![]() |
|
Log-Analyse und Auswertung: Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich Hallo Zusammen, Nach einiger Recherche und Gesprächen mit Freunden, die leider sehr verschiedene Tipps und Ideen für mich hatten, habe ich beschlossen, mein Problem hier im Forum zu veröffentlichen. Vor ca vier Wochen habe ich mein System mal wieder neu aufgesetzt, weil meine Systempartition zu klein bemessen war. Natürlich habe ich im neu aufgesetzten System erstmal Avira Free Antivirus installiert, dann Firefox und was man halt sonst noch so braucht. Danach habe ich für einige Programme die alten AppData ins neue System kopiert, um z.B. bei Firefox das bewährte und gewohnte Profil weiter verwenden zu können. Daraufhin habe ich dann Stück für Stück meine Dokumente etc. auf die neue Systemplatte kopiert. Auf Partitionierung habe ich verzichtet, nachdem Win7 schon ein paar mal deutlich mehr Speicher gefressen hat, wie ich bei der Partitionierung zunächst angenommen hatte… Recht bald fiel mir auf, dass bei der Installation von Programmen immer wieder Fehlermeldungen auftraten. (zuletzt bei der NokiaSuite, die ich natürlich direkt vom Hersteller runtergeladen hatte). Im weiteren Verlauf hatte ich, wenn ich mich richtig erinnere, mal einen Bluescreen, bis dann die Fehlermeldung kam, dass meine Festplatte defekt sei und ich sofort ein Backup durchführen soll, um Datenverlust zu vermeiden. Mit Hilfe der Backupfunktion von Windows7 habe ich dann versucht meine Daten auf der Festplatte zu sichern, auf der auch schon die alten Sicherungen meiner Fotos/Videos/Musik/Dokumente liegen. Leider brach das Backup immer wieder ab. Daraufhin habe ich die wichtigen Dateien manuell auf diese Platte kopiert. Irgendwann wurde ich dann aber doch ein bisschen misstrauisch… Die Festplatte funktionierte ja an sich einwandfrei und es hatte ja auch schon zuvor Probleme mit Installationen gegeben. Also machte ich mich über Google auf die Suche nach möglichen Zusammenhängen mit einem Virus o.ä.. Dabei stieß ich dann auf das Programm Malwarebytes, welches mir folgende Funde brachte: Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.15.06 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: **** [administrator] 15.03.2013 15:34:26 mbam-log-2013-03-15 (15-34-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 226927 Time elapsed: 2 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\***\Local Settings\Temporary Internet Files\Content.IE5\G6PYER3T\WORLD_21_target_5830[1].exe (PUP.Adware.Agent) -> Quarantined and deleted successfully. (end) Ich erlaube mir mal, gleich ein paar konkrete Fragen zu stellen: PUM werden doch idR entweder versehentlich durch den Nutzer oder durch einen Virus/Trojaner etc hervorgerufen. Wie finde ich also diesen Auslöser für die PUM? Was habe ich konkret zu befürchten? Was macht PUM.Hijack.StartMenu? Wie kann sich ein Virus ausbreiten? Welche Dateien können welche Dateien wie infizieren? Ist es auszuschließen, dass die vermutlich verseuchten Dateien auf der BackupHDD die noch sauberen alten Backups auch verschmutzt haben? Das wäre ja eine Kathastrophe, da ich dann kein sauberes Backup mehr hätte!! Ich werde mein System sicherheitshalber auf jeden Fall neu aufsetzen. Die hauptsächliche Frage ist also: Wie vermeide ich es, den Virus oder was auch immer ich mir eingefangen habe auf das neue System mitzunehmen? Hier die restlichen Logs: Code:
ATTFilter OTL logfile created on: 06.04.2013 19:09:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = L:\ 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,10% Memory free 7,99 Gb Paging File | 6,78 Gb Available in Paging File | 84,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 775,38 Gb Free Space | 83,25% Space Free | Partition Type: NTFS Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 7,62 Gb Total Space | 7,54 Gb Free Space | 98,99% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.05 15:06:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- L:\OTL.exe PRC - [2013.03.04 18:21:34 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.02.27 13:19:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.27 13:18:57 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.27 13:18:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.06.07 10:17:26 | 001,987,520 | ---- | M] (PANTERASoft) -- C:\Program Files (x86)\HDD Health\hddhealth.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.13 01:37:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 14:12:02 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.27 13:19:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.27 13:18:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.06.07 10:17:28 | 000,072,640 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe -- (HDDHealth) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.04 18:41:58 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2013.02.27 13:19:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.27 13:19:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.02.27 13:19:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 3D BA 98 1F 20 CE 01 [binary data] IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?sk=bd" FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: %7B152455DE-7B40-4bcf-B5B4-C68A1BE85A91%7D:2.7 FF - prefs.js..extensions.enabledAddons: %7B4568ed01-8341-4961-b3d5-98ab068ce4c0%7D:1.0.1.6 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.1.0 FF - prefs.js..extensions.enabledAddons: %7Bd91a2be6-3b56-4dfb-97f5-5e48fe3ed473%7D:1.0 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5 FF - prefs.js..extensions.enabledAddons: addon%40snip-me.