| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.03.2013, 03:46
| #1 |
 |  Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Guten Abend, Ich bekam am Donnerstag eine Mahnungs-Email, weil ich einen offenen Betrag bei Groupon haben soll. Es war beschrieben das im Anhang genauere Details stehen und in Unvernunft öffnete ich den Anhang und entpackte diesen, aber es kam nur eine weiter .zip Datei die ich nochmals öffnete und daraus kam nichts. Seit dem schaltete sich Avira ein und hat die oben genannten Trojaner in Quarantäne verschoben. Hier ein par Logfiles : Malwarebytes Anti-Malware : Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.16.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXXX :: XXXX-PC [Administrator] Schutz: Deaktiviert 16.03.2013 02:49:00 mbam-log-2013-03-16 (02-49-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205301 Laufzeit: 3 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:05 on 16/03/2013 (XXXX)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.03.2013 01:32:22 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXXX\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 47,01% Memory free 7,60 Gb Paging File | 5,34 Gb Available in Paging File | 70,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 35,45 Gb Free Space | 36,30% Space Free | Partition Type: NTFS Drive D: | 344,26 Gb Total Space | 207,31 Gb Free Space | 60,22% Space Free | Partition Type: NTFS Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXXX\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe (IDT, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HPWMISVC) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe (IDT, Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe (Andrea Electronics Corporation) SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {CF24715A-748C-4878-B7D0-63A652769EE9} IE - HKLM\..\SearchScopes\{CF24715A-748C-4878-B7D0-63A652769EE9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\..\SearchScopes,DefaultScope = {6C9E4A3A-F27B-45FE-B6B0-AF57DC2F10C3} IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\..\SearchScopes\{6C9E4A3A-F27B-45FE-B6B0-AF57DC2F10C3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\..\SearchScopes\{CF24715A-748C-4878-B7D0-63A652769EE9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.hs-karlsruhe.de;<local> IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.hs-karlsruhe.de:8888 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.ea.com/de/fussball/login?redirectUrl=hxxp://www.ea.com/de/fussball/fifa-ultimate-team" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\FireFox\components [2013.03.08 15:41:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\FireFox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.15 14:51:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\FireFox\components [2013.03.08 15:41:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\FireFox\plugins [2012.07.03 15:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions [2013.02.28 18:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\5utap7l7.default\extensions [2013.02.28 18:31:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\5utap7l7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.11 18:39:45 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\5utap7l7.default\extensions\50ec8804a8996@50ec8804a89cf.com [2013.02.06 18:02:23 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\5utap7l7.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.12.13 22:43:46 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\firefox\profiles\5utap7l7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Picasa (Enabled) = D:\Programme\Picasa3\npPicasa3.dll CHR - plugin: VLC Web Plugin (Enabled) = D:\Programme\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Docs = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Docs = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Google Drive = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SaveByclick = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghgaiabghokpfokmeojjijfofddifci\1_0\ CHR - Extension: Google Mail = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPToneControl] C:\Programme\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3593367695-1810042503-887803090-1001..\Run: [ICQ] D:\Programme\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3593367695-1810042503-887803090-1001..\Run: [ProxyChanger] C:\Users\XXXX\Desktop\Programme\ProxyChanger.exe File not found O4 - HKU\S-1-5-21-3593367695-1810042503-887803090-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-3593367695-1810042503-887803090-1001..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\Programme\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\Programme\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47D58B4E-6FC3-4232-8399-922029D7E074}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB22EAA2-6950-4312-9B86-FC0F3F92E1D1}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.02.04 12:44:51 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3c67ebf1-9fa1-11e1-bc30-002713d55ee1}\Shell - "" = AutoRun O33 - MountPoints2\{3c67ebf1-9fa1-11e1-bc30-002713d55ee1}\Shell\AutoRun\command - "" = E:\raf-fm12.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.16 01:24:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe [2013.03.14 23:21:19 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes [2013.03.14 23:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.14 23:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.14 23:20:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.14 23:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.14 23:19:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\XXXX\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.14 03:03:27 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.03.14 03:02:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.14 03:02:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.14 03:02:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.14 03:02:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.14 03:02:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.14 03:02:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.14 03:02:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.14 03:02:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.14 03:02:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.14 03:02:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.14 03:02:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.14 03:02:08 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.14 03:02:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.14 03:02:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.14 03:02:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.14 03:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 03:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 03:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 01:52:30 | 000,000,000 | ---D | C] -- C:\Users\XXXX\.thumbnails [2013.03.12 01:51:23 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\fontconfig [2013.03.12 01:51:21 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\gegl-0.2 [2013.03.12 01:51:21 | 000,000,000 | ---D | C] -- C:\Users\XXXX\.gimp-2.8 [2013.03.12 01:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.03.10 11:46:57 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Über den Wolken - Vol. 04 (2 CD) (2006) [2013.03.10 01:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.09 04:19:58 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Image-Line [2013.03.08 19:30:59 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Neuer Ordner [2013.03.07 23:37:51 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2013.03.07 23:37:08 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Avira [2013.03.07 23:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.07 23:31:42 