| |
| |||||||
Log-Analyse und Auswertung: gvu trojaner mit webcamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.02.2013, 16:09
| #1 |
 |  gvu trojaner mit webcam Hallo, ich hatte den gvu-Trojaner auf dem Desktop, mit der Bitte 100,- zu bezahlen, der Bildschirm wurde wieder frei nachdem ich den Task Manager geöffnet habe (Win 7). Jetzt habe ich Malwarebytes anti malware runtergeladen gescannt, 2 Fehler gefunden. Bericht: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.14.06 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 KAI :: KAI-TOSH [Administrator] 14.02.2013 15:50:52 mbam-log-2013-02-14 (15-50-52).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 277407 Laufzeit: 5 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\KAI\7949650.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Was jetzt? Vielen Dank. noopys OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.02.2013 16:30:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KAI\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,73 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 56,98% Memory free 7,47 Gb Paging File | 5,19 Gb Available in Paging File | 69,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 35,74 Gb Free Space | 23,98% Space Free | Partition Type: NTFS Drive D: | 31,47 Gb Total Space | 5,29 Gb Free Space | 16,82% Space Free | Partition Type: NTFS Drive F: | 117,19 Gb Total Space | 7,10 Gb Free Space | 6,06% Space Free | Partition Type: NTFS Computer Name: KAI-TOSH | User Name: KAI | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.14 16:26:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KAI\Desktop\OTL.exe PRC - [2013.02.13 07:55:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.13 07:54:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.13 07:54:36 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.19 19:47:10 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2012.11.19 19:15:30 | 000,073,392 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2012.11.16 12:05:24 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.04.17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.06.09 12:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011.01.07 11:11:38 | 000,584,232 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.01.15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 20:44:46 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.10.06 11:54:26 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.04.17 14:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012.04.17 14:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012.04.17 14:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012.04.17 14:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012.04.17 14:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2012.04.17 14:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012.04.17 14:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012.04.17 14:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012.04.17 14:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.07.14 18:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 22:23:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2009.06.10 22:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009.06.10 22:23:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.10.13 22:28:54 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2010.10.13 22:28:54 | 000,200,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2010.10.13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2009.10.21 08:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv) SRV:64bit: - [2009.07.28 13:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2013.02.13 07:55:14 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.13 07:54:37 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.11 20:19:59 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.19 19:47:10 | 002,447,440 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2012.11.02 19:19:36 | 000,827,560 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.01.07 11:11:38 | 000,584,232 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2010.04.23 17:08:32 | 000,259,440 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV - [2010.04.12 09:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.01.15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.02.05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2007.02.05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service) SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 20:40:13 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 20:40:12 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.11.01 15:31:48 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 15:50:34 | 000,225,920 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV:64bit: - [2012.02.15 15:50:34 | 000,049,152 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV:64bit: - [2012.02.15 15:50:34 | 000,039,680 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.10.24 07:02:10 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.10.13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010.10.13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2010.10.13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2010.10.13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010.10.13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2010.10.13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2010.10.13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2010.10.13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.04.30 09:19:30 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.04.08 11:47:00 | 000,060,536 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2010.04.07 09:51:00 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2010.03.24 12:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.19 15:39:00 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie) DRV:64bit: - [2010.03.11 19:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.02.26 15:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.24 10:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.02.24 10:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.02.03 05:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.01.14 14:59:36 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.10.10 03:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.30 18:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 11:25:14 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 21:12:00 | 000,019,824 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2009.06.29 15:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm) DRV:64bit: - [2009.06.29 09:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv) DRV:64bit: - [2009.06.22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.19 09:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.11.02 19:20:00 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://global.acer.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{ACD37C95-B735-4D50-B655-B4B6DAC285B3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {439AA27B-EC0B-4CD1-ADD1-B0B52A143FAA} IE - HKLM\..\SearchScopes\{439AA27B-EC0B-4CD1-ADD1-B0B52A143FAA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_de IE - HKCU\..\SearchScopes\{69E844A5-8A90-4671-BE7F-CCC1FB3D9BB6}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6C7ACCA6-2055-49E4-9E74-2C707521FF02}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKCU\..\SearchScopes\{D3239E78-080D-4CE9-9CAB-DD108A3FE0B8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=8faf3813-b7bc-4893-8e80-b83c42cf94e3&apn_sauid=15B4F066-7C37-4850-AAC7-EFDC8C0CC107 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0 FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: d:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.12.11 20:54:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.02.09 00:04:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.12 13:50:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.12.11 20:54:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 16:13:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.28 20:43:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 16:13:59 | 000,000,000 | ---D | M] [2010.12.04 22:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Extensions [2010.12.04 22:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.04 19:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\3xn98ydo.default\extensions [2010.12.04 19:48:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\3xn98ydo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2013.02.13 19:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions [2012.11.05 11:59:57 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions\en-US@dictionaries.addons.mozilla.org [2012.09.14 15:18:46 | 000,000,000 | ---D | M] ("TimeLineRemove.Com") -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack [2012.12.22 13:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions\staged [2012.12.11 21:52:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\adsx5agt.default\extensions\toolbar@ask.com [2012.03.22 13:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\Firefox\Profiles\c8xn7sj6.default\extensions [2012.12.22 13:55:13 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\artur.dubovoy@gmail.com.xpi [2012.04.21 20:24:40 | 000,018,684 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\ich@maltegoetz.de.xpi [2012.09.14 15:18:49 | 000,275,902 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2012.04.20 14:00:10 | 000,588,526 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\testpilot@labs.mozilla.com.xpi [2012.11.19 20:57:37 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\youtubeunblocker@unblocker.yt.xpi [2012.11.17 21:29:20 | 000,199,400 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.08.07 17:30:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\KAI\AppData\Roaming\mozilla\firefox\profiles\adsx5agt.