| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Win32.Hosts2.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.03.2013, 22:16
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojan.Win32.Hosts2.gen Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.03.2013, 23:19
| #17 |
 | Trojan.Win32.Hosts2.gen Erledigt!
__________________Datei ist zu groß, daher als Zip angehängt. Ein Neustart war übrigens nötig. Es kam die von Dir vermutete Fehlermeldung! ...Hast Du eigentlich einen bestimmten Verdacht oder schließen wir "nur" Schritt für Schritt alle möglichen Probleme aus? |
|
31.03.2013, 00:56
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen JRT - Junkware Removal Tool
__________________Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ |
|
31.03.2013, 12:37
| #19 |
| | Trojan.Win32.Hosts2.genCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.8 (03.31.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Snoopy on 31.03.2013 at 12:11:07,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-983539813-1485151683-2393451822-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.eb_explorerbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.eb_explorerbar.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.fh_hookeventsink
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.fh_hookeventsink.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.ipm_printlistitem
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.ipm_printlistitem.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_dialogeventshandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_dialogeventshandler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_launcher
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_launcher.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_printmanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pm_printmanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_bindstatuscallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_bindstatuscallback.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_cancelbuttoneventhandler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_cancelbuttoneventhandler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_printdialogcallback
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.pr_printdialogcallback.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.tbtoolband
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.tbtoolband.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.useroptions
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolband.useroptions.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2613550
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Snoopy\appdata\locallow\conduit"
~~~ FireFox
Successfully deleted: [File] C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\user.js
Successfully deleted: [Folder] C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\conduitcommon
Successfully deleted the following from C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\prefs.js
user_pref("CT2613550..clientLogIsEnabled", false);
user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2613550.CTID", "ct2613550");
user_pref("CT2613550.CurrentServerDate", "25-6-2012");
user_pref("CT2613550.DialogsAlignMode", "LTR");
user_pref("CT2613550.DialogsGetterLastCheckTime", "Mon Jun 25 2012 17:34:33 GMT+0200");
user_pref("CT2613550.DownloadReferralCookieData", "");
user_pref("CT2613550.EMailNotifierPollDate", "Sat Aug 14 2010 21:13:39 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602533", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602539", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602545", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602551", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602557", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602563", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602569", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602575", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602581", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602587", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602593", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602599", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602605", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602611", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602617", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602623", "Sat Aug 14 2010 21:13:39 GMT+0200");
user_pref("CT2613550.FeedPollDate129254982599602629", "Sat Aug 14 2010 21:13:39 GMT+0200");
user_pref("CT2613550.FeedTTL129254982599602545", 5);
user_pref("CT2613550.FeedTTL129254982599602551", 5);
user_pref("CT2613550.FeedTTL129254982599602575", 2);
user_pref("CT2613550.FeedTTL129254982599602605", 5);
user_pref("CT2613550.FeedTTL129254982599602617", 30);
user_pref("CT2613550.FirstServerDate", "14-8-2010");
user_pref("CT2613550.FirstTime", true);
user_pref("CT2613550.FirstTimeFF3", true);
user_pref("CT2613550.FirstTimeSettingsDone", true);
user_pref("CT2613550.FixPageNotFoundErrors", true);
user_pref("CT2613550.GroupingServerCheckInterval", 1440);
user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2613550.HasUserGlobalKeys", true);
user_pref("CT2613550.Initialize", true);
user_pref("CT2613550.InitializeCommonPrefs", true);
user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
user_pref("CT2613550.InstallationType", "UnknownIntegration");
user_pref("CT2613550.InstalledDate", "Sat Aug 14 2010 21:13:08 GMT+0200");
user_pref("CT2613550.IsGrouping", false);
user_pref("CT2613550.IsMulticommunity", false);
user_pref("CT2613550.IsOpenThankYouPage", false);
user_pref("CT2613550.IsOpenUninstallPage", true);
user_pref("CT2613550.LanguagePackLastCheckTime", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2613550.LastLogin_2.6.0.15", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.LastLogin_3.12.0.7", "Wed Apr 25 2012 16:21:57 GMT+0200");