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5 FF - prefs.js..extensions.enabledItems: {4568ed01-8341-4961-b3d5-98ab068ce4c0}:1.0.1.6 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6.9 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {336f36f7-72b2-4314-984a-ae7cac4b7328}:0.9 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8 FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12 FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3 FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "83.137.26.25" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "83.137.26.25" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "83.137.26.25" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "83.137.26.25" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "83.137.26.25" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M] [2013.02.27 13:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2013.03.08 13:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0} [2013.02.27 13:15:26 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C} [2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2013.02.27 13:15:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.02.27 18:38:49 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2013.02.27 13:15:29 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013.02.27 13:15:23 | 000,000,000 | ---D | M] ("Astroburn Toolbar") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\AstroToolbar@toolbarnet.com [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\de_DE@dicts.j3e.de [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\en-GB@dictionaries.addons.mozilla.org [2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\maps@ovi.com [2013.02.27 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\nostmp [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C} [2013.02.27 13:15:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{de1b245c-de57-11da-ba2d-0050c2490048} [2011.11.23 21:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97} [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\de_DE@dicts.j3e.de [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\de-DE@dictionaries.addons.mozilla.org [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\en-GB@dictionaries.addons.mozilla.org [2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\maps@ovi.com [2013.02.27 13:15:35 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\personas@christopher.beard [2013.03.08 13:00:34 | 000,014,855 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\addon@snip-me.de.xpi [2012.09.29 16:35:08 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\amznUWL2@amazon.com.xpi [2013.02.27 13:34:36 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\firebug@software.joehewitt.com.xpi [2013.03.06 19:32:28 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\personas@christopher.beard.xpi [2011.08.15 13:10:19 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\tineye@ideeinc.com.xpi [2013.02.27 18:12:25 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2013.03.04 10:45:11 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.12.30 14:44:40 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2012.09.07 11:31:59 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013.02.18 01:16:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.11.09 16:29:30 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.03.08 14:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.03.08 14:12:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000..\Run: [hddhealth] C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft) O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9FD9D6-7659-4DE0-B48B-723F23AA1821}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.01.14 16:18:53 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2002.09.10 01:01:35 | 000,151,552 | R--- | M] () - D:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002.08.29 03:14:48 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{f698b4c9-7f6a-11e2-a16b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f698b4c9-7f6a-11e2-a16b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2002.09.10 01:01:35 | 000,151,552 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.15 16:33:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.15 16:33:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.15 16:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.15 16:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate [2013.03.15 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate [2013.03.15 16:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.03.15 16:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health [2013.03.15 16:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Health [2013.03.13 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera [2013.03.13 21:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2013.03.11 22:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Template Labeler [2013.03.11 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Diagnostic Utility [2013.03.11 21:31:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2013.03.11 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2013.03.11 21:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2013.03.11 12:26:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nero [2013.03.11 12:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2013.03.11 11:46:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrueCrypt [2013.03.10 16:39:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.10 15:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2013.03.09 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.03.09 15:04:01 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.03.09 15:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.03.09 14:59:46 | 000,000,000 | ---D | C] -- C:\Users\***\OpenOffice.org 3.4.1 (de) Installation Files [2013.03.08 14:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.04.06 19:08:06 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.06 19:04:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.06 19:04:51 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.06 19:04:51 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.06 18:57:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 18:57:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.06 18:50:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.06 18:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.06 18:49:54 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys [2013.04.03 22:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.03 22:26:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.15 16:22:14 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk [2013.03.15 16:14:22 | 000,001,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2013.03.14 13:33:35 | 392,124,162 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.13 20:57:30 | 001,298,285 | ---- | M] () -- C:\Users\***\Documents\side by side.jpg [2013.03.13 20:56:51 | 000,000,770 | ---- | M] () -- C:\Users\***\Documents\nokia side by side backup.reg [2013.03.13 16:00:18 | 000,023,789 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.13 15:33:06 | 016,318,104 | ---- | M] () -- C:\Users\***\Documents\landscape.xcf [2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamShapes.ini [2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamLayout.ini [2013.03.12 16:05:38 | 000,000,100 | ---- | M] () -- C:\Users\***\AppData\Roaming\Camdata.ini [2013.03.12 15:43:16 | 000,004,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg [2013.03.11 22:07:13 | 000,651,108 | ---- | M] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg [2013.03.10 14:48:36 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2013.03.09 17:08:58 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.09 15:35:51 | 000,001,235 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ========== Files Created - No Company Name ========== [2013.04.06 19:08:06 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.03.15 16:22:14 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk [2013.03.15 16:14:22 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk [2013.03.13 21:10:32 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2013.03.13 20:57:30 | 001,298,285 | ---- | C] () -- C:\Users\***\Documents\side by side.jpg [2013.03.13 20:56:51 | 000,000,770 | ---- | C] () -- C:\Users\***\Documents\nokia side by side backup.reg [2013.03.13 16:00:18 | 000,023,789 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.03.13 15:33:06 | 016,318,104 | ---- | C] () -- C:\Users\***\Documents\landscape.xcf [2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini [2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini [2013.03.12 13:52:57 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini [2013.03.12 13:52:30 | 000,004,416 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg [2013.03.11 22:07:13 | 000,651,108 | ---- | C] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg [2013.03.10 14:48:36 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2013.03.09 15:35:51 | 000,001,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.03.01 13:38:10 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2013.03.01 13:29:36 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2013.02.27 19:24:20 | 000,348,160 | ---- | C] () -- C:\Windows\Adac-Luftrettung 3D Uninstall.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.06 18:50:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2013.03.07 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2013.03.07 18:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software [2013.03.09 15:35:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.03.13 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2013.03.11 12:14:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.04.2013 19:09:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = L:\ 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,10% Memory free 7,99 Gb Paging File | 6,78 Gb Available in Paging File | 84,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 775,38 Gb Free Space | 83,25% Space Free | Partition Type: NTFS Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 7,62 Gb Total Space | 7,54 Gb Free Space | 98,99% Space Free | Partition Type: NTFS Computer Name: **** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C8FDDCC-8E15-4ABF-A2C6-18A19C801F8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2DB14E80-315E-4D1D-B8E3-81FA07B29A68}" = rport=445 | protocol=6 | dir=out | app=system | "{2E67C0D2-B262-429E-97D8-91FC66593C86}" = rport=139 | protocol=6 | dir=out | app=system | "{5DCBE1A2-D0CA-41EA-8D62-BF762EFC6D2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5FC01A0F-F696-4094-A5F4-77B1A80CF75D}" = lport=138 | protocol=17 | dir=in | app=system | "{720AEE72-DB24-4C17-8FA3-F98AEE95F823}" = lport=445 | protocol=6 | dir=in | app=system | "{883FBF84-144F-4026-A64D-8541BE1CF984}" = rport=138 | protocol=17 | dir=out | app=system | "{8D16048C-3032-4D8B-9A32-0ECB0B3F29BA}" = rport=137 | protocol=17 | dir=out | app=system | "{96D9EED2-E708-45A9-9C2F-E9226F238381}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B44D856F-4B7B-4516-9FAE-9DD906F8B191}" = lport=139 | protocol=6 | dir=in | app=system | "{D8275260-EF70-4D69-A5C4-40347FDE2266}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E5C0794D-C95C-4177-B843-DFE7A93490F3}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{39EBF40A-537F-45E1-B1B0-CF783F5E0692}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{46A86B38-3E0F-42BB-B231-7DC577D77D54}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{64D7695B-2689-4FFA-933B-201A9C12FBA1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{6B8EF90E-85DA-4D16-9ED6-1744B995C3EE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{8B30128F-53B8-486E-8550-22388B2FBC30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A332CBCA-F3C5-426D-9BBD-5047D9AEF69D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{B78461B1-860F-48FA-808E-CDC61508AB2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D3CC93B3-A64F-4DFD-89C8-C36E6E5A3779}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "TCP Query User{12F74896-A54E-43F4-8636-9A6E3FABF26A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{B20DDDBF-3122-47B6-843C-B89D56988B2D}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{2973634A-BBBB-4AE0-97EB-F0E9888F81A0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{8C9BA50D-3063-4A05-9DDE-A6E34DC4DF50}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "GIMP-2_is1" = GIMP 2.8.4 