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.02.06 16:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR File not found (No name found) -- C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION [2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.03.04 20:48:14 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.01.23 11:43:04 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2:64bit: - BHO: (no name) - {28CF50DA-4A17-4442-BBF9-D916BFDE072C} - No CLSID value found. O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20101206104624.dll (McAfee, Inc.) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20101206104624.dll (McAfee, Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - Startup: C:\Users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B65A4EE1-FB8A-4097-8DBA-4C66FFB8ED72}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{40084e7b-500a-11e0-9323-002318285e92}\Shell - "" = AutoRun O33 - MountPoints2\{40084e7b-500a-11e0-9323-002318285e92}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{7f29018d-0c69-11e0-89d3-002318285e92}\Shell - "" = AutoRun O33 - MountPoints2\{7f29018d-0c69-11e0-89d3-002318285e92}\Shell\AutoRun\command - "" = F:\DPFMate.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.14 16:29:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KAI\Desktop\OTL.exe [2013.02.14 15:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.14 15:48:44 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.14 15:48:14 | 000,000,000 | ---D | C] -- C:\Users\KAI\AppData\Local\Programs [2013.02.10 09:46:11 | 000,000,000 | ---D | C] -- C:\Users\KAI\AppData\Roaming\RealNetworks [2013.02.07 14:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.14 16:26:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KAI\Desktop\OTL.exe [2013.02.14 16:22:56 | 000,000,000 | ---- | M] () -- C:\Users\KAI\defogger_reenable [2013.02.14 15:48:47 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.14 15:47:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.14 15:22:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.14 15:22:52 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.14 15:22:52 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.14 15:22:52 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.14 15:22:52 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.14 15:02:00 | 095,023,320 | ---- | M] () -- C:\ProgramData\0569497.pad [2013.02.14 15:01:19 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job [2013.02.14 14:59:25 | 000,002,681 | ---- | M] () -- C:\ProgramData\0569497.js [2013.02.14 14:59:25 | 000,000,153 | ---- | M] () -- C:\ProgramData\0569497.reg [2013.02.14 14:59:25 | 000,000,058 | ---- | M] () -- C:\ProgramData\0569497.bat [2013.02.14 14:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.14 11:37:59 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.13 14:07:50 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job [2013.02.13 08:09:46 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 08:09:46 | 000,016,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 13:48:32 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Prosch.job [2013.02.09 15:13:00 | 000,000,261 | ---- | M] () -- C:\Windows\Brownie.ini [2013.02.09 09:26:52 | 3007,647,744 | -HS- | M] () -- C:\hiberfil.sys [2013.02.07 14:10:47 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.06 19:53:44 | 518,368,826 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.02 12:51:09 | 000,001,055 | ---- | M] () -- C:\Users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.02 12:50:51 | 000,001,019 | ---- | M] () -- C:\Users\KAI\Desktop\Dropbox.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.14 16:22:56 | 000,000,000 | ---- | C] () -- C:\Users\KAI\defogger_reenable [2013.02.14 15:48:47 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.14 14:59:25 | 000,002,681 | ---- | C] () -- C:\ProgramData\0569497.js [2013.02.14 14:59:25 | 000,000,153 | ---- | C] () -- C:\ProgramData\0569497.reg [2013.02.14 14:59:25 | 000,000,058 | ---- | C] () -- C:\ProgramData\0569497.bat [2013.02.14 14:59:10 | 095,023,320 | ---- | C] () -- C:\ProgramData\0569497.pad [2013.02.07 14:10:47 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.10 20:50:48 | 000,000,849 | ---- | C] () -- C:\Users\KAI\.recently-used.xbel [2012.04.22 18:38:18 | 000,000,680 | RHS- | C] () -- C:\Users\KAI\ntuser.pol [2012.04.19 11:26:15 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.10 21:11:27 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.11.06 13:27:03 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini [2011.07.17 20:41:07 | 000,000,000 | ---- | C] () -- C:\Users\KAI\AppData\Local\{C62D00F7-ACF0-42EC-B96C-8B1FF13EDFB5} [2011.07.09 17:14:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.06.21 12:29:11 | 000,000,000 | ---- | C] () -- C:\Users\KAI\AppData\Local\{68403972-8D37-4D97-AA43-463A40307012} [2011.05.06 14:13:59 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.05.06 14:13:59 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.05.06 14:13:52 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011.05.06 14:13:51 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI [2011.05.06 14:13:12 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat [2011.05.06 14:12:56 | 000,000,261 | ---- | C] () -- C:\Windows\Brownie.ini [2011.03.04 21:04:35 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2011.03.01 09:15:53 | 000,029,895 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2011.01.16 21:58:04 | 000,007,606 | ---- | C] () -- C:\Users\KAI\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2013.02.06 18:38:03 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4145430136-532875917-385893450-1001\$RNQ9NKA\L [2013.02.06 18:38:03 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4145430136-532875917-385893450-1001\$RNQ9NKA\N [2012.05.18 18:54:10 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-4145430136-532875917-385893450-1001\$RNQ9NKA\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.02.20 12:27:17 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Amazon [2012.02.25 12:00:01 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Auslogics [2012.03.11 22:27:05 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\BOM [2012.12.11 20:54:42 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\CheckPoint [2013.02.09 09:29:06 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Dropbox [2011.12.10 14:52:23 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\EAC [2011.06.11 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.03.15 22:29:24 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\FreeAudioPack [2011.06.11 21:22:15 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\gtk-2.0 [2012.06.15 12:34:02 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\HTC [2012.06.15 12:35:35 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.01.26 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\OpenCandy [2010.12.06 09:48:50 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\OpenOffice.org [2012.02.08 19:25:59 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Outlook [2011.03.11 15:08:08 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Sony [2013.02.07 19:00:22 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Swiss Academic Software [2012.04.19 12:33:22 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Systweak [2012.05.31 18:22:54 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\TerraTec [2010.12.04 22:23:52 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Thunderbird [2011.10.16 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\Toshiba [2011.03.23 20:20:53 | 000,000,000 | ---D | M] -- C:\Users\KAI\AppData\Roaming\WinBatch ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.02.2013 16:30:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\KAI\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,73 Gb Total Physical Memory | 2,13 Gb Available Physical Memory | 56,98% Memory free