user_pref("CT2613550.LastLogin_3.12.2.3", "Wed May 30 2012 17:59:06 GMT+0200");
user_pref("CT2613550.LastLogin_3.13.0.6", "Mon Jun 25 2012 17:34:30 GMT+0200");
user_pref("CT2613550.LatestVersion", "3.13.0.6");
user_pref("CT2613550.Locale", "de-de");
user_pref("CT2613550.LoginCache", 4);
user_pref("CT2613550.MCDetectTooltipHeight", "83");
user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2613550.MCDetectTooltipWidth", "295");
user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
user_pref("CT2613550.RadioIsPodcast", false);
user_pref("CT2613550.RadioMediaID", "8546");
user_pref("CT2613550.RadioMediaType", "Media Player");
user_pref("CT2613550.RadioMenuSelectedID", "EBRadioMenu_CT26135508546");
user_pref("CT2613550.RadioStationName", "Radio%208");
user_pref("CT2613550.RadioStationURL", "hxxp://stream.radio8.de:8000/live.m3u");
user_pref("CT2613550.SHRINK_TOOLBAR", 1);
user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct2613550&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2613550.SearchFromAddressBarIsInit", true);
user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=");
user_pref("CT2613550.SearchInNewTabEnabled", true);
user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2613550.ServiceMapLastCheckTime", "Mon Jun 25 2012 17:58:36 GMT+0200");
user_pref("CT2613550.SettingsCheckIntervalMin", 120);
user_pref("CT2613550.SettingsLastCheckTime", "Sat Aug 14 2010 21:13:08 GMT+0200");
user_pref("CT2613550.SettingsLastUpdate", "1281567207");
user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Sat Aug 14 2010 21:13:03 GMT+0200");
user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2613550.UserID", "UN40071043949495782");
user_pref("CT2613550.WeatherNetwork", "");
user_pref("CT2613550.WeatherPollDate", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CT2613550.WeatherUnit", "C");
user_pref("CT2613550.alertChannelId", "1006347");
user_pref("CT2613550.clientLogIsEnabled", false);
user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2613550.components.1000082", true);
user_pref("CT2613550.components.1000234", true);
user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 374);
user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
user_pref("CT2613550.ct2613550.InvalidateCache", false);
user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Sun Jun 24 2012 20:13:27 GMT+0200");
user_pref("CT2613550.ct2613550.Locale", "de-de");
user_pref("CT2613550.ct2613550.RadioLastCheckTime", "Sat Aug 14 2010 21:13:37 GMT+0200");
user_pref("CT2613550.ct2613550.RadioLastUpdateIPServer", "3");
user_pref("CT2613550.ct2613550.RadioLastUpdateServer", "0");
user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2613550&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Sun Jun 24 2012 20:13:25 GMT+0200");
user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Mon Jun 25 2012 17:34:18 GMT+0200");
user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1337169810");
user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Sat Aug 14 2010 21:13:36 GMT+0200");
user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Sun Jun 24 2012 20:13:27 GMT+0200");
user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2613550.homepageProtectorEnableByLogin", true);
user_pref("CT2613550.initDone", true);
user_pref("CT2613550.myStuffEnabled", true);
user_pref("CT2613550.myStuffPublihserMinWidth", 400);
user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2613550.revertSettingsEnabled", true);
user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
user_pref("CT2613550.searchProtectorEnableByLogin", true);
user_pref("CT2613550.testingCtid", "");
user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2613550.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550", "\"2807e408f5757591aa14689b75d39e791\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550", "\"84df7a85bec3b2a3dd055a4bedea5adc\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/634084971246361250.png", "\"462e8b16c4eaca1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"5efe83b96acb0439b16a83e166b1f7ff\"");
user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?fr=ffbr-nb&p=");
user_pref("CommunityToolbar.ToolbarsList", "CT2613550,ConduitEngine");
user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 06 2011 19:42:38 GMT+0200");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 19:35:19 GMT+0200");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 19:35:11 GMT+0200");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "01b710ef-dfee-42f3-8c4c-ac0b53ce030c");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 14 2010 21:13:38 GMT+0200");
user_pref("CommunityToolbar.globalUserId", "753e3dfc-a740-4707-baf1-9b02e847a211");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jun 18 2011 10:15:45 GMT+0200");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jun 20 2011 17:28:06 GMT+0200");
user_pref("ConduitEngine.FirstServerDate", "05/06/2011 20");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstalledDate", "Fri May 06 2011 19:42:41 GMT+0200");
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", true);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.UserID", "UN88716286718011458");
user_pref("ConduitEngine.componentAlertEnabled", false);
user_pref("ConduitEngine.engineLocale", "de");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Jun 22 2011 19:35:12 GMT+0200");
user_pref("ConduitEngine.initDone", true);
user_pref("ConduitEngine.isAppTrackingManagerOn", true);
user_pref("ConduitEngine.usagesFlag", 2);
Emptied folder: C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\minidumps [112 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2013 at 12:18:59,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 31/03/2013 um 13:02:06 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Snoopy - SNOOPY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Snoopy\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Snoopy\AppData\Roaming\Mozilla\Firefox\Profiles\ex9yldm4.default\searchplugins\zonealarm.xml