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.07 23:31:42 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.07 23:31:42 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.07 23:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.07 10:48:17 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 10:48:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 10:48:09 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.07 10:48:09 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 10:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.04 13:23:14 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\FUSSBALL MANAGER 13 [2013.03.04 13:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 13 [2013.03.04 12:36:05 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.04 12:35:56 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.04 12:35:56 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.03.04 12:35:56 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.03 19:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013.03.03 19:44:58 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.03.03 19:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.03.03 17:52:56 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Origin [2013.03.03 17:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.03.03 17:33:43 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll [2013.03.03 17:29:19 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll [2013.03.03 17:29:09 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\dll-files.com [2013.02.27 13:33:10 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.02.27 13:33:10 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.02.27 13:33:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.02.27 13:33:10 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.02.27 13:33:06 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.02.27 13:33:06 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.02.27 13:33:04 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.02.27 13:33:04 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.02.27 13:33:04 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 13:33:04 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.27 13:33:04 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 13:33:04 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.27 13:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 13:33:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.27 13:33:04 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 13:33:04 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.27 13:33:03 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.02.27 13:33:03 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.02.27 13:33:03 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.02.27 13:33:03 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 13:33:03 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.27 13:33:03 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 13:33:03 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.27 13:33:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 13:33:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.27 13:33:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 13:33:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.27 13:33:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 13:33:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.27 13:33:02 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.02.27 13:33:02 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.02.27 13:33:02 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.02.27 13:33:02 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.02.27 13:33:02 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.02.27 13:33:01 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.02.27 13:33:01 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.02.27 13:33:00 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.02.27 13:33:00 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.02.27 13:32:59 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.02.27 13:32:59 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.02.27 13:32:58 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.02.27 10:37:32 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\FUSSBALL MANAGER 13 Demo [2013.02.27 03:46:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.02.26 20:44:30 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Origin [2013.02.26 20:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.02.24 17:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.02.23 15:05:14 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.23 15:05:14 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.23 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\fp_11.4.402.287_archive [2013.02.18 10:50:46 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\HH [2013.02.15 21:23:46 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.02.15 21:23:46 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.02.15 14:02:06 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2013.02.15 14:01:40 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll [2013.02.15 14:01:38 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\Image-Line [2013.02.15 14:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line [2013.02.15 14:01:23 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\SysWow64\vorbis.acm [2013.02.15 14:01:23 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [2013.02.15 14:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim [2013.02.15 13:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.16 01:24:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe [2013.03.16 01:04:32 | 000,000,000 | ---- | M] () -- C:\Users\XXXX\defogger_reenable [2013.03.16 01:03:13 | 000,050,477 | ---- | M] () -- C:\Users\XXXX\Desktop\Defogger.exe [2013.03.16 00:58:28 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.16 00:58:28 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.16 00:55:20 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.16 00:55:20 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.16 00:55:20 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.16 00:55:20 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.16 00:55:20 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.16 00:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.16 00:50:45 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.16 00:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.16 00:50:26 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys [2013.03.15 20:39:08 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.14 23:20:41 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.14 23:20:06 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\XXXX\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.13 22:45:39 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.12 22:57:24 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.12 22:57:24 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.12 11:58:22 | 000,006,986 | ---- | M] () -- C:\Users\XXXX\AppData\Local\recently-used.xbel [2013.03.12 11:49:49 | 000,002,149 | ---- | M] () -- C:\Users\XXXX\Desktop\images.gif [2013.03.12 01:51:06 | 000,002,019 | ---- | M] () -- C:\Users\XXXX\Desktop\default.gif [2013.03.10 21:33:26 | 000,049,313 | ---- | M] () -- C:\Users\XXXX\Desktop\ipad-wallpaper-schwarz.jpg [2013.03.10 01:55:12 | 000,001,199 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.03.10 01:55:12 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.03.07 23:31:51 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.07 10:48:04 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.07 10:48:03 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.03.07 10:48:03 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.07 10:48:03 