7,47 Gb Paging File | 5,19 Gb Available in Paging File | 69,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 35,74 Gb Free Space | 23,98% Space Free | Partition Type: NTFS
Drive D: | 31,47 Gb Total Space | 5,29 Gb Free Space | 16,82% Space Free | Partition Type: NTFS
Drive F: | 117,19 Gb Total Space | 7,10 Gb Free Space | 6,06% Space Free | Partition Type: NTFS
Computer Name: KAI-TOSH | User Name: KAI | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D8078B-F3C2-450F-AF8A-E8246A5F129D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{02A7497D-86E8-4884-B187-FB1506EFD5C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{09AB8EED-9ACD-467D-B91D-ED9B039FF21B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{19ADF3ED-AC63-4AB9-8B73-5A6C6EA8C834}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2C71A9B0-893C-40F3-A1C6-C6155FAF6E55}" = rport=445 | protocol=6 | dir=out | app=system |
"{38AF7B3B-2DAA-433E-908C-F3EE1B94CCF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E46A303-7A0E-4135-A502-5DDF5876179F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46068D07-0977-4FF5-B974-582AB83D64B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48CFE5EE-A310-4E78-ADA6-DAC1711452AF}" = lport=137 | protocol=17 | dir=in | app=system |
"{4B75C43F-83BB-4409-BD76-0685409F38E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4ED9E026-BB0F-4B77-B967-A9F266398BC3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BAADA18-BA74-47A8-8B2A-082902368459}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BBF682F-EFD8-43E0-BF82-53F01F081F89}" = lport=139 | protocol=6 | dir=in | app=system |
"{76940E03-0945-48AE-9A38-2CBA56C7875B}" = rport=137 | protocol=17 | dir=out | app=system |
"{8513EB3E-D663-44EB-9987-47931568E341}" = lport=138 | protocol=17 | dir=in | app=system |
"{85367F18-83EE-4714-9D52-8E01CFB52D4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89CA4F58-FB88-4D38-8909-66CE024EA0E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{95D09792-9077-4864-9C16-6553761EB704}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9AF47070-3478-4201-AFB7-D2826AF77BC6}" = rport=138 | protocol=17 | dir=out | app=system |
"{B153D056-A166-45CB-8B0B-57536266AFDE}" = rport=139 | protocol=6 | dir=out | app=system |
"{B194509C-3FCD-4E01-AD6A-F4F5D62D733B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BD31FCA3-0429-440E-B2FE-E4F1C0462D43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C99019C7-FC4A-466B-8CAA-3A658E5549A0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D33C3EB7-E1EE-47D1-A21D-0678145753AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E01F89C4-28A9-4FD7-A57E-CB8953BE3DEF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFAE015E-60FA-4ED6-BBC5-70A6A4219F7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E8E9D1-5E41-4A2C-BA5C-D7023E3037F7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0D318AA4-D6AC-4315-BC11-AAF126D10D3C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1AA84E62-55BE-4BB6-9801-BBE1B93A753B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{223E03DF-CB33-41EB-8DE6-D997BEEEA373}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{241B430A-489A-497C-89DB-D0DF8F184C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{26E64A2F-5866-4504-8FCB-713EBB708C16}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{2951DA13-2AF0-4776-8E06-32AAF041B0F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AFA9C34-020D-4079-8405-39D3734EE9F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF7B093-304D-4284-AAC1-BC147D56CA6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{47CB504F-2082-4152-A83F-837707D51746}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{484E19E8-BE97-4961-A38E-2E713CC863DA}" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"{57C72442-580D-4674-B417-6CC5DEA36E23}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5C953C60-E18C-4F4B-85FC-63EC58078676}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D5EB94E-24B9-4D55-8EB7-626EA9755B5B}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{64B62F93-DE03-4E58-AAD3-A2306526DECB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F1D61BA-729E-40E2-A000-CA3BE706E4A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A3CD51D-7466-485F-9AFC-EE387F06BCB0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7CFE69E5-C200-4E2D-B318-424621416DDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D1FF756-14F9-4858-B691-7F79396741FD}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{83F660DA-ACD8-4396-A1D5-F983E4066BE8}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{8AC63982-AF2F-484A-8D65-BBCBDF90042A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E6CFBAD-FF1A-4C5B-B95A-160AA334B57A}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{9348A090-8685-47A6-9BDD-6696716EE848}" = protocol=6 | dir=out | app=system |
"{9A016D06-0994-4B73-827C-A930CD462C66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9B701173-3FD8-4169-80B0-E0E8D0C3ABBA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A744EF47-C518-4E94-9F90-86F6357D3ECC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABFEF6D1-D66B-4253-966C-A039261558A3}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{AECFDFA9-19BE-4C87-9A7B-1E503CC3D6DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B0847BE7-5EE9-4A65-959A-381B891BBA96}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{B2E5A2CF-46DD-4223-AB1C-1A546385A591}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{BDD363A6-0036-489F-9435-9A8B55629429}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BF4D6A59-2ED1-4B5F-88D3-910ADBFCD1D9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CA7FFA00-762B-4657-AAD7-9E770E03D462}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CAECDAC9-A912-494D-92CC-A7F829802FDD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D84AF369-9FF2-44B6-A088-BA7ADB7E288F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DA04F849-7C4A-4DAE-AE4B-02F1397CA0C0}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E6DBAE09-5172-4AD8-9439-8C7200DF6FA3}" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0688C9E-6C53-48DF-8988-EEBA7E6BD5B5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F1D5B6CC-2C6B-4C17-B68D-CD7830804619}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{F65F7079-490D-4B45-9BD3-8F36F42261DB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{0D85CD26-5D21-4991-AF45-4E0C027B8B68}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{19380E73-94B2-4977-BFF8-A79281F7E131}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{927DD589-C128-4ED2-A56C-53FA0A6683AA}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{9F9AF593-DB46-43DF-A46D-FA7E43049FAE}C:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FDFC6073-66ED-421A-AD9C-873B19D4E339}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{05CCB461-2B5C-441B-BC3C-5B788B273CC0}C:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kai\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{429723BC-7AC1-4976-A2F1-3EB820FAACBC}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{5C174DAF-0FD3-4664-B0A4-7EDEA2967DAC}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{9AFBF1C4-B9E1-4C5B-A8A2-316D098D0FE3}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{AE1F213A-F234-4EF9-BADC-681B75DB11ED}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.10.03.02
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{10D4BC5F-F73E-4CD1-A7C2-DF215307A811}" = ZoneAlarm Firewall
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Sicherheits-Assistent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2756F572-C383-4A2E-B1F6-7315E6DA308A}" = ZoneAlarm Security
"{27f7c177-9313-44b0-92e5-7479ddebf70c}" = Nero 9 Essentials
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.0.0
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA0961E-FCFE-EEF2-04AA-32631F7CEC9E}" = Photo Service - powered by myphotobook
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B7191DD7-E7B4-4658-9025-487916EC21C8}" = TOSHIBA Mobile Broadband Device
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F927807D-5099-481E-B40E-8DDC59D781AC}" = Brother HL-2035
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDE58148-57E7-43BF-879A-29CCE818C078}" = eBay
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.15
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cinergy T Stick RC" = Cinergy T Stick RC V10.0.0.0
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Photo Service - powered by myphotobook
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"Exifer_is1" = Exifer
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PageshotsPro_is1" = PageshotsPro 1.0.0
"PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Systweak PhotoStudio 2.1
"RealPlayer 15.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"Switch" = Switch Audiodatei-Konverter