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Snoopy\AppData\Roaming\Mozilla\Firefox\Profiles\ex9yldm4.default\prefs.js
Gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/6340849712463612[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
*************************
AdwCleaner[S1].txt - [2707 octets] - [31/03/2013 13:02:06]
########## EOF - C:\AdwCleaner[S1].txt - [2767 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.03.2013 13:17:56 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 47,89% Memory free 4,23 Gb Paging File | 2,79 Gb Available in Paging File | 65,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 102,51 Gb Total Space | 28,26 Gb Free Space | 27,57% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 5,54 Gb Free Space | 14,19% Space Free | Partition Type: NTFS Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,48% Space Free | Partition Type: NTFS Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Comodo\Dragon\dragon_updater.exe () PRC - C:\Users\Snoopy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.) PRC - C:\Programme\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.) PRC - C:\Programme\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.) PRC - C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Programme\Comodo\COMODO Internet Security\cis.exe (COMODO) PRC - C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO) PRC - C:\Programme\Comodo\COMODO Internet Security\cavwp.exe (COMODO) PRC - C:\Programme\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\HCWemMON.exe (eMPIA Technology, Inc.) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll () MOD - C:\WINDOWS\System32\hauppauge\hauppaugemcmpgdec.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (DragonUpdater) -- C:\Programme\Comodo\Dragon\dragon_updater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (CLPSLauncher) -- C:\Programme\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.) SRV - (cmdAgent) -- C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (cmdvirth) -- C:\Programme\Comodo\COMODO Internet Security\cmdvirth.exe (COMODO) SRV - (GeekBuddyRSP) -- C:\Programme\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (CLSched) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\Sandra.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Snoopy\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (inspect) -- C:\WINDOWS\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\WINDOWS\System32\drivers\cmdhlp.sys (COMODO) DRV - (cmdGuard) -- C:\WINDOWS\System32\drivers\cmdguard.sys (COMODO) DRV - (cmderd) -- C:\WINDOWS\System32\drivers\cmderd.sys (COMODO) DRV - (CFRMD) -- C:\WINDOWS\System32\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia) DRV - (epmntdrv) -- C:\WINDOWS\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\System32\EuGdiDrv.sys () DRV - (cpuz135) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys (CPUID) DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia) DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (Afc) -- C:\WINDOWS\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (USB28xxBGA) -- C:\WINDOWS\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{F61F5D9B-DBC6-4C46-AFF0-FB5B955A1936}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://mt-online.de/" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..keyword.URL: "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=fb84af95d67d41a9becb47a6df5d442f&tu=10G90006f1B000v&sku=&tstsId=&ver=&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:02:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 22:02:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.17 15:38:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:02:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 22:02:40 | 000,000,000 | ---D | M] [2009.04.18 20:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Extensions [2013.03.16 17:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions [2012.11.30 22:01:38 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.07.08 21:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.13 11:07:30 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.12.20 15:49:41 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\firefox@tvunetworks.com [2013.03.08 22:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 22:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.03.08 22:02:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.03.08 22:02:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.01.20 13:21:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.20 13:21:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.20 13:21:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.20 13:21:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.20 13:21:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.20 13:21:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.30 23:42:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [COMODO Internet Security] C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO) O4 - HKLM..