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.07 10:48:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.07 10:48:03 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.04 13:10:44 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\FUSSBALL MANAGER 13.lnk [2013.03.04 12:35:50 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.03.04 12:35:49 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.03.04 12:35:49 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.03.04 12:35:49 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.03.04 12:35:48 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.03.04 12:35:48 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.03.03 20:06:45 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.03.03 19:44:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.03.03 19:22:24 | 000,374,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.03 17:39:33 | 000,000,642 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.03.03 17:33:47 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll [2013.03.03 17:29:22 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll [2013.03.02 13:59:36 | 000,044,749 | ---- | M] () -- C:\Users\XXXX\Desktop\Kontoauszuege17f99749-8a29-4daf-82dd-f0dc8b568587.pdf [2013.03.01 15:33:41 | 000,000,020 | ---- | M] () -- C:\Windows\ðö· [2013.03.01 01:09:37 | 000,007,605 | ---- | M] () -- C:\Users\XXXX\AppData\Local\Resmon.ResmonCfg [2013.02.28 09:35:43 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.16 01:04:32 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\defogger_reenable [2013.03.16 01:03:13 | 000,050,477 | ---- | C] () -- C:\Users\XXXX\Desktop\Defogger.exe [2013.03.14 23:20:41 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.12 11:58:22 | 000,006,986 | ---- | C] () -- C:\Users\XXXX\AppData\Local\recently-used.xbel [2013.03.12 01:51:06 | 000,002,019 | ---- | C] () -- C:\Users\XXXX\Desktop\default.gif [2013.03.12 01:49:44 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.03.12 01:23:52 | 000,002,149 | ---- | C] () -- C:\Users\XXXX\Desktop\images.gif [2013.03.10 21:33:26 | 000,049,313 | ---- | C] () -- C:\Users\XXXX\Desktop\ipad-wallpaper-schwarz.jpg [2013.03.10 01:55:12 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.03.10 01:55:12 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.03.07 23:31:51 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.04 13:10:44 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\FUSSBALL MANAGER 13.lnk [2013.03.03 19:44:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.03.03 17:39:33 | 000,000,642 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.03.02 13:59:35 | 000,044,749 | ---- | C] () -- C:\Users\XXXX\Desktop\Kontoauszuege17f99749-8a29-4daf-82dd-f0dc8b568587.pdf [2013.03.01 15:33:41 | 000,000,020 | ---- | C] () -- C:\Windows\ðö· [2013.03.01 01:09:37 | 000,007,605 | ---- | C] () -- C:\Users\XXXX\AppData\Local\Resmon.ResmonCfg [2013.02.24 17:37:42 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.02.24 17:34:41 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.24 17:34:41 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.23 15:05:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.13 22:49:16 | 000,538,162 | ---- | C] () -- C:\Users\XXXX\hello.exe [2012.11.13 22:48:19 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\Hello World.cpp [2012.11.05 20:13:18 | 000,000,041 | ---- | C] () -- C:\Windows\MinGW.INI [2012.10.17 16:28:54 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\wklnhst.dat [2012.07.22 23:43:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2012.05.13 11:13:25 | 003,131,248 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.12 20:02:15 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Audacity [2012.08.16 09:41:34 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Pro [2013.03.04 12:24:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\dll-files.com [2013.03.16 00:51:37 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Dropbox [2013.03.10 01:55:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DVDVideoSoft [2012.07.03 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.01 15:38:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FreePDF [2013.03.16 00:59:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ICQ [2013.03.09 04:19:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Image-Line [2012.07.09 03:21:00 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ITTerritory [2012.07.04 20:49:27 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\LolClient [2012.07.22 23:55:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MotioninJoy [2012.05.27 10:23:11 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\OpenOffice.org [2012.05.13 14:35:56 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Opera [2013.03.03 18:04:08 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Origin [2013.03.01 15:25:24 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\PDF reDirect [2013.01.08 21:55:11 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\pdfforge [2012.10.17 16:28:56 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Template [2012.11.15 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird [2012.08.25 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > [/CODE] die Extras : OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.03.2013 01:32:22 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 47,01% Memory free
7,60 Gb Paging File | 5,34 Gb Available in Paging File | 70,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 35,45 Gb Free Space | 36,30% Space Free | Partition Type: NTFS
Drive D: | 344,26 Gb Total Space | 207,31 Gb Free Space | 60,22% Space Free | Partition Type: NTFS
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AE9939D-68B3-4A2F-81AC-01977446C092}" = rport=138 | protocol=17 | dir=out | app=system |
"{0C0B29E4-AA05-4F8B-AD32-B61E183DD0A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2205A394-ADC3-4BF9-86B5-BA811CE50A23}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24D9AD6B-D939-4D9F-9FAC-BDE7D09BBF2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25DC0536-ADCA-4A43-9373-588E75229D8D}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B184D5D-2C26-4294-A1BD-E4B8E026A122}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{357AC75D-CF1C-4514-B7FC-CC849BD14173}" = rport=137 | protocol=17 | dir=out | app=system |
"{36CF20B4-FF66-4119-907E-A8B40FD315F2}" = lport=137 | protocol=17 | dir=in | app=system |
"{3C247E2E-95AB-4486-8A03-F5621F1C6FC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B444042-33DA-4B8A-BD58-9B26EA0EBCFF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{513717D8-A836-44D4-80A5-ABD9BE8A7BC1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{6C0C628A-11EB-4364-94F7-D3313990A66C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7117A3CC-597D-4F00-AC82-D1BEBE76A627}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7AB917C3-4FE3-4DC3-B2CD-F7FBC2A8F355}" = rport=445 | protocol=6 | dir=out | app=system |
"{7B2CF712-A11F-4A6E-9999-854393F17F3D}" = rport=139 | protocol=6 | dir=out | app=system |
"{8DBDE089-EF9F-4E62-9AA1-98C2F447F3DE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A26DEF38-1E2A-42B1-BDCD-9EE26E4CDFF5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A825CECF-BF5F-4DD8-925B-64AE3E8775EC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AABC8E9B-1E13-4E8A-94D2-216DF6D1AEB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1DDAB10-FF91-4F3E-95DE-DE663FE02F4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B41E9716-7412-4179-A533-EF7194523D87}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DAC88A79-F578-49CA-A06A-EA0740C1AA1A}" = lport=138 | protocol=17 | dir=in | app=system |
"{DBB53720-FFA7-4D1B-BF4B-4BC20882AFA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB57C26E-C371-4D57-9FEE-936C25E3F384}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EF73F6E0-4047-4B8B-B214-67DEBA7B3788}" = lport=139 | protocol=6 | dir=in | app=system |
