PRC - [2012.12.22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.10.26 19:16:12 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.313\SSScheduler.exe PRC - [2012.09.12 11:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe PRC - [2011.12.05 18:52:10 | 000,188,600 | ---- | M] (Panasonic Corporation) -- C:\Programme\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2007.05.09 16:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe ========== Modules (No Company Name) ========== MOD - [2013.01.09 19:22:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.09 19:22:13 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 19:21:52 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 19:21:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 19:21:48 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 19:21:38 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll ========== Services (SafeList) ========== SRV - [2013.01.18 23:53:41 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.11 13:11:57 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.26 10:09:06 | 000,171,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2012.12.26 10:05:32 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2012.12.26 10:03:22 | 000,203,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.16 21:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.10.26 19:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012.08.31 12:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2012.08.07 22:37:46 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - [2013.02.02 23:49:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.12.26 10:12:06 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2012.12.26 10:09:16 | 000,210,168 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2012.12.26 10:07:54 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2012.12.26 10:06:54 | 000,565,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012.12.26 10:05:52 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2012.12.26 10:05:22 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2012.12.26 10:05:02 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2012.12.26 10:04:34 | 000,132,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2012.08.01 19:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6) DRV - [2012.08.01 19:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2012.05.11 10:37:32 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.04.20 15:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK) DRV - [2011.12.15 19:29:42 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.11.21 03:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.13 23:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2009.06.25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.06.25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2009.06.25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2007.10.10 16:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.03.05 09:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF FA 86 BA 7E 95 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6DD0E2F9-342C-4E44-8459-6B830315BC6A}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/" FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.0.3 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013.02.02 18:55:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013.02.02 19:08:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.02 18:55:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.02.02 18:55:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.02 18:55:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.06 20:45:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.11 13:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\12l9q552.default\extensions [2012.12.11 13:38:31 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\12l9q552.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.29 12:09:24 | 000,077,690 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\12l9q552.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi [2013.01.18 23:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.02 18:55:17 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2013.01.18 23:53:42 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.11 07:57:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 16:40:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.11 07:57:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.11 07:57:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.09 20:31:13 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.06.11 07:57:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.11 07:57:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\Mcafee\SystemCore\ScriptSn.20120627182014.