\Run: [emMON] C:\Windows\HCWemMON.exe (eMPIA Technology, Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88A1D3D2-DF7C-4E68-8DB4-042459EB3F3D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.01.21 18:59:44 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.31 12:10:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.31 12:10:14 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.31 12:09:00 | 000,550,772 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Snoopy\Desktop\JRT.exe [2013.03.30 23:58:03 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.30 23:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.30 23:27:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.30 23:27:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.30 23:27:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.30 23:27:30 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.03.30 23:27:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.30 23:26:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.30 23:24:30 | 005,045,456 | R--- | C] (Swearware) -- C:\Users\Snoopy\Desktop\ComboFix.exe [2013.03.30 21:55:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe [2013.03.30 21:18:31 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe [2013.03.29 15:48:07 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\mbar-1.01.0.1021 [2013.03.26 10:27:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe [2013.03.23 21:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.17 16:04:59 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autokauf [2013.03.16 20:40:42 | 000,000,000 | ---D | C] -- C:\VTRoot [2013.03.16 20:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO [2013.03.16 20:11:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space [2013.03.16 20:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2013.03.16 20:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo [2013.03.16 20:08:57 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Local\Comodo [2013.03.16 20:08:46 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll [2013.03.16 20:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo [2013.03.16 20:08:38 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2013.03.16 20:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2013.03.16 20:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2013.03.16 19:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.16 19:36:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.16 19:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.15 20:18:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.14 12:04:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.14 12:04:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.14 12:04:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.14 12:04:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.14 12:04:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.14 12:04:31 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.14 12:04:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.14 12:04:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.11 23:00:30 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autoverkauf [2013.03.08 22:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.02 18:35:08 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Avira [2013.03.02 18:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.02 18:28:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.02 18:28:34 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.02 18:28:34 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.02 18:28:34 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.02 18:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.02 18:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.03.02 13:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.02 13:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.02 13:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.03.02 13:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes ========== Files - Modified Within 30 Days ========== [2013.03.31 13:09:29 | 000,637,318 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.31 13:09:29 | 000,604,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.31 13:09:29 | 000,129,900 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.31 13:09:29 | 000,107,710 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.31 13:07:20 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2013.03.31 13:06:50 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.31 13:06:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.31 13:04:46 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.03.31 13:04:46 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.31 13:04:46 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.31 13:04:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.31 12:59:43 | 000,609,993 | ---- | M] () -- C:\Users\Snoopy\Desktop\adwcleaner.exe [2013.03.31 12:41:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.31 12:09:02 | 000,550,772 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Snoopy\Desktop\JRT.exe [2013.03.30 23:42:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.30 23:25:00 | 005,045,456 | R--- | M] (Swearware) -- C:\Users\Snoopy\Desktop\ComboFix.exe [2013.03.30 21:55:40 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe [2013.03.30 21:20:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe [2013.03.30 21:11:10 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.30 21:11:10 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.30 21:11:10 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.30 19:15:46 | 000,696,823 | ---- | M] () -- C:\Users\Snoopy\Desktop\Förderantrag II.odt [2013.03.29 16:34:03 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll [2013.03.29 15:18:11 | 000,377,856 | ---- | M] () -- C:\Users\Snoopy\Desktop\gmer_2.1.19155.exe [2013.03.26 10:28:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe [2013.03.19 22:07:04 | 000,000,680 | ---- | M] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat [2013.03.17 16:45:03 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Snoopy\Desktop\rkill.com [2013.03.16 20:33:59 | 000,001,920 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2013.03.16 20:08:38 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2013.03.16 19:36:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 22:21:58 | 000,005,049 | -H-- | M] () -- C:\Windows\System32\BTImages.dat [2013.03.13 19:41:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.13 19:41:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.02 18:17:58 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.02 13:31:10 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2013.03.31 12:59:41 | 000,609,993 | ---- | C] () -- C:\Users\Snoopy\Desktop\adwcleaner.exe [2013.03.30 