"VLC media player" = VLC media player 1.1.11
"VLMC" = VideoLAN Movie Creator
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.93
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FoxTab PDF Converter" = FoxTab PDF Converter
"FoxTab PDF Creator" = FoxTab PDF Creator
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.02.2013 03:19:57 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9672
Error - 13.02.2013 03:19:57 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9672
Error - 13.02.2013 03:19:58 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.02.2013 03:19:58 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10670
Error - 13.02.2013 03:19:58 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10670
Error - 13.02.2013 03:19:59 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.02.2013 03:19:59 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11669
Error - 13.02.2013 03:19:59 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11669
Error - 13.02.2013 03:20:00 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 13.02.2013 03:20:00 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13041
Error - 13.02.2013 03:20:00 | Computer Name = KAI-TOSH | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13041
[ System Events ]
Error - 06.02.2013 14:54:14 | Computer Name = KAI-TOSH | Source = BugCheck | ID = 1001
Description =
Error - 08.02.2013 13:35:08 | Computer Name = KAI-TOSH | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 09.02.2013 04:29:58 | Computer Name = KAI-TOSH | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 10.02.2013 08:13:16 | Computer Name = KAI-TOSH | Source = bowser | ID = 8003
Description =
Error - 11.02.2013 07:24:55 | Computer Name = KAI-TOSH | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 11.02.2013 07:40:03 | Computer Name = KAI-TOSH | Source = bowser | ID = 8003
Description =
Error - 14.02.2013 06:44:31 | Computer Name = KAI-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2778344)
Error - 14.02.2013 06:44:31 | Computer Name = KAI-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
3.5.1 unter Windows 7 und Windows Server 2008 R2 für x64-basierte Systeme (KB2789644)
Error - 14.02.2013 06:44:31 | Computer Name = KAI-TOSH | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x800f0902 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2799494)
Error - 14.02.2013 07:34:10 | Computer Name = KAI-TOSH | Source = bowser | ID = 8003
Description =
< End of report >
|
|
14.02.2013, 19:21
| #2 |
| /// TB-Ausbilder  | gvu trojaner mit webcam Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich.  Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Teile mir also mit, wie du dich entschieden hast. Schritt 1: Scan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig) Schritt 2: Scan mit aswMBR
__________________ |
|
14.02.2013, 19:40
| #3 |
| | gvu trojaner mit webcam GMER Logfile:
__________________Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-14 19:37:00
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\KAI\AppData\Local\Temp\fwlcqpow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754d1401 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754d1419 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754d1431 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754d144a 2 bytes [4D, 75]
.text ... * 9
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754d14dd 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754d14f5 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754d150d 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754d1525 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754d153d 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754d1555 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754d156d 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754d1585 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754d159d 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754d15b5 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754d15cd 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754d16b2 2 bytes [4D, 75]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754d16bd 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754d1401 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754d1419 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754d1431 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754d144a 2 bytes [4D, 75]
.text ... * 9
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754d14dd 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754d14f5 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754d150d 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754d1525 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754d153d 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754d1555 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754d156d 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754d1585 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754d159d 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754d15b5 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754d15cd 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754d16b2 2 bytes [4D, 75]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754d16bd 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000754d1401 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000754d1419 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000754d1431 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000754d144a 2 bytes [4D, 75]
.text ... * 9
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000754d14dd 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000754d14f5 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000754d150d 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000754d1525 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000754d153d 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000754d1555 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000754d156d 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000754d1585 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000754d159d 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000754d15b5 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000754d15cd 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000754d16b2 2 bytes [4D, 75]
.text C:\Users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe[4744] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000754d16bd 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754d1401 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754d1419 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754d1431 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754d144a 2 bytes [4D, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754d14dd 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754d14f5 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754d150d 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754d1525 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754d153d 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754d1555 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754d156d 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754d1585 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754d159d 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754d15b5 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754d15cd 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754d16b2 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754d16bd 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754d1401 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754d1419 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754d1431 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754d144a 2 bytes [4D, 75]
.text ... * 9
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754d14dd 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754d14f5 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754d150d 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754d1525 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754d153d 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754d1555 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754d156d 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754d1585 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754d159d 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754d15b5 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754d15cd 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754d16b2 2 bytes [4D, 75]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754d16bd 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000754d1401 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000754d1419 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000754d1431 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000754d144a 2 bytes [4D, 75]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000754d14dd 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000754d14f5 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000754d150d 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000754d1525 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000754d153d 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000754d1555 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000754d156d 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000754d1585 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000754d159d 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000754d15b5 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000754d15cd 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000754d16b2 2 bytes [4D, 75]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6320] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000754d16bd 2 bytes [4D, 75]