"{FC7465BC-635D-4A00-A64E-6076181D95C0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE4E0E0A-EF7F-45F9-AF71-4A25E1645A62}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0249A0BE-10F1-4492-846F-381722B7871E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{037B89C4-A895-4249-B801-5D818D1FCBC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{056574D5-2C6A-409D-A6DD-046D703ED932}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\hpitv.exe |
"{097B8E84-35BD-4620-AC63-FA53DE476B8D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qp.exe |
"{0C70B111-D7A5-4871-843C-8CEFB3D311B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{0D6C1CA2-3B32-4DDF-B91B-397D679D9D7F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10C90E55-E2D6-43F9-AA14-AEFB765933E9}" = protocol=6 | dir=out | app=system |
"{175D3CD9-E5ED-4C15-8250-DF82BF68BC87}" = protocol=17 | dir=in | app=d:\programme\origin\spiele\fifa manager 13\manager13.exe |
"{18551F3C-EB5F-4CE5-949D-F86FDE19B0BC}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{1D501ADD-7903-4802-B78F-2F2E38D2151A}" = protocol=6 | dir=in | app=d:\programme\origin\spiele\fifa manager 13\manager13.exe |
"{22E4172B-87C9-4A35-848A-56F7FA5C1043}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2B0AF981-7BA7-446C-A6ED-B2E965DBBAF9}" = protocol=17 | dir=in | app=d:\programme\icq\icq7m\icq.exe |
"{2D4A61F7-82A8-4B5A-8008-C7C2F70FD29C}" = protocol=17 | dir=in | app=c:\users\XXXX\appdata\roaming\dropbox\bin\dropbox.exe |
"{347FBC01-BECC-40E9-9122-1DDAD2182B72}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe |
"{385D3C36-9F88-4BFA-81CA-75675F221444}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3E33E0EE-6F3A-4F96-AE96-DAA690D318B9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{3EAFBBB3-7321-464A-B6A0-90C7C4D18921}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F67AAA7-08AC-44E8-A36F-DEAD48593D5F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{41991C8B-8459-4A67-99F9-986F7EFECFDD}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{4732854B-D232-40AB-B328-A176C980E65E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\itv\qpservice.exe |
"{4A0EFE69-88C0-4F66-A6E5-7061573DBE80}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5005F75A-44F3-4B20-BE5E-CDF7314E47AC}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{58F3DFC7-5267-49ED-A289-3007261EB9C8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{60C73F36-072B-423D-9860-1D7F96093736}" = protocol=17 | dir=in | app=d:\programme\icq\icq7m\icq.exe |
"{679C8D13-4BBB-4226-99E0-AD62EBCD809F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{696D2D88-3B8C-4C7A-8A13-F257B883AD69}" = protocol=6 | dir=in | app=d:\programme\icq\icq7m\icq.exe |
"{75AD4DA9-8F3C-4D69-A6B6-2773A022C594}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8AF4F405-7D85-42C6-AF40-06A2911A23E0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8B432663-A7C8-4FD4-A6C0-1254F78FABBD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{99F05C06-4B1F-4C5B-AC00-19F9B802793E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{9A7E227E-0701-4AA2-94C3-FAC9F1B9AA15}" = protocol=6 | dir=in | app=d:\programme\steam\steam.exe |
"{9AF9BB26-DA88-4BEF-B1B1-3A0681E31D25}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0BBF592-3614-4B01-95CC-FE3814DC430A}" = protocol=6 | dir=in | app=c:\users\XXXX\appdata\roaming\dropbox\bin\dropbox.exe |
"{A10D3C76-475F-4783-AB09-7ABF59D086AA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A7AFD4D3-2133-4BE2-A127-ADAA5AE2C70B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{A7B5E794-D2D4-45CE-AED0-02098F6BDFE5}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AA07B384-3DA6-4803-9C8F-0B590AB35FE5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC3BFAE2-F073-49AE-90D8-61098762A6FB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B37A1FB8-890A-4D76-ABF9-74283A46EE3B}" = protocol=6 | dir=in | app=d:\programme\icq\icq7m\icq.exe |
"{B391DBA8-2E2B-4095-8816-B1FD7AA50C24}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3C2B24D-30B4-40BE-A057-DC40047F81E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B4DEF498-B3E3-4C4F-9701-D45BA4A6B500}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{C79D3658-5830-435E-BC9F-8C3C72EDF36F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C891931E-B85D-485C-BA97-1D461C5E9EF0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CBC12BF3-C712-44E0-B43C-7DE7D1C1ABAB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2DCB46E-B4F6-43D5-97E5-B0AB8EF41643}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4F6843E-3DBC-407A-901E-B73213EA4BDF}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{D8424640-5484-4E96-9F60-9F2A757B07E0}" = protocol=17 | dir=in | app=d:\programme\steam\steam.exe |
"{DB08D6E2-5F48-4EBA-B4E4-06C4249C13DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E7526738-B971-45AF-91A1-E600A9DA2473}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E8760F11-D410-4897-A1C9-B1A8553222BC}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{EA84B014-191C-459E-A5EF-0D529572CCB3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EBE6543B-AFD8-40DB-87F7-B85850054A11}" = dir=in | app=d:\itunes\itunes.exe |
"{EDCECB26-FA7D-4C5D-8474-8DCD156B37F9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{EF97DD61-FD24-4BEB-AEB8-EBBE7D6BB1C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F29FB357-6318-40C7-8142-D70AC5F44722}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F41CDA83-FB25-4B48-940A-E8BE98D8152A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F85CE30E-CF79-4B3B-8C96-568DE0C42334}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{FC1BE4D1-60DE-4CDA-97FD-E1FE0F427FE1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{FCBA8A20-F6AB-45E7-B68B-991E81AE27AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FCC27BEB-52B3-48E4-A580-C326BD494568}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{37DCCC2B-F6A2-43E4-AB3E-4FC4DC5EB4C7}D:\programme\icq\icq7m\icq.exe" = protocol=6 | dir=in | app=d:\programme\icq\icq7m\icq.exe |
"TCP Query User{3E627986-F70D-4F93-91FB-165D82AEC0D9}C:\users\XXXX\desktop\blubvolley\blubvolley.exe" = protocol=6 | dir=in | app=c:\users\XXXX\desktop\blubvolley\blubvolley.exe |
"TCP Query User{426C813C-1DBB-4B60-BA77-AB14FC6C3156}C:\users\XXXX\desktop\blubvolley\blubvolley.exe" = protocol=6 | dir=in | app=c:\users\XXXX\desktop\blubvolley\blubvolley.exe |
"TCP Query User{626D896B-BAC3-4F58-A2B4-1187C6EDF5DB}D:\programme\anno1701\anno1701.exe" = protocol=6 | dir=in | app=d:\programme\anno1701\anno1701.exe |
"TCP Query User{B72CB920-7422-4248-B4B4-BF6219E87128}C:\users\XXXX\desktop\spiele\blubvolley\blubvolley.exe" = protocol=6 | dir=in | app=c:\users\XXXX\desktop\spiele\blubvolley\blubvolley.exe |
"TCP Query User{D6A36534-7CCC-47C5-A994-80552F448838}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F8A0BAA1-CF38-4589-8DAD-E792E43C1F0E}C:\users\XXXX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\XXXX\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{051DD814-3CBC-4C25-A06A-98FFEB423297}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{103FFB7B-126E-4929-8D36-E731FFDC6BE6}C:\users\XXXX\desktop\blubvolley\blubvolley.exe" = protocol=17 | dir=in | app=c:\users\XXXX\desktop\blubvolley\blubvolley.exe |
"UDP Query User{17701154-A8D4-4DE1-BEBE-3AC485CD4CD9}C:\users\XXXX\desktop\spiele\blubvolley\blubvolley.exe" = protocol=17 | dir=in | app=c:\users\XXXX\desktop\spiele\blubvolley\blubvolley.exe |
"UDP Query User{5E2190FE-98F4-4FBB-94E7-0554621E96CE}D:\programme\icq\icq7m\icq.exe" = protocol=17 | dir=in | app=d:\programme\icq\icq7m\icq.exe |
"UDP Query User{B866CEC9-1CD9-466C-8F95-223DB350CC29}D:\programme\anno1701\anno1701.exe" = protocol=17 | dir=in | app=d:\programme\anno1701\anno1701.exe |
"UDP Query User{BC9AD3AF-38C2-41DF-B66C-07D46FDE0D26}C:\users\XXXX\desktop\blubvolley\blubvolley.exe" = protocol=17 | dir=in | app=c:\users\XXXX\desktop\blubvolley\blubvolley.exe |