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{35F59E66-CAA0-4585-8DC4-037A04717FCF}" = Nero CoverDesigner "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4E52D627-F326-40DB-A74F-8C91BA6D88C6}" = Nero CoverDesigner "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54 "{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C7C04AB-4B97-49DB-88A0-454795349008}" = Nero CoverDesigner Help (CHM) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{DB680033-BB0B-4EE5-B625-B4F6B130617A}" = LightScribe Diagnostic Utility "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ADACLuftrettung3D" = ADAC Luftrettung 3D "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "HDD Health_is1" = HDD Health v4.2 "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Opera 12.14.1738" = Opera 12.14 "TreeSize Free_is1" = TreeSize Free V2.7 "TrueCrypt" = TrueCrypt "VLC media player" = VLC media player 2.0.5 "Winamp" = Winamp "WinMerge_is1" = WinMerge 2.14.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.03.2013 15:44:17 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Faulting application name: Nokia_Suite_webinstaller_ALL (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d Faulting module name: Nokia_Suite_webinstaller_ALL (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d Exception code: 0xc0000005 Fault offset: 0x011ead7c Faulting process id: 0xec8 Faulting application start time: 0x01ce202325a37391 Faulting application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe Faulting module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe Report Id: 63ff3a31-8c16-11e2-8f62-0021856a07e2 Error - 13.03.2013 15:49:28 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Faulting application name: Nokia_Suite_webinstaller_ALL.exe, version: 3.7.22.0, time stamp: 0x50642f2d Faulting module name: Nokia_Suite_webinstaller_ALL.exe, version: 3.7.22.0, time stamp: 0x50642f2d Exception code: 0xc0000005 Fault offset: 0x011ead7c Faulting process id: 0x1398 Faulting application start time: 0x01ce2023de99e7ad Faulting application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL.exe Faulting module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL.exe Report Id: 1cf53ada-8c17-11e2-8f62-0021856a07e2 Error - 13.03.2013 15:49:36 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Faulting application name: Nokia_Suite_webinstaller_ALL (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d Faulting module name: Nokia_Suite_webinstaller_ALL (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d Exception code: 0xc0000005 Fault offset: 0x011ead7c Faulting process id: 0x74c Faulting application start time: 0x01ce2023e4313426 Faulting application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe Faulting module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe Report Id: 21ff39dc-8c17-11e2-8f62-0021856a07e2 Error - 14.03.2013 12:11:54 | Computer Name = *** | Source = Microsoft-Windows-Backup | ID = 517 Description = The backup operation that started at '2013-03-14T14:41:42.473168900Z' has failed with following error code '2155348000' (%%2155348000). Please review the event details for a solution, and then rerun the backup operation once the issue is resolved. Error - 14.03.2013 12:11:55 | Computer Name = *** | Source = Windows Backup | ID = 4104 Description = Error - 15.03.2013 10:07:32 | Computer Name = *** | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: mpengine.dll, version: 1.1.9203.0, time stamp: 0x51144572 Exception code: 0xc0000006 Fault offset: 0x000000000023e0d5 Faulting process id: 0xcb4 Faulting application start time: 0x01ce2185d9e0fd9d Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D03A10C2-3FC5-4F8C-B34C-FDDFD4D19646}\mpengine.dll Report Id: ad4655f9-8d79-11e2-a504-0021856a07e2 Error - 15.03.2013 10:07:32 | Computer Name = *** | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-61C7BA79A3BCE214C40DDA935D501D44FC1C9BBC.bin.VE0 for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-61C7BA79A3BCE214C40DDA935D501D44FC1C9BBC.bin.VE0 The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 15.03.2013 10:22:46 | Computer Name = *** | Source = VSS | ID = 12305 Description = Error - 15.03.2013 10:22:47 | Computer Name = *** | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die Datei C:\Program Files (x86)\Seagate\SeaTools for Windows\SeaTools for Windows.en-US.pdf. [IN_PAGE_ERROR Exception!! EIP = 0x6495f4] Bitte Avira informieren und die obige Datei übersenden! Error - 03.04.2013 10:20:59 | Computer Name = *** | Source = Windows Backup | ID = 4103 Description = [ System Events ] Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort0. Error - 03.04.2013 16:55:27 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s). Error - 03.04.2013 16:56:14 | Computer Name = *** | Source = Service Control Manager | ID = 7034 Description = The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error - 06.04.2013 12:50:18 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the HDDHealth service to connect. < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-04-06 20:03:02 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SI rev.1AG01118 931,51GB Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldypow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e31465 2 bytes [E3, 74] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e314bb 2 bytes [E3, 74] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074e31465 2 bytes [E3, 74] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074e314bb 2 bytes [E3, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [2500:1448] 000007fef1789688 ---- EOF - GMER 2.1 ---- Grüße Denkgeräusch ![]() |
Themen zu Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich |
0xc0000006, acrobat update, adblock, adobe reader xi, antivirus, autorun, avira, bluescreen, canon, desktop, dringend, error, failed, festplatte, festplatte angeblich defekt, firefox, flash player, frage, google, hängen, installation, installationsprobleme, logfile, mozilla, nicht möglich, problem, pum.hijack.startmenu, registry, security, software, super, svchost.exe, system, windows |