23:27:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.30 23:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.30 23:27:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.30 23:27:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.30 23:27:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.29 17:43:43 | 000,696,823 | ---- | C] () -- C:\Users\Snoopy\Desktop\Förderantrag II.odt [2013.03.29 15:18:06 | 000,377,856 | ---- | C] () -- C:\Users\Snoopy\Desktop\gmer_2.1.19155.exe [2013.03.16 20:09:19 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2013.03.16 19:36:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 13:31:10 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.18 22:08:52 | 000,005,049 | -H-- | C] () -- C:\Windows\System32\BTImages.dat [2011.07.21 20:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.07.21 20:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.04.10 17:31:05 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2011.04.10 17:31:05 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2011.04.10 17:31:05 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2011.04.10 17:31:05 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2011.04.10 17:31:05 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2011.03.22 19:26:19 | 000,000,680 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat [2009.05.27 00:34:46 | 000,001,873 | ---- | C] () -- C:\Users\Snoopy\HP Hilfe und Support.lnk [2009.04.22 20:58:05 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.001 [2009.04.21 21:31:46 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.dat [2009.04.18 20:26:19 | 000,015,360 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.03.2013 13:17:56 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 47,89% Memory free
4,23 Gb Paging File | 2,79 Gb Available in Paging File | 65,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,51 Gb Total Space | 28,26 Gb Free Space | 27,57% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,54 Gb Free Space | 14,19% Space Free | Partition Type: NTFS
Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,48% Space Free | Partition Type: NTFS
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Classes\<extension>]
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{365537D5-C461-46AD-91AF-897CD74EA676}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B47EACD4-623D-4647-993E-AB1FA701240D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe |
"{DE5E1087-5193-4216-ACC7-0525AB5CA25B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228A19E-6DF1-4086-A333-FFCACACF5C9A}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{08389515-F3A0-4BF1-857A-135A820B3F4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19E288B8-7352-4821-8AEB-9FC03FF92D54}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{2785AEB8-DFB0-4524-B68E-23480B819D5E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3ABE46CA-218E-4A86-B472-1B42B276FE02}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{3E4A0641-DD67-4340-82F1-B0205382F223}" = protocol=17 | dir=in | app=f:\libneap.dll |
"{4C6FC659-ACD0-4307-8026-0AB179A7DA18}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5550A339-863B-44C5-99C2-8E430F5FF2D9}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{578BC20F-67CE-4331-B376-2716A73C89D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AAF7E0F-2817-4E6D-924F-B9E12896949C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5B49C7-A467-4392-BF2D-A7381D52F5F2}" = protocol=17 | dir=in | app=f:\dwizard300.exe |
"{872A3F6C-F42F-42A6-8F06-970A542D7710}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8DF8919C-7C82-4B68-B2B2-EAFF28112F39}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{904D6CF5-0DB2-4BA0-8E65-57AF59B0FD84}" = protocol=6 | dir=in | app=f:\dwizard300.exe |
"{95293639-9B15-4331-833D-B48EBB6E9104}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{9D55DE73-E554-4402-BBC5-B0EEE78E6CDB}" = protocol=6 | dir=in | app=f:\libneap.dll |
"{A52442A5-8C12-4729-9C2D-70EF6C2222ED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B063581F-E7DC-4807-96A4-00F6C31EF999}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C1F9466C-9566-4FDB-9342-E101D2813CEA}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EE8075DD-6B6D-4897-B5A2-DA616A920DB5}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{F927BD2C-4D37-4A3D-9BB0-C2DC58AB1453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58A8CAD0-0FC7-4091-B73B-1D76552B0507}" = GeekBuddy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1430C24-93CF-4182-9252-B333A76F2CDD}" = Garmin Training Center
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Comodo Dragon" = Comodo Dragon
"Corel Applications" = Corel Applications
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Online Manuals for WinTV (German)" = Online Manuals for WinTV (German)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.4.5.1
"VLC media player" = VLC media player 1.1.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.03.2013 06:50:58 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.03.2013 06:51:01 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 117453
Error - 31.03.2013 06:51:01 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 117453
Error - 31.03.2013 06:51:05 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.03.2013 06:51:05 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 123771
Error - 31.03.2013 06:51:05 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 123771
Error - 31.03.2013 06:57:09 | Computer Name = Snoopy-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 31.03.2013 06:57:10 | Computer Name = Snoopy-PC | Source = Windows Search Service | ID = 3013
Description =
[ OSession Events ]
Error - 14.10.2012 12:36:05 | Computer Name = Snoopy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 31.03.2013 07:06:14 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31.03.2013 07:06:36 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 31.03.2013 07:06:36 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