"UDP Query User{D019898F-7228-450E-8AB3-BBD192764295}C:\users\XXXX\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\XXXX\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{10A7E740-0768-4722-8D96-C320513FD7D9}" = Deutsch (Schweiz) - Custom
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{154588E8-64DE-47A0-B264-808935336159}" = Deutsch (Schweiz) - Custom
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{2C5927BD-3F65-4207-8FB5-8EDF638A3511}_is1" = SmartPCFixer 4.2
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0005
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9207D4A1-586E-49CA-A002-FC9F475AB1A3}" = HP Tone Control
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{BF931980-1D16-4AF0-BE35-D66BC1BA3E3D}" = Deutsch (Schweiz) - Neu
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EC72C7A8-377D-2A55-C6DD-7F78D8FDA75A}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F72FC7C5-5D2F-41EC-11DE-FD9F5F6D415A}" = ATI Catalyst Install Manager
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414)
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08C94F9D-EB51-D748-E299-E347A2C14A81}" = PX Profile Update
"{0CD13A6E-02F9-F579-098C-85C97FEFFC50}" = Catalyst Control Center Graphics Full Existing
"{15436D38-68EF-4D20-A794-755F54E7E955}" = HP Software Framework
"{16EB4BD9-9F50-173A-ACE7-F79018319EC9}" = CCC Help Chinese Standard
"{188E3023-961F-2760-3A2B-A8226B9FC7BD}" = Catalyst Control Center Graphics Previews Common
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20B88A14-02F9-48D4-ACEC-6D8F5F3E8A83}" = HP User Guides 0176
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{321DC370-3241-F037-05C4-5A675526BDD9}" = CCC Help Czech
"{36069430-7A6F-72E6-EF30-CA411132DB56}" = Catalyst Control Center Graphics Light
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43969854-00A9-264C-B75D-C0C6198DE080}" = CCC Help Turkish
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{590A2658-60DD-35A8-1039-73DF201ADDAE}" = CCC Help Japanese
"{64697847-F052-3DD7-545A-D738D98EDCB8}" = CCC Help French
"{64F7810B-1007-D5AC-5329-9ED3B58D280A}" = CCC Help Portuguese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{655E1AAC-FD77-AC36-8864-5084D321708F}" = CCC Help Thai
"{6ACF87EE-0C55-43DB-8861-84EC53EF3841}" = Catalyst Control Center Graphics Previews Vista
"{6BE14C99-7BA6-9BAF-556B-0EF9620326DB}" = CCC Help Italian
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B23F3F-FEE2-F533-92BA-900EC9D17FF1}" = CCC Help Spanish
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7F4BC97F-4203-8544-F472-0A04B7694FE3}" = Catalyst Control Center Localization All
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{80DD44E8-3624-AAF2-9605-CE06299DC44E}" = CCC Help Finnish
"{845B064A-E1E3-9427-9724-983C06BF3D54}" = CCC Help Danish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C0D6DC7-5B6D-3FA5-9634-17393849CD07}" = CCC Help Korean
"{8C69826D-0EEE-5786-7D26-30D238758174}" = CCC Help Chinese Traditional
"{8F0D054F-BE75-8AE7-33F0-B66A7A5732DC}" = CCC Help Dutch
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A05F9E5-B7CF-FAA4-27BF-1AB02B810C17}" = Catalyst Control Center Core Implementation
"{9ABB092F-47B1-A5FE-A565-5F0B02E0370F}" = CCC Help German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B9F4E4D8-19E3-12F7-ED3C-BD44D201B780}" = CCC Help Norwegian
"{BB553EAD-4EEC-C92E-41E3-64BFF5114635}" = CCC Help Greek
"{BDDDF6F6-7EC9-5921-98BA-83E5D727846E}" = CCC Help English
"{C1A0D5F7-02F3-4D95-872A-0E56CF968DC6}" = Catalyst Control Center - Branding
"{C371EF5D-ADA8-568F-2157-A61D266BE5E3}" = CCC Help Polish
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CBC09103-563D-87E6-FADA-BEDF944615D7}" = CCC Help Swedish
"{CC7553CB-AB4E-5BCA-DC44-54D823B83E60}" = Catalyst Control Center InstallProxy
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D89272DE-CF29-8D5C-B01A-410F06E2E903}" = ccc-core-static
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA407008-B75B-B657-0B1C-7D3394783D2A}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FBAFC032-87CF-7E5C-827D-E3BF924B1770}" = Catalyst Control Center Graphics Full New
"{FCCAFC12-0033-C4AA-A322-D086EAC3BE80}" = CCC Help Russian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"FL Studio 10" = FL Studio 10
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"LAME_is1" = LAME v3.99.3 (for Windows)
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MinGW_is1" = MinGW 3.1.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.14.1738" = Opera 12.14
"Origin" = Origin
"VLC media player" = VLC media player 2.0.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Dropbox" = Dropbox
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.02.2013 17:01:50 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12537488
Error - 28.02.2013 17:01:50 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12537488
Error - 28.02.2013 17:01:51 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.02.2013 17:01:51 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12538487
Error - 28.02.2013 17:01:51 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12538487
Error - 28.02.2013 17:01:52 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.02.2013 17:01:52 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12539626
Error - 28.02.2013 17:01:52 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12539626
Error - 28.02.2013 17:01:53 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.02.2013 17:01:53 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12540686
Error - 28.02.2013 17:01:53 | Computer Name = XXXX-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12540686
Error - 28.02.2013 21:02:04 | Computer Name = XXXX-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_TapiSrv, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc3c1 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007fefa71baa8
ID
des fehlerhaften Prozesses: 0x5dc Startzeit der fehlerhaften Anwendung: 0x01ce1505f74a7caa
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: a175ba61-820b-11e2-8885-002713d55ee1
[ HP Wireless Assistant Events ]
Error - 23.03.2010 09:08:47 | Computer Name = 2QULS2FKKEJA3 | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 06.05.2010 20:43:01 | Computer Name = WIN-6EACN708775 | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 06.05.2010 20:52:12 | Computer Name = WIN-6EACN708775 | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 13.05.2012 04:58:57 | Computer Name = XXXX-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
Error - 13.05.2012 05:15:06 | Computer Name = XXXX-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
[ System Events ]
Error - 15.03.2013 19:50:27 | Computer Name = XXXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\libusb0.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 15.03.2013 19:50:27 | Computer Name = XXXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\libusb0.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 15.03.2013 19:50:31 | Computer Name = XXXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\libusb0.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 15.03.2013 19:50:31 | Computer Name = XXXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\libusb0.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 15.03.2013 19:50:31 | Computer Name = XXXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\libusb0.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 15.03.2013 19:50:32 | Computer Name = XXXX-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\libusb0.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 15.03.2013 19:50:47 | Computer Name = XXXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LibUsb-Win32 - Daemon, Version 0.1.10.1" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2
Error - 15.03.2013 19:51:19 | Computer Name = XXXX-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst HPWMISVC erreicht.