---- EOF - GMER 2.0 ----
Hallo, danke für die Hilfe. 2ter Scan (aswMBR) ist beim ersten Mal abgebrochen, ich habe dann unter AVscan (none) eingestellt, wie empfohlen, dann lief es: aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-14 21:58:38 ----------------------------- 21:58:38.334 OS Version: Windows x64 6.1.7600 21:58:38.334 Number of processors: 4 586 0x2505 21:58:38.334 ComputerName: KAI-TOSH UserName: KAI 21:58:38.943 Initialize success 21:58:54.090 AVAST engine defs: 13021400 21:59:38.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 21:59:38.068 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3 21:59:38.083 Disk 0 MBR read successfully 21:59:38.083 Disk 0 MBR scan 21:59:38.099 Disk 0 Windows VISTA default MBR code 21:59:38.099 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 400 MB offset 2048 21:59:38.130 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152622 MB offset 821248 21:59:38.177 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 32222 MB offset 313391104 21:59:38.193 Disk 0 Partition - 00 0F Extended LBA 119999 MB offset 379381760 21:59:38.208 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 119998 MB offset 379383808 21:59:38.255 Disk 0 scanning C:\Windows\system32\drivers 21:59:56.928 Service scanning 22:00:39.064 Modules scanning 22:00:39.079 Disk 0 trace - called modules: 22:00:39.111 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys hal.dll 22:00:39.126 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069cf060] 22:00:39.126 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80069ce060] 22:00:39.142 5 thpdrv.sys[fffff88001853cc0] -> nt!IofCallDriver -> [0xfffffa8003bac040] 22:00:39.142 7 ACPI.sys[fffff88000faf781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004946050] 22:00:39.157 Scan finished successfully 22:01:28.922 Disk 0 MBR has been saved successfully to "C:\Users\KAI\Desktop\MBR.dat" 22:01:28.937 The log file has been saved successfully to "C:\Users\KAI\Desktop\aswMBR.txt" Ich habe den Bereich "Für alle Hilfesuchenden!" ausgeführt, also 3Scans :defogger, OTL + gmer. Als 4tes jetzt aswMBR. |
|
14.02.2013, 22:43
| #4 |
| /// TB-Ausbilder | gvu trojaner mit webcam Yo hast du gut gemacht. Es geht weiter: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.02.2013, 20:59
| #5 |
| | gvu trojaner mit webcam So, gescannt. Code:
ATTFilter ComboFix 13-02-15.01 - KAI 15.02.2013 20:25:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3824.2191 [GMT 1:00]
ausgeführt von:: c:\users\KAI\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0569497.bat
c:\programdata\0569497.js
c:\programdata\0569497.pad
c:\programdata\0569497.reg
c:\users\KAI\WINDOWS
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-15 bis 2013-02-15 ))))))))))))))))))))))))))))))
.
.
2013-02-15 19:45 . 2013-02-15 19:45 -------- d-----w- c:\users\Kinder\AppData\Local\temp
2013-02-15 19:45 . 2013-02-15 19:45 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-02-15 19:45 . 2013-02-15 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-14 14:48 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-14 14:48 . 2013-02-14 14:48 -------- d-----w- c:\users\KAI\AppData\Local\Programs
2013-02-13 17:12 . 2013-01-04 05:37 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-02-10 08:46 . 2013-02-10 08:46 -------- d-----w- c:\users\KAI\AppData\Roaming\RealNetworks
2013-02-07 13:10 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-30 19:13 . 2013-01-30 19:13 -------- d-----w- c:\users\Kinder\AppData\Roaming\Thunderbird
2013-01-30 19:13 . 2013-01-30 19:13 -------- d-----w- c:\users\Kinder\AppData\Local\Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 04:43 . 2013-02-13 17:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-22 12:24 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-22 12:24 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-22 12:24 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-22 12:24 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-11 19:40 . 2012-12-07 10:17 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 19:40 . 2012-12-07 10:17 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-07 05:41 . 2013-01-09 18:03 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 18:03 2745856 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 18:03 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 18:03 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 18:03 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 18:03 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 18:03 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 18:03 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 18:03 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 18:03 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 18:03 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 18:03 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 18:03 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 18:03 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 18:03 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 18:03 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 18:03 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 03:45 . 2013-01-09 18:02 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 03:21 . 2013-01-09 18:03 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 18:03 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 18:03 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 18:03 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 18:03 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 18:03 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 18:03 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 18:03 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 18:03 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 18:03 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 18:03 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 18:02 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 18:03 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 18:03 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-11-23 03:45 . 2013-01-09 18:00 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-22 10:32 . 2013-01-09 18:03 801280 ----a-w- c:\windows\system32\usp10.dll
2012-11-22 09:33 . 2013-01-09 18:03 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2012-11-20 05:55 . 2013-01-09 18:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-20 05:10 . 2013-01-09 18:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-11-12 296096]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-11-16 162408]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-19 73392]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 62800]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 94864]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
R3 RTL2832U_IRHID;Cinergy T Stick HID;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2012-02-15 49152]
R3 RTL2832UBDA;Cinergy T Stick RC BDA service;c:\windows\system32\drivers\RTL2832UBDA.sys [2012-02-15 225920]
R3 RTL2832UUSB;Cinergy T Stick RC USB service;c:\windows\system32\Drivers\RTL2832UUSB.sys [2012-02-15 39680]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-11 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 283360]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 75032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-02 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-02 827560]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 149032]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-19 81920]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-23 259440]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe servicemode [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-01-14 295088]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 441328]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-11 19:44]
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-11 19:44]
.