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C25DA46-508E-46D2-B56D-B3634D894164}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4199C1F7-D98C-484B-BE88-A39A0FF672E8}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Programme\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2003.02.20 16:47:48 | 000,000,193 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{62f38987-9a75-11e1-9842-001dd9eb3fa3}\Shell - "" = AutoRun O33 - MountPoints2\{62f38987-9a75-11e1-9842-001dd9eb3fa3}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2003.04.22 16:57:34 | 002,404,448 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{62f38987-9a75-11e1-9842-001dd9eb3fa3}\Shell\directx\command - "" = F:\DIRECTX\DXSETUP.EXE -- [2002.12.11 09:59:40 | 000,461,824 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{62f38987-9a75-11e1-9842-001dd9eb3fa3}\Shell\setup\command - "" = F:\SETUP.EXE -- [2003.04.22 16:57:34 | 002,404,448 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.03 00:02:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.02 22:52:37 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.02 22:44:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.02 22:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.02.02 22:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.02.02 19:12:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.02.02 19:12:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.02.02 19:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.02 19:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.02 19:11:36 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.02 19:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.02 19:11:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.02.02 19:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013.02.02 19:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.02 15:28:37 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.02.01 14:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\Seterra [2013.01.18 23:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.01.12 16:55:27 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Brother [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.03 00:02:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.02.03 00:01:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.02.02 23:52:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.02 23:49:04 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.02.02 22:42:24 | 000,104,478 | ---- | M] () -- C:\Users\***\Documents\cc_20130202_224207.reg [2013.02.02 22:38:50 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.02 19:11:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.02 19:06:54 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.02 19:06:47 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.02 19:02:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.02 19:01:57 | 1609,072,640 | -HS- | M] () -- C:\hiberfil.sys [2013.02.02 18:12:45 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.02 18:12:45 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.18 12:57:46 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.18 12:57:46 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.18 12:57:46 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.18 12:57:46 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.09 19:20:45 | 000,314,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.03 00:01:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.02.02 22:42:11 | 000,104,478 | ---- | C] () -- C:\Users\***\Documents\cc_20130202_224207.reg [2013.02.02 22:38:50 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.02 19:11:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.21 19:31:45 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.12.21 19:24:22 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2012.11.19 20:55:37 | 001,064,960 | ---- | C] () -- C:\Windows\System32\h5krnl32.dll [2012.11.19 20:55:37 | 000,188,928 | ---- | C] () -- C:\Windows\System32\h5icon32.dll [2012.11.19 20:55:37 | 000,175,616 | ---- | C] () -- C:\Windows\System32\h5menu32.dll [2012.11.19 20:55:37 | 000,095,744 | ---- | C] () -- C:\Windows\System32\h5rtf32.dll [2012.11.19 20:55:37 | 000,051,200 | ---- | C] () -- C:\Windows\System32\h5tool32.dll [2012.08.17 09:20:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2012.08.17 09:20:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2012.08.17 09:20:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2012.08.17 09:20:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2012.08.17 09:20:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2012.08.17 09:20:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2012.08.17 09:20:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2012.08.17 09:20:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2012.08.17 09:20:17 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2012.08.17 09:20:17 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2012.08.17 09:20:17 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2012.08.17 09:20:17 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2012.08.17 09:20:17 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2012.08.17 09:20:17 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2012.08.17 09:20:17 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2012.08.17 09:20:17 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2012.08.17 09:20:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2012.08.17 09:20:17 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2012.08.17 09:20:17 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.04.12 02:30:05 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.04.12 02:30:05 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.02 22:40:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.02.02 19:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.05.21 