Error - 15.03.2013 19:51:41 | Computer Name = XXXX-PC | Source = DCOM | ID = 10016
Description =
Error - 15.03.2013 19:53:21 | Computer Name = XXXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
[/CODE] und die Gamer : Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-16 02:36:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC4O 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\XXXX\AppData\Local\Temp\ugloipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075ed1465 2 bytes [ED, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075ed14bb 2 bytes [ED, 75]
.text ... * 2
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\XXXX\AppData\Local\Temp\{9087-2DF594-2DF994}
Status: Infiziert
Quarantäne-Objekt: 5a65fc70.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.250
Meldung: TR/Downloader.Gen8
Datum/Uhrzeit: 14.03.2013, 23:45
Typ: Datei
Quelle: C:\Users\XXXX\AppData\Local\Temp\{5998-2DF594-2DF994}
Status: Infiziert
Quarantäne-Objekt: 42fbd3d3.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.250
Meldung: TR/Downloader.Gen8
Datum/Uhrzeit: 14.03.2013, 23:45
Typ: Datei
Quelle: C:\Users\XXXX\AppData\Local\Temp\{FCF3-2DF594-2DF994}
Status: Infiziert
Quarantäne-Objekt: 5d92fe3d.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.250
Meldung: TR/Downloader.Gen8
Datum/Uhrzeit: 14.03.2013, 23:42
Typ: Datei
Quelle: C:\Users\XXXX\AppData\Local\Temp\{134C3-2DF594-2DF994}
Status: Infiziert
Quarantäne-Objekt: 45f5d1a5.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.250
Meldung: TR/Downloader.Gen8
Datum/Uhrzeit: 14.03.2013, 23:42
Typ: Datei
Quelle: C:\Users\XXXX\AppData\Local\Temp\Prlu\dlqpoejebl.exe
Status: Infiziert
Quarantäne-Objekt: 5e51fd0a.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.250
Meldung: TR/Matsnu.EB.130
Datum/Uhrzeit: 14.03.2013, 23:39
Typ: Datei
Quelle: C:\Users\XXXX\AppData\Local\Temp\{13E49-2DF594-2DF994}
Status: Infiziert
Quarantäne-Objekt: 59afdc37.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.250
Meldung: TR/Downloader.Gen8
Datum/Uhrzeit: 14.03.2013, 23:00
Typ: Datei
Quelle: C:\Users\XXXX\AppData\Local\Temp\{C27F-2DF594-2DF994}
Status: Infiziert
Quarantäne-Objekt: 591ed8cf.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.250
Meldung: TR/Downloader.Gen8
Datum/Uhrzeit: 14.03.2013, 22:49
Typ: Datei
Quelle: C:\Users\XXXX\AppData\Local\Temp\{76D1-2DF594-2DF994}
Status: Infiziert
Quarantäne-Objekt: 5981d5c9.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.250
Meldung: TR/Downloader.Gen8
Datum/Uhrzeit: 14.03.2013, 22:40
Typ: Datei
Quelle: C:\Users\XXXX\AppData\Local\Temp\{4415-2DF594-2DF994}
Status: Infiziert
Quarantäne-Objekt: 5a0bd561.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.16
Virendefinitionsdatei: 7.11.64.250
Meldung: TR/Downloader.Gen8
Datum/Uhrzeit: 14.03.2013, 22:28
Schonmal Danke im Vorraus und schönes Wochenende Geändert von hsvtobse (16.03.2013 um 04:02 Uhr) |
|
16.03.2013, 18:12
| #2 | ||
| /// TB-Ausbilder   | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Hallo hsvtobse und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Zitat:
Schritt 1 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
17.03.2013, 01:32
| #3 |
| | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Danke Leo , dass Sie mir bei meinem Problem helfen werden!
__________________Aber weil mir die Frage noch unklar ist ob Dateien verschlüsselt worden sind mache ich mal noch nicht weiter... Können Sie das genauer erklären wie ich merke ob Dateien verschlüsselt worden sind ? Schönen Sonntag noch. |
|
17.03.2013, 01:40
| #4 | |
| /// TB-Ausbilder | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Hi, Zitat:
Wenn nichts verändert wurde und sich die Dateien normal öffnen lassen, dann ist nichts passiert.
__________________ cheers, Leo |
|
17.03.2013, 14:43
| #5 |
| | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Im Anhang habe ich ein Bild wie es in meinem Benutzer Ordner aussieht. Wenn ich dann auf Eigene Dateien einen Doppelklick mache kommt ein Fenster mit : "Auf C:\Users\Benutzer\XXXX\Eigene Dateien kann nicht zugegriffen werden. Zugriff verweigert." Die überschrift des Fensters ist "Der Pfad ist nicht verfügbar." Bei den anderen Ordnern mit dem kleinen blauen Pfeil im weißen Kästchen kommt die gleiche Meldung. Und zum Beispiel auf Eigene Dokumente kann ich normal zugreifen und alles hat noch seinen alten Namen, oder zumindest gibt es keine abstrakte Namen. |
|
17.03.2013, 14:58
| #6 | ||
| /// TB-Ausbilder | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Hallo, Zitat:
Zitat:
__________________ --> Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware |
|
17.03.2013, 16:06
| #7 |
| | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Also dann sind hier die zwei Logs : ComboFix: Code:
ATTFilter Combofix Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.03.2013 15:48:36 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXXX\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 47,50% Memory free 7,60 Gb Paging File | 5,32 Gb Available in Paging File | 69,98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 36,52 Gb Free Space | 37,40% Space Free | Partition Type: NTFS Drive D: | 344,26 Gb Total Space | 207,31 Gb Free Space | 60,22% Space Free | Partition Type: NTFS Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXXX\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe (IDT, Inc.) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard) SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe (Andrea Electronics Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- D:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (HPWMISVC) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe () SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe (IDT, Inc.) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe (Andrea Electronics Corporation) SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (DVMIO) -- C:\Windows\SysNative\drivers\dvmio.sys (DeviceVM, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {CF24715A-748C-4878-B7D0-63A652769EE9} IE - HKLM\..\SearchScopes\{CF24715A-748C-4878-B7D0-63A652769EE9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\..\SearchScopes,DefaultScope = {6C9E4A3A-F27B-45FE-B6B0-AF57DC2F10C3} IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\..\SearchScopes\{6C9E4A3A-F27B-45FE-B6B0-AF57DC2F10C3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\..\SearchScopes\{CF24715A-748C-4878-B7D0-63A652769EE9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.hs-karlsruhe.de;<local> IE - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.hs-karlsruhe.de:8888 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.ea.com/de/fussball/login?redirectUrl=hxxp://www.ea.com/de/fussball/fifa-ultimate-team" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\FireFox\components [2013.03.08 15:41:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\FireFox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.15 14:51:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\FireFox\components [2013.03.08 15:41:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\FireFox\plugins [2012.07.03 15:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions [2013.02.28 18:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\5utap7l7.default\extensions [2013.02.28 18:31:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\5utap7l7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.11 18:39:45 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\5utap7l7.default\extensions\50ec8804a8996@50ec8804a89cf.com [2013.02.06 18:02:23 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\5utap7l7.