2013-02-10 c:\windows\Tasks\RegClean Prosch.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-04-19 10:14]
.
2013-02-14 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-04-19 10:14]
.
2013-02-13 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2012-04-19 10:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\KAI\AppData\Roaming\Mozilla\Firefox\Profiles\adsx5agt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
BHO-{28CF50DA-4A17-4442-BBF9-D916BFDE072C} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-ISW - (no file)
AddRemove-FoxTab PDF Converter - d:\program files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe
AddRemove-FoxTab PDF Creator - d:\progra~1\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-15 20:51:37
ComboFix-quarantined-files.txt 2013-02-15 19:51
.
Vor Suchlauf: 17 Verzeichnis(se), 47.119.826.944 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 46.635.343.872 Bytes frei
.
- - End Of File - - 2553A7216B363255AB6F56A0F3322A25
|
|
15.02.2013, 21:02
| #6 |
| /// TB-Ausbilder | gvu trojaner mit webcam Okay, noch ein wenig Feintuning: Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen
Schritt 3: Temporäre Dateien löschen mit TFC
Schritt 4: nochmals Combofix.
__________________ --> gvu trojaner mit webcam |
|
15.02.2013, 21:41
| #7 |
| | gvu trojaner mit webcam Sind denn diese Registry Cleaner alle schlecht? Welches Antivirenprogramm (+firewall) ist den zu empfehlen? So adwcleaner: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 15/02/2013 um 21:16:18 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : KAI - KAI-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\KAI\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\Users\KAI\AppData\Local\Temp\Uninstall.exe
Gelöscht mit Neustart : C:\Users\KAI\AppData\Roaming\Mozilla\Firefox\Profiles\adsx5agt.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\KAI\AppData\Roaming\Mozilla\Firefox\Profiles\adsx5agt.default\WinampToolbarData
Ordner Gelöscht : C:\Users\KAI\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.17197
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com
-\\ Mozilla Firefox v12.0 (de)
Datei : C:\Users\KAI\AppData\Roaming\Mozilla\Firefox\Profiles\3xn98ydo.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\KAI\AppData\Roaming\Mozilla\Firefox\Profiles\adsx5agt.default\prefs.js
C:\Users\KAI\AppData\Roaming\Mozilla\Firefox\Profiles\adsx5agt.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("keyword.URL", "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");
Datei : C:\Users\KAI\AppData\Roaming\Mozilla\Firefox\Profiles\c8xn7sj6.default\prefs.js
Gelöscht : user_pref("extensions.facemoods.tlbrSrchUrl","hxxp://start.facemoods.com/?a=ddrnw&f=3");
Gelöscht : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Gelöscht : user_pref("extensions.facemoods.id", "94bddc08000000000000e839df8dac0d");
Gelöscht : user_pref("extensions.facemoods.sid", "c3f6b22c0ec04a4b8fbd43f200dac678");
Gelöscht : user_pref("extensions.facemoods.instlDay", "15362");
Gelöscht : user_pref("extensions.facemoods.vrsn", "1.4.17.11");
Gelöscht : user_pref("extensions.facemoods.prtnrId", "facemoods.com");
Gelöscht : user_pref("extensions.facemoods.aflt", "ddrnw");
Gelöscht : user_pref("extensions.facemoods.DNSErrUrl","hxxp://start.facemoods.com/?a=ddrnw&f=5");
Gelöscht : user_pref("extensions.facemoods.mntz","");
Gelöscht : user_pref("extensions.facemoods.hmpg", true);
Gelöscht : user_pref("extensions.facemoods.dfltSrch", true);
Gelöscht : user_pref("extensions.facemoods.searchProviderAdded", true);
Gelöscht : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Gelöscht : user_pref("extensions.facemoods.dnsErr", true);
Gelöscht : user_pref("extensions.facemoods.newTab", true);
Gelöscht : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=2");
Gelöscht : user_pref("extensions.facemoods.firstRun", true);
Datei : C:\Users\Kinder\AppData\Roaming\Mozilla\Firefox\Profiles\1pxy3cl2.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\9dogwuqj.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [7146 octets] - [15/02/2013 21:16:18]
########## EOF - C:\AdwCleaner[S1].txt - [7206 octets] ##########
|
|
15.02.2013, 21:56
| #8 | |
| /// TB-Ausbilder | gvu trojaner mit webcam Warum schreibe ich das eigentlich ... Zitat:
Warnung: Registry-Cleaner Lesestoff: Registry-Cleaner und temporäre Dateien Aus deinen Logfiles geht hervor, dass du eines dieser Programme benutzt. Wir empfehlen solche Programme nicht zu benutzen. Die Registrierung ist ein zentraler Bestandteil des Betriebssystems. Löscht ein Registry-Cleaner die falschen Zeilen kann das im schlimmsten Fall dazu führen, dass dein Computer unbootbar wird. Einige verwaiste Registryeinträge sind nicht weiter tragisch und auch die höhere Geschwindigkeit beim Booten ist normalerweise nicht merklich. Das Risiko, dass das Programm dein System "zerstört" ist einfach zu hoch. Ich empfehle dir also dringend, das Programm zu deinstallieren. Beispielsweise bei CCleaner wird auch eine Funktion angeboten die temporären Dateien zu löschen. Wenn du von der Registrybereinigung die Finger läßt ist gegen den Einsatz von CCleaner nichts zu sagen. Ein alternatives Programm dafür möchte ich dir gerne noch empfehlen: TFC - einfach als Administrator starten und zurücklehnen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.02.2013, 22:37
| #9 |
| | gvu trojaner mit webcam So, nochmal Combofix hatte ich überlesen, sorry: Code:
ATTFilter ComboFix 13-02-15.01 - KAI 15.02.2013 22:16:05.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3824.2293 [GMT 1:00]
ausgeführt von:: c:\users\KAI\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-15 bis 2013-02-15 ))))))))))))))))))))))))))))))
.