01.04.2013, 14:06
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.genZitat:
Mach nach der Deinstallation von Comodo bitte ein neues OTL-Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.04.2013, 15:41
| #21 |
| | Trojan.Win32.Hosts2.gen OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.04.2013 16:25:29 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,27% Memory free 4,23 Gb Paging File | 3,25 Gb Available in Paging File | 76,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 102,51 Gb Total Space | 28,06 Gb Free Space | 27,37% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 5,38 Gb Free Space | 13,78% Space Free | Partition Type: NTFS Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,47% Space Free | Partition Type: NTFS Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Snoopy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () PRC - C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\HCWemMON.exe (eMPIA Technology, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (CLSched) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\Sandra.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Snoopy\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia) DRV - (epmntdrv) -- C:\WINDOWS\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\System32\EuGdiDrv.sys () DRV - (cpuz135) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys (CPUID) DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia) DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (Afc) -- C:\WINDOWS\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (USB28xxBGA) -- C:\WINDOWS\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{F61F5D9B-DBC6-4C46-AFF0-FB5B955A1936}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://mt-online.de/" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..keyword.URL: "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=fb84af95d67d41a9becb47a6df5d442f&tu=10G90006f1B000v&sku=&tstsId=&ver=&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:02:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 22:02:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.17 15:38:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 22:02:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 22:02:40 | 000,000,000 | ---D | M] [2009.04.18 20:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Extensions [2013.04.01 16:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions [2012.11.30 22:01:38 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.07.08 21:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.13 11:07:30 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.03.08 22:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 22:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.03.08 22:02:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.03.08 22:02:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.01.20 13:21:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.20 13:21:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.20 13:21:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.20 13:21:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.20 13:21:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.20 13:21:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.30 23:42:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] "C:\Users\Snoopy\AppData\Local\Temp\cis1825.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82} File not found O4 - HKLM..\Run: [emMON] C:\Windows\HCWemMON.exe (eMPIA Technology, Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88A1D3D2-DF7C-4E68-8DB4-042459EB3F3D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.01.21 18:59:44 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.31 12:10:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.31 12:10:14 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.31 12:09:00 | 000,550,772 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Snoopy\Desktop\JRT.exe [2013.03.30 23:58:03 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.30 23:56:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.30 23:27:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.30 23:27:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.30 23:27:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.30 23:27:30 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.03.30 23:27:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.30 23:26:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.30 23:24:30 | 005,045,456 | R--- | C] (Swearware) -- C:\Users\Snoopy\Desktop\ComboFix.exe [2013.03.30 21:55:34 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe [2013.03.30 21:18:31 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe [2013.03.29 15:48:07 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\mbar-1.01.0.1021 [2013.03.26 10:27:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe [2013.03.17 16:04:59 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autokauf [2013.03.16 20:40:42 | 000,000,000 | ---D | C] -- C:\VTRoot [2013.03.16 20:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2013.03.16 20:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo [2013.03.16 20:08:38 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2013.03.16 20:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2013.03.16 20:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2013.03.16 19:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.16 19:36:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.16 19:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.15 20:18:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.14 12:04:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.14 12:04:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.14 12:04:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.14 12:04:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.14 