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.12.13 22:43:46 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\firefox\profiles\5utap7l7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Picasa (Enabled) = D:\Programme\Picasa3\npPicasa3.dll CHR - plugin: VLC Web Plugin (Enabled) = D:\Programme\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Docs = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Docs = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Google Drive = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SaveByclick = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\oghgaiabghokpfokmeojjijfofddifci\1_0\ CHR - Extension: Google Mail = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.03.17 15:25:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [HPToneControl] C:\Programme\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard ) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3593367695-1810042503-887803090-1001..\Run: [ICQ] D:\Programme\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-3593367695-1810042503-887803090-1001..\Run: [Steam] D:\Programme\Steam\steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3593367695-1810042503-887803090-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\Programme\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - D:\Programme\ICQ\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47D58B4E-6FC3-4232-8399-922029D7E074}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB22EAA2-6950-4312-9B86-FC0F3F92E1D1}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.02.04 12:44:51 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.17 15:34:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.17 15:27:18 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.17 15:18:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.17 15:18:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.17 15:18:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.17 15:18:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.17 15:18:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.17 15:14:18 | 005,041,875 | R--- | C] (Swearware) -- C:\Users\XXXX\Desktop\ComboFix.exe [2013.03.16 02:59:11 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\logs zensiert [2013.03.16 01:24:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe [2013.03.14 23:21:19 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes [2013.03.14 23:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.14 23:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.14 23:20:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.14 23:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.14 23:19:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\XXXX\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.14 03:03:27 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.03.14 03:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 03:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 03:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.12 01:52:30 | 000,000,000 | ---D | C] -- C:\Users\XXXX\.thumbnails [2013.03.12 01:51:23 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\fontconfig [2013.03.12 01:51:21 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\gegl-0.2 [2013.03.12 01:51:21 | 000,000,000 | ---D | C] -- C:\Users\XXXX\.gimp-2.8 [2013.03.12 01:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.03.10 11:46:57 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Über den Wolken - Vol. 04 (2 CD) (2006) [2013.03.10 01:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.09 04:19:58 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Image-Line [2013.03.08 19:30:59 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\Neuer Ordner [2013.03.07 23:37:51 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft [2013.03.07 23:37:08 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Avira [2013.03.07 23:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.07 23:31:42 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.07 23:31:42 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.07 23:31:42 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.07 23:31:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.07 10:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.04 13:23:14 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\FUSSBALL MANAGER 13 [2013.03.04 13:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUSSBALL MANAGER 13 [2013.03.03 19:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013.03.03 19:44:58 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.03.03 19:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.03.03 17:52:56 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Origin [2013.03.03 17:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.03.03 17:29:09 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\dll-files.com [2013.02.27 10:37:32 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\FUSSBALL MANAGER 13 Demo [2013.02.27 03:46:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.02.26 20:44:30 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Origin [2013.02.26 20:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.02.24 17:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.02.23 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\fp_11.4.402.287_archive [2013.02.18 10:50:46 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Desktop\HH [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.17 15:41:52 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 15:41:52 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 15:40:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.17 15:40:15 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.17 15:40:15 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.17 15:40:15 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.17 15:40:15 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.17 15:39:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.17 15:34:08 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.17 15:33:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.17 15:33:48 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys [2013.03.17 15:25:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.17 15:14:50 | 005,041,875 | R--- | M] (Swearware) -- C:\Users\XXXX\Desktop\ComboFix.exe [2013.03.17 14:34:08 | 000,052,819 | ---- | M] () -- C:\Users\XXXX\Desktop\TrojanerBoard.png [2013.03.16 03:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.16 02:47:14 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.16 01:49:33 | 000,377,856 | ---- | M] () -- C:\Users\XXXX\Desktop\gmer_2.1.19155.exe [2013.03.16 01:24:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe [2013.03.16 01:04:32 | 000,000,000 | ---- | M] () -- C:\Users\XXXX\defogger_reenable [2013.03.16 01:03:13 | 000,050,477 | ---- | M] () -- C:\Users\XXXX\Desktop\Defogger.exe [2013.03.14 23:20:06 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\XXXX\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.13 22:45:39 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.12 11:58:22 | 000,006,986 | ---- | M] () -- C:\Users\XXXX\AppData\Local\recently-used.xbel [2013.03.12 11:49:49 | 000,002,149 | ---- | M] () -- C:\Users\XXXX\Desktop\images.gif [2013.03.12 01:51:06 | 000,002,019 | ---- | M] () -- C:\Users\XXXX\Desktop\default.gif [2013.03.10 21:33:26 | 000,049,313 | ---- | M] () -- C:\Users\XXXX\Desktop\ipad-wallpaper-schwarz.jpg [2013.03.10 01:55:12 | 000,001,199 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.03.10 01:55:12 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.03.07 23:31:51 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.04 13:10:44 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\FUSSBALL MANAGER 13.lnk [2013.03.03 20:06:45 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.03.03 19:44:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.03.03 19:22:24 | 000,374,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.03 17:39:33 | 000,000,642 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.03.02 13:59:36 | 000,044,749 | ---- | M] () -- C:\Users\XXXX\Desktop\Kontoauszuege17f99749-8a29-4daf-82dd-f0dc8b568587.pdf [2013.03.01 15:33:41 | 000,000,020 | ---- | M] () -- C:\Windows\ðö· [2013.03.01 01:09:37 | 