.
2013-02-15 21:30 . 2013-02-15 21:30 -------- d-----w- c:\users\Kinder\AppData\Local\temp
2013-02-15 21:30 . 2013-02-15 21:30 -------- d-----w- c:\users\Gast\AppData\Local\temp
2013-02-15 21:30 . 2013-02-15 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-15 21:30 . 2013-02-15 21:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-15 20:34 . 2013-02-15 20:34 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-02-15 20:34 . 2013-02-15 20:34 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-02-15 20:34 . 2013-02-15 20:34 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-02-15 20:34 . 2013-02-15 20:34 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-02-15 20:34 . 2013-02-15 20:34 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-02-15 20:34 . 2013-02-15 20:34 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-02-15 20:34 . 2013-02-15 20:34 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-02-15 20:34 . 2013-02-15 20:34 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-02-15 20:34 . 2013-02-15 20:34 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-02-15 20:34 . 2013-02-15 20:34 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-02-15 20:34 . 2013-02-15 20:34 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-02-15 20:34 . 2013-02-15 20:34 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-02-15 20:33 . 2013-02-15 20:33 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-02-15 20:33 . 2013-02-15 20:33 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-02-15 20:33 . 2013-02-15 20:33 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-02-15 20:33 . 2013-02-15 20:33 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-02-15 20:33 . 2013-02-15 20:33 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-02-15 20:16 . 2013-02-15 20:16 165 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-14 14:48 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-14 14:48 . 2013-02-14 14:48 -------- d-----w- c:\users\KAI\AppData\Local\Programs
2013-02-13 17:12 . 2013-01-04 05:37 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-02-10 08:46 . 2013-02-10 08:46 -------- d-----w- c:\users\KAI\AppData\Roaming\RealNetworks
2013-02-07 13:10 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-30 19:13 . 2013-01-30 19:13 -------- d-----w- c:\users\Kinder\AppData\Roaming\Thunderbird
2013-01-30 19:13 . 2013-01-30 19:13 -------- d-----w- c:\users\Kinder\AppData\Local\Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 04:43 . 2013-02-13 17:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 16:52 . 2012-12-22 12:24 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-22 12:24 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-22 12:24 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-22 12:24 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-11 19:40 . 2012-12-07 10:17 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 19:40 . 2012-12-07 10:17 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-07 05:41 . 2013-01-09 18:03 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 05:35 . 2013-01-09 18:03 2745856 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 05:04 . 2013-01-09 18:03 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 04:57 . 2013-01-09 18:03 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 03:45 . 2013-01-09 18:03 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 03:45 . 2013-01-09 18:03 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 03:45 . 2013-01-09 18:03 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 03:45 . 2013-01-09 18:03 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 03:45 . 2013-01-09 18:03 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 03:45 . 2013-01-09 18:03 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 03:45 . 2013-01-09 18:03 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 03:45 . 2013-01-09 18:03 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 03:45 . 2013-01-09 18:03 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 03:45 . 2013-01-09 18:03 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 03:45 . 2013-01-09 18:03 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 03:45 . 2013-01-09 18:03 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 03:45 . 2013-01-09 18:03 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 03:45 . 2013-01-09 18:02 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 03:21 . 2013-01-09 18:03 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 03:21 . 2013-01-09 18:03 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 03:21 . 2013-01-09 18:03 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 03:21 . 2013-01-09 18:03 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 03:21 . 2013-01-09 18:03 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 03:21 . 2013-01-09 18:03 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 03:21 . 2013-01-09 18:03 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 03:21 . 2013-01-09 18:03 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 03:21 . 2013-01-09 18:03 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 03:21 . 2013-01-09 18:03 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 03:21 . 2013-01-09 18:03 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 03:21 . 2013-01-09 18:02 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 03:21 . 2013-01-09 18:03 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 03:21 . 2013-01-09 18:03 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-11-23 03:45 . 2013-01-09 18:00 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-22 10:32 . 2013-01-09 18:03 801280 ----a-w- c:\windows\system32\usp10.dll
2012-11-22 09:33 . 2013-01-09 18:03 627712 ----a-w- c:\windows\SysWow64\usp10.dll
2012-11-20 05:55 . 2013-01-09 18:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-20 05:10 . 2013-01-09 18:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-11-12 296096]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-11-16 162408]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-13 385248]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Kinder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\KAI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\KAI\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 62800]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 94864]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-02-24 78336]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-02-24 181248]
R3 RTL2832U_IRHID;Cinergy T Stick HID;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2012-02-15 49152]
R3 RTL2832UBDA;Cinergy T Stick RC BDA service;c:\windows\system32\drivers\RTL2832UBDA.sys [2012-02-15 225920]
R3 RTL2832UUSB;Cinergy T Stick RC USB service;c:\windows\system32\Drivers\RTL2832UUSB.sys [2012-02-15 39680]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-11 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 283360]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 75032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-13 86752]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 149032]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-03-19 81920]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-23 259440]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe servicemode [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-01-14 295088]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 441328]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mfeavfk01
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-11 19:44]
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-11 19:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\KAI\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-11 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-11 414744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\KAI\AppData\Roaming\Mozilla\Firefox\Profiles\adsx5agt.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
BHO-{28CF50DA-4A17-4442-BBF9-D916BFDE072C} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-15 22:35:29
ComboFix-quarantined-files.txt 2013-02-15 21:35
ComboFix2.txt 2013-02-15 19:51
.