12:04:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.14 12:04:31 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.14 12:04:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.14 12:04:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.11 23:00:30 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autoverkauf [2013.03.08 22:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.02 18:35:08 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Avira [2013.03.02 18:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.02 18:28:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.02 18:28:34 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.02 18:28:34 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.02 18:28:34 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.02 18:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.02 18:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira ========== Files - Modified Within 30 Days ========== [2013.04.01 16:29:05 | 000,637,318 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.01 16:29:05 | 000,604,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.01 16:29:05 | 000,129,900 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.01 16:29:05 | 000,107,710 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.01 16:21:54 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2013.04.01 16:21:36 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.01 16:21:22 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.04.01 16:21:22 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 16:21:22 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 16:21:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.01 16:18:00 | 000,031,774 | ---- | M] () -- C:\Windows\Irremote.ini [2013.04.01 16:06:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.01 15:41:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.31 12:59:43 | 000,609,993 | ---- | M] () -- C:\Users\Snoopy\Desktop\adwcleaner.exe [2013.03.31 12:09:02 | 000,550,772 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Snoopy\Desktop\JRT.exe [2013.03.30 23:42:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.03.30 23:25:00 | 005,045,456 | R--- | M] (Swearware) -- C:\Users\Snoopy\Desktop\ComboFix.exe [2013.03.30 21:55:40 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Snoopy\Desktop\tdsskiller.exe [2013.03.30 21:20:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Snoopy\Desktop\aswMBR.exe [2013.03.30 21:11:10 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.30 21:11:10 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.30 21:11:10 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.30 19:15:46 | 000,696,823 | ---- | M] () -- C:\Users\Snoopy\Desktop\Förderantrag II.odt [2013.03.29 15:18:11 | 000,377,856 | ---- | M] () -- C:\Users\Snoopy\Desktop\gmer_2.1.19155.exe [2013.03.26 10:28:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe [2013.03.19 22:07:04 | 000,000,680 | ---- | M] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat [2013.03.17 16:45:03 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Snoopy\Desktop\rkill.com [2013.03.16 20:08:38 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2013.03.16 19:36:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 22:21:58 | 000,005,049 | -H-- | M] () -- C:\Windows\System32\BTImages.dat [2013.03.13 19:41:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.13 19:41:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.02 18:17:58 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys ========== Files Created - No Company Name ========== [2013.03.31 12:59:41 | 000,609,993 | ---- | C] () -- C:\Users\Snoopy\Desktop\adwcleaner.exe [2013.03.30 23:27:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.30 23:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.30 23:27:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.30 23:27:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.30 23:27:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.29 17:43:43 | 000,696,823 | ---- | C] () -- C:\Users\Snoopy\Desktop\Förderantrag II.odt [2013.03.29 15:18:06 | 000,377,856 | ---- | C] () -- C:\Users\Snoopy\Desktop\gmer_2.1.19155.exe [2013.03.16 19:36:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.18 22:08:52 | 000,005,049 | -H-- | C] () -- C:\Windows\System32\BTImages.dat [2011.07.21 20:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.07.21 20:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.04.10 17:31:05 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2011.04.10 17:31:05 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2011.04.10 17:31:05 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2011.04.10 17:31:05 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2011.04.10 17:31:05 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2011.03.22 19:26:19 | 000,000,680 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat [2009.05.27 00:34:46 | 000,001,873 | ---- | C] () -- C:\Users\Snoopy\HP Hilfe und Support.lnk [2009.04.22 20:58:05 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.001 [2009.04.21 21:31:46 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.dat [2009.04.18 20:26:19 | 000,015,360 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.04.2013 16:25:29 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 60,27% Memory free
4,23 Gb Paging File | 3,25 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,51 Gb Total Space | 28,06 Gb Free Space | 27,37% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,38 Gb Free Space | 13,78% Space Free | Partition Type: NTFS
Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,47% Space Free | Partition Type: NTFS
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Classes\<extension>]
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{365537D5-C461-46AD-91AF-897CD74EA676}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B47EACD4-623D-4647-993E-AB1FA701240D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe |
"{DE5E1087-5193-4216-ACC7-0525AB5CA25B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08389515-F3A0-4BF1-857A-135A820B3F4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19E288B8-7352-4821-8AEB-9FC03FF92D54}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{2785AEB8-DFB0-4524-B68E-23480B819D5E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3E4A0641-DD67-4340-82F1-B0205382F223}" = protocol=17 | dir=in | app=f:\libneap.dll |
"{4C6FC659-ACD0-4307-8026-0AB179A7DA18}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5550A339-863B-44C5-99C2-8E430F5FF2D9}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{578BC20F-67CE-4331-B376-2716A73C89D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AAF7E0F-2817-4E6D-924F-B9E12896949C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5B49C7-A467-4392-BF2D-A7381D52F5F2}" = protocol=17 | dir=in | app=f:\dwizard300.exe |
"{872A3F6C-F42F-42A6-8F06-970A542D7710}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8DF8919C-7C82-4B68-B2B2-EAFF28112F39}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{904D6CF5-0DB2-4BA0-8E65-57AF59B0FD84}" = protocol=6 | dir=in | app=f:\dwizard300.exe |
"{95293639-9B15-4331-833D-B48EBB6E9104}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{9D55DE73-E554-4402-BBC5-B0EEE78E6CDB}" = protocol=6 | dir=in | app=f:\libneap.dll |
"{A52442A5-8C12-4729-9C2D-70EF6C2222ED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B063581F-E7DC-4807-96A4-00F6C31EF999}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F927BD2C-4D37-4A3D-9BB0-C2DC58AB1453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1430C24-93CF-4182-9252-B333A76F2CDD}" = Garmin Training Center
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Corel Applications" = Corel Applications
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Online Manuals for WinTV (German)" = Online Manuals for WinTV (German)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.03.2013 08:34:11 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.03.2013 08:34:11 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2946750
Error - 31.03.2013 08:34:11 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2946750
Error - 31.03.2013 08:34:15 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.03.2013 08:34:15 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2950931
Error - 31.03.2013 08:34:15 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2950931
Error - 31.03.2013 08:34:17 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 31.03.2013 08:34:17 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2952600
Error - 31.03.2013 08:34:17 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2952600
Error - 01.04.2013 10:15:01 | Computer Name = Snoopy-PC | Source = VSS | ID = 8194
Description =
[ OSession Events ]
Error - 14.10.2012 12:36:05 | Computer Name = Snoopy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.04.2013 08:29:51 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.04.2013 09:29:08 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.04.2013 09:30:21 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 01.04.2013 09:30:21 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.04.2013 09:43:15 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.04.2013 09:44:35 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 01.04.2013 09:44:35 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 01.04.2013 10:21:50 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 01.04.2013 10:23:13 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 01.04.2013 10:23:15 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
01.04.2013, 23:01
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen Von SUPERAntiSpyware und der ZoneAlarm Toolbar kannst du dich ebenfalls trennen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2013, 15:25
| #23 |
| | Trojan.Win32.Hosts2.gen Hallo! So, ich hab die Punkte abgearbeitet: - Die ZoneAlarm Toolbar kann ich mir nicht erklären. Die hatte ich damals nach der Installation sofort deaktiviert und jetzt finde ich weder in der Systemsteuerung noch bei den Add-ons von Firefox Spuren von Zone Alarm!? - Die Scans waren scheinbar ohne Ergebnis. Der ESET-Scan hat aber ewig gedauert. Der Rechner läuft mittlerweile übrigens wieder spürbar etwas schneller. Aber nochmals meine Frage: Lag denn nun eine Infektion vor? Scheinbar haben wir doch nur alle möglichen Tests gemacht, um eine Infektion ausschließen zu können, richtig? Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.02.12 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Snoopy :: SNOOPY-PC [Administrator] 02.04.2013 21:32:53 mbam-log-2013-04-02 (21-32-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 214759 Laufzeit: 5 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=db6e43c1009b2e419b542d53fc7817e0
# engine=13533
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-03 01:45:56
# local_time=2013-04-03 03:45:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1799 16775165 100 97 26934 135624861 16905 0
# compatibility_mode=5892 16776573 100 100 22581 202486284 0 0
# scanned=291138
# found=0
# cleaned=0
# scan_time=21535
|
|
03.04.2013, 19:37
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.04.2013, 14:12
| #25 |
| | Trojan.Win32.Hosts2.gen Das automatische Löschen der Cookies habe ich bei Firefox aktiviert. Eingeloggt habe ich mich sowieso schon immer jedes Mal neu... Kann ich mir dann die anderen Programme oder Programmerweiterungen zum Thema Cookies sparen? Sonst läuft alles bestens. Auch schneller als vor der "Reinigungsaktion". VIELEN DANK!!! |
|
06.04.2013, 17:00
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan.Win32.Hosts2.gen |
| alarm, anti-malware, antivir, avira, blockiert, brauch, comodo, ergebnis, erkennen, folge, funktioniert, hochfahren, infektion, infiziert, lag, malwarebytes, meldung, programme, reagiert, rechner, runter, superantispyware, virus, windows, zone, zone alarm |
WARNUNG an die MITLESER: 
Linear-Darstellung