000,007,605 | ---- | M] () -- C:\Users\XXXX\AppData\Local\Resmon.ResmonCfg [2013.02.28 09:35:43 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.17 15:18:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.17 15:18:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.17 15:18:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.17 15:18:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.17 15:18:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.17 14:34:08 | 000,052,819 | ---- | C] () -- C:\Users\XXXX\Desktop\TrojanerBoard.png [2013.03.16 01:49:33 | 000,377,856 | ---- | C] () -- C:\Users\XXXX\Desktop\gmer_2.1.19155.exe [2013.03.16 01:04:32 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\defogger_reenable [2013.03.16 01:03:13 | 000,050,477 | ---- | C] () -- C:\Users\XXXX\Desktop\Defogger.exe [2013.03.14 23:20:41 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.12 11:58:22 | 000,006,986 | ---- | C] () -- C:\Users\XXXX\AppData\Local\recently-used.xbel [2013.03.12 01:51:06 | 000,002,019 | ---- | C] () -- C:\Users\XXXX\Desktop\default.gif [2013.03.12 01:49:44 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.03.12 01:23:52 | 000,002,149 | ---- | C] () -- C:\Users\XXXX\Desktop\images.gif [2013.03.10 21:33:26 | 000,049,313 | ---- | C] () -- C:\Users\XXXX\Desktop\ipad-wallpaper-schwarz.jpg [2013.03.10 01:55:12 | 000,001,199 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.03.10 01:55:12 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.03.07 23:31:51 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.04 13:10:44 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\FUSSBALL MANAGER 13.lnk [2013.03.03 19:44:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.03.03 17:39:33 | 000,000,642 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.03.02 13:59:35 | 000,044,749 | ---- | C] () -- C:\Users\XXXX\Desktop\Kontoauszuege17f99749-8a29-4daf-82dd-f0dc8b568587.pdf [2013.03.01 15:33:41 | 000,000,020 | ---- | C] () -- C:\Windows\ðö· [2013.03.01 01:09:37 | 000,007,605 | ---- | C] () -- C:\Users\XXXX\AppData\Local\Resmon.ResmonCfg [2013.02.24 17:37:42 | 000,002,143 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.02.24 17:34:41 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.24 17:34:41 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.23 15:05:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.13 22:48:19 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\Hello World.cpp [2012.11.05 20:13:18 | 000,000,041 | ---- | C] () -- C:\Windows\MinGW.INI [2012.10.17 16:28:54 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\AppData\Roaming\wklnhst.dat [2012.07.22 23:43:18 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2012.05.13 11:13:25 | 003,131,248 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.12 20:02:15 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Audacity [2012.08.16 09:41:34 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Pro [2013.03.04 12:24:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\dll-files.com [2013.03.17 14:44:57 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Dropbox [2013.03.10 01:55:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DVDVideoSoft [2012.07.03 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.01 15:38:01 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FreePDF [2013.03.17 14:44:12 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ICQ [2013.03.09 04:19:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Image-Line [2012.07.09 03:21:00 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ITTerritory [2012.07.04 20:49:27 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\LolClient [2012.07.22 23:55:05 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\MotioninJoy [2012.05.27 10:23:11 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\OpenOffice.org [2012.05.13 14:35:56 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Opera [2013.03.03 18:04:08 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Origin [2013.03.01 15:25:24 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\PDF reDirect [2013.01.08 21:55:11 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\pdfforge [2012.10.17 16:28:56 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Template [2012.11.15 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird [2012.08.25 18:49:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > [/CODE] soll ich nur für die Logs die AntivirenSoftware deaktivieren oder immer? |
|
17.03.2013, 16:17
| #8 | |
| /// TB-Ausbilder | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Hallo, Zitat:
Wie läuft der Rechner? Schritt 1
Code:
ATTFilter :OTL
[2013.03.01 15:33:41 | 000,000,020 | ---- | C] () -- C:\Windows\ðö·
:commands
[emptytemp]
Schritt 2 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 3 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
17.03.2013, 16:44
| #9 |
| | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Von Schritt 1 der Log Bericht ist leer, soll ich es nochmal versuchen ? In dem zu übernehmenden Code musste ich ja nicht meinen Benutzernamen reineditieren oder habe ich das übersehen ? |
|
17.03.2013, 16:50
| #10 | ||
| /// TB-Ausbilder | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von MalwareZitat:
Zitat:
__________________ cheers, Leo |
|
17.03.2013, 17:09
| #11 |
| | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Hab das wie in der Beschreibung gemacht aber nach dem drücken auf FIX stand oben sofort keine rückmeldung und dann kam das fenster das ich durch ein Bild im Anhang festgehalten habe. Jetzt hängt der Laptop und ich kann nichts mehr machen. Soll ich ihn durch drücken des Power Schalters zum runterfahren bringen ? alt + strg + delete klappt auch nicht Geändert von hsvtobse (17.03.2013 um 17:21 Uhr) |
|
17.03.2013, 18:45
| #12 |
| /// TB-Ausbilder | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Ja, schiess den Rechner ab. Danach versuch denn Fix noch einmal, aber dieses Mal so:
Code:
ATTFilter :commands
[emptytemp]
__________________ cheers, Leo |
|
17.03.2013, 22:51
| #13 |
| | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Jetzt hat es geklappt hier der Log Code:
ATTFilter All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
User: Public
->Temp folder emptied: 0 bytes
User: XXXX
->Temp folder emptied: 6225 bytes
->Temporary Internet Files folder emptied: 8765090 bytes
->Java cache emptied: 29416 bytes
->FireFox cache emptied: 75445869 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 164382720 bytes
->Opera cache emptied: 55692435 bytes
->Flash cache emptied: 1719 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715865 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85096 bytes
RecycleBin emptied: 384 bytes
Total Files Cleaned = 292,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03172013_224529
Files\Folders moved on Reboot...
C:\Users\XXXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
17.03.2013, 22:53
| #14 |
| /// TB-Ausbilder | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Prima, fehlen nur noch die Logs von ESET und SecurityCheck.
__________________ cheers, Leo |
|
17.03.2013, 23:00
| #15 |
| | Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware Wusste nicht das ich sofort weiter machen soll, aber hab da eh noch eine Frage : Ich habe hier eine externe Festplatte, soll ich diese bei dem Schritt mit Eset anschließen und wenn ja was bringt das? besteht keine Gefahr das der Virus auf die Festplatte kommt ? |
|
| Themen zu Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware |
| .zip datei, antivir, autorun, avira, bho, bonjour, browser.exe, converter, enigma, entfernen, error, excel, failed, firefox, flash player, format, home, igdpmd64.sys, install.exe, installation, launch, libusb0.sys, malware, mp3, office 2007, picasa, plug-in, popup, realtek, registry, rundll, savebyclick, security, smartpcfixer, software, symantec, tr/downloader.gen8, trojaner, unknown mbr, wrapper |
Textbox.
Linear-Darstellung
