Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich

Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich


Log-Analyse und Auswertung: Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.04.2013, 15:38   #1
denkgeräusch
 
Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich - Standard

Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich


Hallo Zusammen,

Nach einiger Recherche und Gesprächen mit Freunden, die leider sehr verschiedene Tipps und Ideen für mich hatten, habe ich beschlossen, mein Problem hier im Forum zu veröffentlichen.

Vor ca vier Wochen habe ich mein System mal wieder neu aufgesetzt, weil meine Systempartition zu klein bemessen war.
Natürlich habe ich im neu aufgesetzten System erstmal Avira Free Antivirus installiert, dann Firefox und was man halt sonst noch so braucht. Danach habe ich für einige Programme die alten AppData ins neue System kopiert, um z.B. bei Firefox das bewährte und gewohnte Profil weiter verwenden zu können.

Daraufhin habe ich dann Stück für Stück meine Dokumente etc. auf die neue Systemplatte kopiert. Auf Partitionierung habe ich verzichtet, nachdem Win7 schon ein paar mal deutlich mehr Speicher gefressen hat, wie ich bei der Partitionierung zunächst angenommen hatte…

Recht bald fiel mir auf, dass bei der Installation von Programmen immer wieder Fehlermeldungen auftraten. (zuletzt bei der NokiaSuite, die ich natürlich direkt vom Hersteller runtergeladen hatte). Im weiteren Verlauf hatte ich, wenn ich mich richtig erinnere, mal einen Bluescreen, bis dann die Fehlermeldung kam, dass meine Festplatte defekt sei und ich sofort ein Backup durchführen soll, um Datenverlust zu vermeiden. Mit Hilfe der Backupfunktion von Windows7 habe ich dann versucht meine Daten auf der Festplatte zu sichern, auf der auch schon die alten Sicherungen meiner Fotos/Videos/Musik/Dokumente liegen. Leider brach das Backup immer wieder ab. Daraufhin habe ich die wichtigen Dateien manuell auf diese Platte kopiert.

Irgendwann wurde ich dann aber doch ein bisschen misstrauisch… Die Festplatte funktionierte ja an sich einwandfrei und es hatte ja auch schon zuvor Probleme mit Installationen gegeben. Also machte ich mich über Google auf die Suche nach möglichen Zusammenhängen mit einem Virus o.ä.. Dabei stieß ich dann auf das Programm Malwarebytes, welches mir folgende Funde brachte:

Log von Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.15.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: **** [administrator]

15.03.2013 15:34:26
mbam-log-2013-03-15 (15-34-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226927
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\***\Local Settings\Temporary Internet Files\Content.IE5\G6PYER3T\WORLD_21_target_5830[1].exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

(end)
Ich stellte die Funde unter Quarantäne und trennte die WLAN Verbindung. Mangels Zeit habe ich mich dann mit dem Thema erstmal nicht mehr beschäftigt und den PC einfach aus gelassen und mit meinem Netbook gearbeitet. Nun brauche ich aber meinen PC doch wieder dringend und wäre daher um Hilfe außerordentlich dankbar!!!


Ich erlaube mir mal, gleich ein paar konkrete Fragen zu stellen:

PUM werden doch idR entweder versehentlich durch den Nutzer oder durch einen Virus/Trojaner etc hervorgerufen. Wie finde ich also diesen Auslöser für die PUM?

Was habe ich konkret zu befürchten? Was macht PUM.Hijack.StartMenu?
Wie kann sich ein Virus ausbreiten? Welche Dateien können welche Dateien wie infizieren? Ist es auszuschließen, dass die vermutlich verseuchten Dateien auf der BackupHDD die noch sauberen alten Backups auch verschmutzt haben? Das wäre ja eine Kathastrophe, da ich dann kein sauberes Backup mehr hätte!!

Ich werde mein System sicherheitshalber auf jeden Fall neu aufsetzen. Die hauptsächliche Frage ist also: Wie vermeide ich es, den Virus oder was auch immer ich mir eingefangen habe auf das neue System mitzunehmen?