20:23:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.05.06 21:12:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.26 21:12:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Langenscheidt [2013.01.21 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SAP ========== Purity Check ========== < End of report > EXTRASOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.02.2013 00:04:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,48% Memory free 4,00 Gb Paging File | 2,65 Gb Available in Paging File | 66,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 41,13 Gb Free Space | 42,16% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 129,21 Gb Free Space | 95,55% Space Free | Partition Type: NTFS Drive F: | 526,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PHILIP-LAPTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02406624-BFEA-4EA3-BBFF-463A81C9B6BC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{02D598B9-A646-485F-85B8-8D84D7BB84CE}" = lport=56705 | protocol=17 | dir=in | name=pando media booster | "{1B24DEC4-90AE-455F-9990-00AF1EADD74D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{216CF643-CE2B-4E39-81D2-3FFAB8DBFF7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2EFACD54-186A-4999-8D90-A66B07A5D7C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{30C6F2BE-1A68-48F5-B229-02AC486D97CB}" = lport=56705 | protocol=17 | dir=in | name=pando media booster | "{3536E7F1-CABA-4655-87FE-7C6EC02BDF3F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{38C19173-BA38-4586-8191-42EBBCC60AD9}" = lport=56705 | protocol=6 | dir=in | name=pando media booster | "{3A154748-CAA3-4B9B-AB0B-2BB9DA31051B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4722E6AC-5319-4911-BB43-6DD2C40258E0}" = rport=137 | protocol=17 | dir=out | app=system | "{5C511323-59CC-41B4-B67F-97312CCBF386}" = rport=139 | protocol=6 | dir=out | app=system | "{6364E0BA-B256-4A2B-9F81-4A56AF278E18}" = lport=2869 | protocol=6 | dir=in | app=system | "{65861E4C-962A-4530-BA83-F69196617E74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{68C4D347-AD24-4F15-867D-6D24B46C67F4}" = rport=10243 | protocol=6 | dir=out | app=system | "{83FA99A7-B2FE-4E85-9917-FC49E9721D1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8C0D9041-7890-46DB-AACB-FC615D6494DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{94519039-65BF-488D-88F7-F93A48A64ECB}" = lport=445 | protocol=6 | dir=in | app=system | "{A2251801-7F1E-47D7-9F82-6CC6290AE459}" = rport=138 | protocol=17 | dir=out | app=system | "{A6AED1FF-46E5-454E-B692-A064EF6B065A}" = lport=139 | protocol=6 | dir=in | app=system | "{A7AC8A21-9AD1-40DC-AA58-F8518B74D09E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AB747978-0046-48D7-9082-FF85ABA5E8BE}" = lport=137 | protocol=17 | dir=in | app=system | "{B0214344-419C-4AF4-83DF-DBF075BD8768}" = lport=56705 | protocol=6 | dir=in | name=pando media booster | "{B0357CC6-3373-4C29-AC5B-88CAF2BBD74A}" = rport=445 | protocol=6 | dir=out | app=system | "{B678461D-8B6D-4E83-B48F-A442D5854A8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BC4E50EA-5478-4D1C-BE7C-E655F409225F}" = lport=138 | protocol=17 | dir=in | app=system | "{D87FFB4E-DA03-4053-B5EC-02DC4579EDC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F0008050-EDB6-4760-8AB2-8710B6A4A7F6}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009280C5-CBFD-46EE-BAB6-EFFC349EF592}" = protocol=58 | dir=in | app=system | "{063B1DFA-82EF-4BD4-8D43-0A8F2AB75927}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{0668C09C-9241-438A-93D9-10F268015EA2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0E5AFCC8-635C-47F5-8CED-754BA1328C42}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{30AC8214-7061-44CC-BA41-13D5036693F5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{30DF1793-684D-4DC3-8D63-DBEE2406356F}" = protocol=6 | dir=out | app=system | "{3A4BF1EF-4902-4D23-944D-94D360EF3688}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3BE558FC-B153-4735-BB55-DBF5E7690AB8}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{3DCD0416-29E3-4208-940A-A44617FC493E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4B0570E0-65E0-4DEA-9CA4-150E89D8B737}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4F67652A-3A80-4254-9D08-F05A4872D8C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{53B06B91-9200-473B-941A-915040239C80}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{561964C7-80FB-4CD8-99B3-F9E904CB2211}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5A11F325-9BC7-4BCD-8200-BB700418A547}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{632715B0-5BEC-4478-A8BD-79911C003316}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{67BF4BA6-AE1F-4468-9B45-240A2E84B2F5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{75507BD8-DBAC-4AAD-9E23-182C53C6EB35}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{77B4869E-98AE-4DDD-96EF-026211D5C7ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{79B0B16E-234F-4EC8-AE26-1DE748770609}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{8595B619-DB55-444B-A1D5-1AA6FD1D0898}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{89F4BB23-F213-42FE-9ADD-78F591E9761F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A3D2A307-E564-4DE3-8E07-7586A4B9EB9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AD052435-4A91-4245-A76E-17516EB4D4C4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{AF2053BC-A59C-4AB4-B33A-47C57F954B45}" = dir=in | app=c:\program files\itunes\itunes.exe | "{BF6C9BAE-819A-49C2-860F-05DC8C21E4A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C9834896-2762-4473-9A5A-2875E7AEEE09}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CFB31B2A-12CC-445B-A50E-04C25EBB6251}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D87D3716-D026-49B8-B6BA-420BD9600E15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D8C2A9C9-5E7C-4A85-A387-49F1574AD799}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DFDDA74D-AD21-4AEC-BFE5-B58B53B13C6C}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{EC12759D-40D8-4F30-8E4B-8EA74D2FA047}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{F1649554-8469-4A6F-9FCB-C5016E737318}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FB876EAA-480C-49E9-879A-D2D262C95D83}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{FDA6937E-CFE9-40A8-A33E-599CD8C45F7C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.04 "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{5BB72321-F9E7-42C2-9400-AFC195E4F8C6}" = Vokabeltrainer-Update 6.0.18 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{8624888C-A959-45A5-98F4-292E956325EA}" = LECTURNITY Player "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86) "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{BA49C568-7380-494F-9D15-EC2CE7F142C4}" = Langenscheidt Vokabeltrainer 6.0 Englisch "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1 "{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86) "{E715809A-194F-4AD6-84E6-36C88267940B}" = PHOTOfunSTUDIO 8.0 AE "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CCleaner" = CCleaner "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) "DAEMON Tools Lite" = DAEMON Tools Lite "Free Studio_is1" = Free Studio version 5.4.9 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSC" = McAfee SecurityCenter "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "PokerStars" = PokerStars "SAPBI" = SAP Business Explorer "SAPGUI710" = SAP GUI for Windows 7.20 "WinRAR archiver" = WinRAR 4.01 (32-Bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.02.2013 14:04:44 | Computer Name = ***-Laptop | Source = McLogEvent | ID = 5022 Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3 Error - 02.02.2013 15:32:45 | Computer Name = ***-Laptop | Source = Application Hang | ID = 1002 Description = Programm mbam.exe, Version 1.70.0.9 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7f0 Startzeit: 01ce0170e20300e7 Endzeit: 982 Anwendungspfad: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Berichts-ID: 49997b08-6d6f-11e2-a725-001dd9eb3fa3 Error - 02.02.2013 16:14:40 | Computer Name = ***-Laptop | Source = Application Hang | ID = 1002 Description = Programm mbam.exe, Version 1.70.0.9 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1040 Startzeit: 01ce017c210dbb09 Endzeit: 1638 Anwendungspfad: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Berichts-ID: 196c9189-6d75-11e2-a725-001dd9eb3fa3 Error - 02.02.2013 17:33:44 | Computer Name = ***-Laptop | Source = Application Hang | ID = 1002 Description = Programm mbam.exe, Version 1.70.0.9 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1fe0 Startzeit: 01ce018217fa1e46 Endzeit: 296 Anwendungspfad: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Berichts-ID: 332b6427-6d80-11e2-a725-001dd9eb3fa3 Error - 02.02.2013 17:42:51 | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0119421359288256) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error - 02.02.2013 17:43:45 | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0119421359288256) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error - 02.02.2013 17:46:17 | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0119421359288256) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error - 02.02.2013 17:46:40 | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0119421359288256) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error - 02.02.2013 17:47:31 | Computer Name = ***-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 513 Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0119421359288256) since QueryServiceConfig API failed System Error: Das System kann die angegebene Datei nicht finden. . Error - 02.02.2013 18:46:29 | Computer Name = ***-Laptop | Source = Application Hang | ID = 1002 Description = Programm mbam.exe, Version 1.70.0.9 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1de8 Startzeit: 01ce018fd9542e9c Endzeit: 156 Anwendungspfad: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Berichts-ID: 5ebdb3aa-6d8a-11e2-a725-001dd9eb3fa3 [ System Events ] Error - 23.11.2012 15:41:39 | Computer Name = ***-Laptop | Source = Microsoft-Windows-HAL | ID = 12 Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Error - 23.11.2012 21:41:42 | Computer Name = ***-Laptop | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 24.11.2012 12:07:38 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7034 Description = Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 24.11.2012 14:54:39 | Computer Name = ***-Laptop | Source = Microsoft-Windows-HAL | ID = 12 Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist. Error - 24.11.2012 20:54:43 | Computer Name = ***-Laptop | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 25.11.2012 12:59:31 | Computer Name = ***-Laptop | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 25.11.2012 15:33:35 | Computer Name = ***-Laptop | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 25.11.2012 18:00:15 | Computer Name = ***-Laptop | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 25.11.2012 18:00:16 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7034 Description = Dienst "LogMeIn Hamachi Tunneling Engine" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 26.11.2012 01:33:13 | Computer Name = ***-Laptop | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. < End of report > GMER GMER Logfile: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-03 00:45:12 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD2500BEVS-75UST0 rev.01.01A01 232,89GB Running: gmer_2.0.18454.exe; Driver: C:\Users\***~1\AppData\Local\Temp\kxdiykob.sys ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83092A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830CC4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1976] kernel32.dll!LoadLibraryA 770DDC65 5 Bytes JMP 6F878360 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1976] kernel32.dll!LoadLibraryW 770DEF42 5 Bytes JMP 6F878460 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) ---- Processes - GMER 2.0 ---- Library C:\Program (*** hidden *** ) @ C:\Windows\system32\lsass.exe [700] 0x70490000 Library C:\Program (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1532] 0x70490000 Library C:\Program (*** hidden *** ) @ C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [4972] 0x70490000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001dd9eb3fa3 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001dd9eb3fa3 (not active ControlSet) ---- EOF - GMER 2.0 ---- |
04.02.2013, 01:10 | #2 |
/// Helfer-Team | GVU Trojaner mit WebcamDownloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
04.02.2013, 13:02 | #3 |
| GVU Trojaner mit Webcam Hallo t'john,
__________________schon einmal vielen Dank für deine Hilfe =) Hier der log von mbar (es wurde nichts gefunden und dementsprechend auch kein cleanup gemacht) mbar-log Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017 www.malwarebytes.org Database version: v2013.02.04.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-LAPTOP [administrator] 04.02.2013 12:04:07 mbar-log-2013-02-04 (12-04-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28396 Time elapsed: 12 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
04.02.2013, 15:02 | #4 |
/// Helfer-Team | GVU Trojaner mit Webcam Sehr gut! ESET Online Scanner Vorbereitung
Downloade Dir bitte SecurityCheck und:
|
04.02.2013, 17:05 | #5 |
| GVU Trojaner mit Webcam Hallo, hier schon mal das Logfile von ESET Online Scanner Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=b406e7c622e4954eb4c7353f2ad99e5f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-04 03:58:43 # local_time=2013-02-04 04:58:43 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5122 16777213 100 100 169406 109832281 0 0 # compatibility_mode=5893 16776574 100 94 169180 111624714 0 0 # scanned=105696 # found=0 # cleaned=0 # scan_time=4264 und noch der SecurityCheck log Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` McAfee Anti-Virus und Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 CCleaner Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0.1) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
05.02.2013, 03:13 | #6 |
/// Helfer-Team | GVU Trojaner mit Webcam Aktualisiere: Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)danach: Downloade Dir bitte AdwCleaner auf deinen Desktop.
Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren.
__________________ --> GVU Trojaner mit Webcam |
05.02.2013, 07:44 | #7 |
| GVU Trojaner mit Webcam Hallo t'john, alle Punkt ausgeführt =) Hier das Logfile von ADW Cleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.110 - Datei am 05/02/2013 um 07:40:18 erstellt # Aktualisiert am 03/02/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : *** - PHILIP-LAPTOP # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v18.0.1 (de) Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\12l9q552.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [849 octets] - [05/02/2013 07:38:18] AdwCleaner[S1].txt - [352 octets] - [05/02/2013 07:39:52] AdwCleaner[S2].txt - [869 octets] - [05/02/2013 07:40:18] ########## EOF - C:\AdwCleaner[S2].txt - [928 octets] ########## |
05.02.2013, 19:13 | #8 |
/// Helfer-Team | GVU Trojaner mit Webcam Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
05.02.2013, 23:21 | #9 |
| GVU Trojaner mit Webcam Hallo t'john, VIELEN, VIELEN DANK für dein Hilfe! Echt super, dass das Board hier sowas anbietet und Leute auch noch ihre Freizeit opfern, um uns zu helfen. Werde sicherlich mal eine kleine Spende darlassen =) Viele Grüße! |
07.02.2013, 00:40 | #10 |
/// Helfer-Team | GVU Trojaner mit Webcamwir wuenschen eine virenfreie Zeit |
Themen zu GVU Trojaner mit Webcam |
autorun, bho, bonjour, converter, error, fehler, firefox, flash player, install.exe, kaspersky, logfile, mozilla, mp3, nvidia update, object, office 2007, pando media booster, programm, registry, rundll, scan, security, senden, siteadvisor, software, svchost.exe, system error, trojaner, windows |