Vor Suchlauf: 20 Verzeichnis(se), 47.626.850.304 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 47.176.220.672 Bytes frei
.
- - End Of File - - 57738CACB967C265C8E2579DC34C8C47
|
|
15.02.2013, 22:46
| #10 |
| /// TB-Ausbilder | gvu trojaner mit webcam Deutlich besser! Bevor es weitergeht: Besteht noch ein Problem?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.02.2013, 08:48
| #11 |
| | gvu trojaner mit webcam Ansonsten alles ok. Rechner war etwas langsam, deshalb die registry scanner. Hier sind mal die letzten Ereignisse von Avira, da wurden 2 Viren gefunden. Die Zonealarm Firefall: kann ich die wieder aktiviren (sollte ja deinsalliert werden), jetzt bin ich nicht mehr durch firewall geschützt, richtig? Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\KAI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O5W9KZH7\widow[1].pdf
Status: Infiziert
Quarantäne-Objekt: 5c8b7ac3.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.250
Virendefinitionsdatei: 7.11.61.26
Meldung: EXP/Pidief.edu
Datum/Uhrzeit: 14.02.2013, 15:01
Typ: Datei
Quelle: C:\Users\KAI\Downloads\apple-application-support.exe
Status: Infiziert
Quarantäne-Objekt: 564b02da.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.246
Virendefinitionsdatei: 7.11.59.224
Meldung: ADWARE/InstallCore.Gen
Datum/Uhrzeit: 06.02.2013, 18:23
|
|
16.02.2013, 10:06
| #12 |
| /// TB-Ausbilder | gvu trojaner mit webcam Die Windowsfirewall ist vollkommen ausreichen und mehr Programme schützen dich nicht unbedingt mehr. Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Wichtig: Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
17.02.2013, 09:39
| #13 |
| | gvu trojaner mit webcam Problem: Eset Online Scanner hat gearbeitet, als ich ins Bett bin hatte er 74%, ca. 11:45h, morgens war der Rechner runtergefahren, wo finde ich jetzt die logfiles zum posten. Es wurden mind. 6 Dinge gefunden. |
|
17.02.2013, 09:59
| #14 |
| /// TB-Ausbilder | gvu trojaner mit webcam Normalerweise ist es hier: C:\Programme\Eset\EsetOnlineScanner\log.txt (oder C:\Programme\Eset\log.txt)
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
17.02.2013, 10:50
| #15 |
| | gvu trojaner mit webcam So, gefunden: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6c6c98882470324ebe43e422dd72bb2f
# engine=13171
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-16 10:42:28
# local_time=2013-02-16 11:42:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1799 16775165 100 96 57966 226477838 50747 0
# compatibility_mode=5893 16776574 100 94 26223990 113460219 0 0
# scanned=611646
# found=6
# cleaned=0
# scan_time=40242
sh=A0054DB2F6DC6FEBA0BCB3BDBACD707D1223AEB3 ft=0 fh=0000000000000000 vn="JS/Agent.NID trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\0569497.js.vir"
sh=0D13C1EEF16822BE6C681B09B589FF87D5DB21D1 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.FraudLoad.NAH trojan" ac=I fn="I:\KAI-TOSH\Backup Set 2011-03-22 215613\Backup Files 2011-03-22 215613\Backup files 5.zip"
sh=0A325B666FE8C7B8985522CD32F9935A64663198 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.FraudLoad.NAH trojan" ac=I fn="I:\KAI-TOSH\Backup Set 2011-05-19 225432\Backup Files 2011-05-19 225432\Backup files 5.zip"
sh=2E7CE82662F0F3296379239BF5EFDA5C69579C85 ft=0 fh=0000000000000000 vn="probably a variant of Win32/TrojanDownloader.FraudLoad.NAH trojan" ac=I fn="I:\KAI-TOSH\Backup Set 2012-01-01 190001\Backup Files 2012-01-01 190001\Backup files 11.zip"
sh=B35BF4AA6A48580513AAEF3D1D9E90054206064A ft=0 fh=0000000000000000 vn="Java/Agent.ED trojan" ac=I fn="I:\KAI-TOSH\Backup Set 2012-03-11 191447\Backup Files 2012-03-11 191447\Backup files 12.zip"
sh=A7654453AC75995FAF26CD58213DC451174D3701 ft=1 fh=1963542042a1dbba vn="probably a variant of Win32/TrojanDownloader.FraudLoad.NAH trojan" ac=I fn="I:\Nero Local Autobackup\20110529_212733_Local Autobackup\C\Users\KAI\Downloads\WhiteSmokeNoRegStub_D6008_en.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 x64 Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 11.3.300.257 Flash Player out of Date! Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! Mozilla Thunderbird (17.0.2) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
| Themen zu gvu trojaner mit webcam |
| .dll, administrator, anti, anti-malware, appdata, autostart, bericht, bildschirm, dateien, desktop, explorer, fehler, gelöscht, gen, gvu trojaner mit webcam, index, install.exe, intranet, jdownloader, malwarebytes, manager, microsoft, plug-in, quarantäne, recuva, recycle.bin, regclean, regclean pro, registry cleaner, roaming, speicher, task manager, trojaner, version, webcam, win |
Button.
und dann 
Linear-Darstellung