Hier die restlichen Logs:

Code:
ATTFilter
OTL logfile created on: 06.04.2013 19:09:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = L:\
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,10% Memory free
7,99 Gb Paging File | 6,78 Gb Available in Paging File | 84,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 775,38 Gb Free Space | 83,25% Space Free | Partition Type: NTFS
Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 7,62 Gb Total Space | 7,54 Gb Free Space | 98,99% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.05 15:06:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- L:\OTL.exe
PRC - [2013.03.04 18:21:34 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.02.27 13:19:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.27 13:18:57 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.27 13:18:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012.06.07 10:17:26 | 001,987,520 | ---- | M] (PANTERASoft) -- C:\Program Files (x86)\HDD Health\hddhealth.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.13 01:37:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 14:12:02 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.27 13:19:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.27 13:18:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012.06.07 10:17:28 | 000,072,640 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe -- (HDDHealth)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.04 18:41:58 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.02.27 13:19:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.27 13:19:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.27 13:19:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 3D BA 98 1F 20 CE 01  [binary data]
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?sk=bd"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B152455DE-7B40-4bcf-B5B4-C68A1BE85A91%7D:2.7
FF - prefs.js..extensions.enabledAddons: %7B4568ed01-8341-4961-b3d5-98ab068ce4c0%7D:1.0.1.6
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.1.0
FF - prefs.js..extensions.enabledAddons: %7Bd91a2be6-3b56-4dfb-97f5-5e48fe3ed473%7D:1.0
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5
FF - prefs.js..extensions.enabledAddons: addon%40snip-me.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {4568ed01-8341-4961-b3d5-98ab068ce4c0}:1.0.1.6
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {336f36f7-72b2-4314-984a-ae7cac4b7328}:0.9
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "83.137.26.25"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "83.137.26.25"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "83.137.26.25"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "83.137.26.25"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "83.137.26.25"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M]
 
[2013.02.27 13:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2013.03.08 13:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C}
[2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2013.02.27 13:15:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.27 18:38:49 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2013.02.27 13:15:29 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013.02.27 13:15:23 | 000,000,000 | ---D | M] ("Astroburn Toolbar") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\AstroToolbar@toolbarnet.com
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\de_DE@dicts.j3e.de
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\maps@ovi.com
[2013.02.27 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\nostmp
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2011.11.23 21:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\de_DE@dicts.j3e.de
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\maps@ovi.com
[2013.02.27 13:15:35 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\personas@christopher.beard
[2013.03.08 13:00:34 | 000,014,855 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\addon@snip-me.de.xpi
[2012.09.29 16:35:08 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\amznUWL2@amazon.com.xpi
[2013.02.27 13:34:36 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\firebug@software.joehewitt.com.xpi
[2013.03.06 19:32:28 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\personas@christopher.beard.xpi
[2011.08.15 13:10:19 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\tineye@ideeinc.com.xpi
[2013.02.27 18:12:25 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2013.03.04 10:45:11 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.12.30 14:44:40 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012.09.07 11:31:59 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013.02.18 01:16:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.11.09 16:29:30 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.03.08 14:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.08 14:12:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000..\Run: [hddhealth] C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9FD9D6-7659-4DE0-B48B-723F23AA1821}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.01.14 16:18:53 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2002.09.10 01:01:35 | 000,151,552 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.08.29 03:14:48 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f698b4c9-7f6a-11e2-a16b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f698b4c9-7f6a-11e2-a16b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2002.09.10 01:01:35 | 000,151,552 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.15 16:33:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.15 16:33:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.15 16:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.15 16:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2013.03.15 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2013.03.15 16:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.03.15 16:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health
[2013.03.15 16:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Health
[2013.03.13 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2013.03.13 21:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.03.11 22:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Template Labeler
[2013.03.11 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Diagnostic Utility
[2013.03.11 21:31:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013.03.11 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013.03.11 21:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.03.11 12:26:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nero
[2013.03.11 12:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.03.11 11:46:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2013.03.10 16:39:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.03.10 15:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2013.03.09 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.03.09 15:04:01 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.03.09 15:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.03.09 14:59:46 | 000,000,000 | ---D | C] -- C:\Users\***\OpenOffice.org 3.4.1 (de) Installation Files
[2013.03.08 14:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.06 19:08:06 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.06 19:04:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.06 19:04:51 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.06 19:04:51 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.06 18:57:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 18:57:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 18:50:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.06 18:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.06 18:49:54 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.03 22:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.03 22:26:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.15 16:22:14 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2013.03.15 16:14:22 | 000,001,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2013.03.14 13:33:35 | 392,124,162 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.13 20:57:30 | 001,298,285 | ---- | M] () -- C:\Users\***\Documents\side by side.jpg
[2013.03.13 20:56:51 | 000,000,770 | ---- | M] () -- C:\Users\***\Documents\nokia side by side backup.reg
[2013.03.13 16:00:18 | 000,023,789 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.03.13 15:33:06 | 016,318,104 | ---- | M] () -- C:\Users\***\Documents\landscape.xcf
[2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamShapes.ini
[2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamLayout.ini
[2013.03.12 16:05:38 | 000,000,100 | ---- | M] () -- C:\Users\***\AppData\Roaming\Camdata.ini
[2013.03.12 15:43:16 | 000,004,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg
[2013.03.11 22:07:13 | 000,651,108 | ---- | M] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg
[2013.03.10 14:48:36 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2013.03.09 17:08:58 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.09 15:35:51 | 000,001,235 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.06 19:08:06 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.03.15 16:22:14 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2013.03.15 16:14:22 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2013.03.13 21:10:32 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.03.13 20:57:30 | 001,298,285 | ---- | C] () -- C:\Users\***\Documents\side by side.jpg
[2013.03.13 20:56:51 | 000,000,770 | ---- | C] () -- C:\Users\***\Documents\nokia side by side backup.reg
[2013.03.13 16:00:18 | 000,023,789 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.03.13 15:33:06 | 016,318,104 | ---- | C] () -- C:\Users\***\Documents\landscape.xcf
[2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini
[2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini
[2013.03.12 13:52:57 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini
[2013.03.12 13:52:30 | 000,004,416 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg
[2013.03.11 22:07:13 | 000,651,108 | ---- | C] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg
[2013.03.10 14:48:36 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp
[2013.03.09 15:35:51 | 000,001,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.03.01 13:38:10 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.03.01 13:29:36 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2013.02.27 19:24:20 | 000,348,160 | ---- | C] () -- C:\Windows\Adac-Luftrettung 3D Uninstall.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.06 18:50:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.03.07 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2013.03.07 18:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2013.03.09 15:35:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.03.13 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.11 12:14:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
 
========== Purity Check ==========
 
 

< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 06.04.2013 19:09:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = L:\
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,10% Memory free
7,99 Gb Paging File | 6,78 Gb Available in Paging File | 84,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 775,38 Gb Free Space | 83,25% Space Free | Partition Type: NTFS
Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 7,62 Gb Total Space | 7,54 Gb Free Space | 98,99% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8FDDCC-8E15-4ABF-A2C6-18A19C801F8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2DB14E80-315E-4D1D-B8E3-81FA07B29A68}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E67C0D2-B262-429E-97D8-91FC66593C86}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5DCBE1A2-D0CA-41EA-8D62-BF762EFC6D2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5FC01A0F-F696-4094-A5F4-77B1A80CF75D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{720AEE72-DB24-4C17-8FA3-F98AEE95F823}" = lport=445 | protocol=6 | dir=in | app=system | 
"{883FBF84-144F-4026-A64D-8541BE1CF984}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8D16048C-3032-4D8B-9A32-0ECB0B3F29BA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{96D9EED2-E708-45A9-9C2F-E9226F238381}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B44D856F-4B7B-4516-9FAE-9DD906F8B191}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D8275260-EF70-4D69-A5C4-40347FDE2266}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5C0794D-C95C-4177-B843-DFE7A93490F3}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39EBF40A-537F-45E1-B1B0-CF783F5E0692}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{46A86B38-3E0F-42BB-B231-7DC577D77D54}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{64D7695B-2689-4FFA-933B-201A9C12FBA1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6B8EF90E-85DA-4D16-9ED6-1744B995C3EE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8B30128F-53B8-486E-8550-22388B2FBC30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A332CBCA-F3C5-426D-9BBD-5047D9AEF69D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B78461B1-860F-48FA-808E-CDC61508AB2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D3CC93B3-A64F-4DFD-89C8-C36E6E5A3779}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{12F74896-A54E-43F4-8636-9A6E3FABF26A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{B20DDDBF-3122-47B6-843C-B89D56988B2D}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{2973634A-BBBB-4AE0-97EB-F0E9888F81A0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{8C9BA50D-3063-4A05-9DDE-A6E34DC4DF50}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{35F59E66-CAA0-4585-8DC4-037A04717FCF}" = Nero CoverDesigner
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4E52D627-F326-40DB-A74F-8C91BA6D88C6}" = Nero CoverDesigner
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54
"{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C7C04AB-4B97-49DB-88A0-454795349008}" = Nero CoverDesigner Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{DB680033-BB0B-4EE5-B625-B4F6B130617A}" = LightScribe Diagnostic Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ADACLuftrettung3D" = ADAC Luftrettung 3D
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"HDD Health_is1" = HDD Health v4.2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.14.1738" = Opera 12.14
"TreeSize Free_is1" = TreeSize Free V2.7
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinMerge_is1" = WinMerge 2.14.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2013 15:44:17 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: Nokia_Suite_webinstaller_ALL (1).exe, version:
 3.7.22.0, time stamp: 0x50642f2d  Faulting module name: Nokia_Suite_webinstaller_ALL
 (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d  Exception code: 0xc0000005  Fault
 offset: 0x011ead7c  Faulting process id: 0xec8  Faulting application start time: 0x01ce202325a37391
Faulting
 application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe  Faulting
 module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe  Report 
Id: 63ff3a31-8c16-11e2-8f62-0021856a07e2
 
Error - 13.03.2013 15:49:28 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: Nokia_Suite_webinstaller_ALL.exe, version:
 3.7.22.0, time stamp: 0x50642f2d  Faulting module name: Nokia_Suite_webinstaller_ALL.exe,
 version: 3.7.22.0, time stamp: 0x50642f2d  Exception code: 0xc0000005  Fault offset:
 0x011ead7c  Faulting process id: 0x1398  Faulting application start time: 0x01ce2023de99e7ad
Faulting
 application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL.exe  Faulting
 module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL.exe  Report Id: 
1cf53ada-8c17-11e2-8f62-0021856a07e2
 
Error - 13.03.2013 15:49:36 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: Nokia_Suite_webinstaller_ALL (1).exe, version:
 3.7.22.0, time stamp: 0x50642f2d  Faulting module name: Nokia_Suite_webinstaller_ALL
 (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d  Exception code: 0xc0000005  Fault
 offset: 0x011ead7c  Faulting process id: 0x74c  Faulting application start time: 0x01ce2023e4313426
Faulting
 application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe  Faulting
 module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe  Report 
Id: 21ff39dc-8c17-11e2-8f62-0021856a07e2
 
Error - 14.03.2013 12:11:54 | Computer Name = *** | Source = Microsoft-Windows-Backup | ID = 517
Description = The backup operation that started at '2013-03-14T14:41:42.473168900Z'
 has failed with following error code '2155348000' (%%2155348000). Please review
 the event details for a solution, and then rerun the backup operation once the 
issue is resolved.
 
Error - 14.03.2013 12:11:55 | Computer Name = *** | Source = Windows Backup | ID = 4104
Description = 
 
Error - 15.03.2013 10:07:32 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385,
 time stamp: 0x4a5bc3c1  Faulting module name: mpengine.dll, version: 1.1.9203.0, 
time stamp: 0x51144572  Exception code: 0xc0000006  Fault offset: 0x000000000023e0d5
Faulting
 process id: 0xcb4  Faulting application start time: 0x01ce2185d9e0fd9d  Faulting application
 path: C:\Windows\System32\svchost.exe  Faulting module path: C:\ProgramData\Microsoft\Windows
 Defender\Definition Updates\{D03A10C2-3FC5-4F8C-B34C-FDDFD4D19646}\mpengine.dll
Report
 Id: ad4655f9-8d79-11e2-a504-0021856a07e2
 
Error - 15.03.2013 10:07:32 | Computer Name = *** | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-61C7BA79A3BCE214C40DDA935D501D44FC1C9BBC.bin.VE0
 for one of the following reasons:  there is a problem with the network connection,
 the disk that the file is stored on, or the storage  drivers installed on this computer;
 or the disk is missing.  Windows closed the program Host Process for Windows Services
 because of this error.    Program: Host Process for Windows Services  File: C:\ProgramData\Microsoft\Windows
 Defender\Scans\mpcache-61C7BA79A3BCE214C40DDA935D501D44FC1C9BBC.bin.VE0    The error
 value is listed in the Additional Data section.  User Action  1. Open the file again.
This
 situation might be a temporary problem that corrects itself when the program runs
 again.  2.  If the file still cannot be accessed and   - It is on the network,  your network
 administrator should verify that there is not a problem with the network and that
 the server can be contacted.   - It is on a removable disk, for example, a floppy 
disk or CD-ROM, verify that the disk is fully inserted into the computer.  3. Check
 and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
 Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
 press ENTER.  4. If the problem persists, restore the file from a backup copy.  5. 
Determine whether other files on the same disk can be opened. If not, the disk might
 be damaged. If it is a hard disk, contact your administrator or computer hardware
 vendor for  further assistance.    Additional Data  Error value: C0000185  Disk type: 3
 
Error - 15.03.2013 10:22:46 | Computer Name = *** | Source = VSS | ID = 12305
Description = 
 
Error - 15.03.2013 10:22:47 | Computer Name = *** | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
 Datei  C:\Program Files (x86)\Seagate\SeaTools for Windows\SeaTools for Windows.en-US.pdf.

 [IN_PAGE_ERROR Exception!! EIP = 0x6495f4]   Bitte Avira informieren und die obige
 Datei übersenden!
 
Error - 03.04.2013 10:20:59 | Computer Name = *** | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 16:55:27 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly. 
 It has done this 1 time(s).
 
Error - 03.04.2013 16:56:14 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly. 
 It has done this 1 time(s).
 
Error - 06.04.2013 12:50:18 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HDDHealth
 service to connect.
 
 
< End of report >
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-06 20:03:02
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SI rev.1AG01118 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000074e31465 2 bytes [E3, 74]
.text   C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000074e314bb 2 bytes [E3, 74]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074e31465 2 bytes [E3, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074e314bb 2 bytes [E3, 74]
.text   ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [2500:1448]                                                                                              000007fef1789688

---- EOF - GMER 2.1 ----
Vielen Dank schonmal im Voraus!

Grüße
Denkgeräusch

 

Themen zu Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich
0xc0000006, acrobat update, adblock, adobe reader xi, antivirus, autorun, avira, bluescreen, canon, desktop, dringend, error, failed, festplatte, festplatte angeblich defekt, firefox, flash player, frage, google, hängen, installation, installationsprobleme, logfile, mozilla, nicht möglich, problem, pum.hijack.startmenu, registry, security, software, super, svchost.exe, system, windows


« UKASH-Trojaner | W7Pro |Systemwiederherstellung nicht möglich | Abgesicherter Modus -> Herunterfahren | Möglicher Keylogger & 10.000 Malware-Meldungen bei Spybot2 »


Ähnliche Themen: Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich


  1. Dubiose Probleme: LAN/WLAN und Firewall, installieren neuer Programme nicht möglich
    Log-Analyse und Auswertung - 09.09.2015 (6)
  2. Laptop läd Programme sehr langsam, Programme-Fehlermeldung (keine Rückmeldung) & im Chrome Seiten laden nicht
    Plagegeister aller Art und deren Bekämpfung - 06.10.2014 (5)
  3. PUM.Hijack.StartMenu bei RoutineScan gefunden
    Log-Analyse und Auswertung - 26.04.2014 (11)
  4. fehlermeldung in windows 8.2 beim installieren neuer programme
    Alles rund um Windows - 16.04.2014 (2)
  5. Problem -> PUM.Hijack.StartMenu
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (14)
  6. Pum Hijack im Startmenu
    Plagegeister aller Art und deren Bekämpfung - 18.02.2013 (19)
  7. PUM.Hijack.StartMenu die Zweite
    Log-Analyse und Auswertung - 30.08.2012 (39)
  8. PUM.Hijack.StartMenu
    Log-Analyse und Auswertung - 19.07.2012 (43)
  9. PUM.Hijack.StartMenu; schon wieder!
    Log-Analyse und Auswertung - 19.06.2012 (4)
  10. MBAM findet PUM.Hijack.StartMenu
    Log-Analyse und Auswertung - 25.05.2012 (3)
  11. MBAM hat 3x PUM.Hijack.Startmenu/Help bei XP mit SP3 gefunden!
    Log-Analyse und Auswertung - 17.11.2011 (6)
  12. pum.hijack.startmenu auf XP SP3 eingefangen, wie lösbar?
    Log-Analyse und Auswertung - 02.09.2011 (33)
  13. Fehlermeldung: Festplatte defekt und danach schwarzer Desktop ohne Icons
    Log-Analyse und Auswertung - 17.06.2011 (11)
  14. Fehlermeldung "Festplatte defekt", "Probleme mit IDE / SATA- Festplatten", Dateien weg
    Log-Analyse und Auswertung - 28.05.2011 (1)
  15. Heuristics.Shuriken & PUM.Hijack.StartMenu
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (2)
  16. PUM.Hijack.Startmenu was das?
    Log-Analyse und Auswertung - 24.01.2011 (14)
  17. PC langsam , Programme lassen sich meist nicht starten
    Log-Analyse und Auswertung - 17.11.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich - Hallo Zusammen, Nach einiger Recherche und Gesprächen mit Freunden, die leider sehr verschiedene Tipps und Ideen für mich hatten, habe ich beschlossen, mein Problem hier im Forum zu veröffentlichen. Vor - Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich...
Archiv
Du betrachtest: Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131