| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTubeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.04.2013, 15:57
| #1 |
 |  Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Hallo allerseits, das Acer one Netbook mit Windows 7 Starter meiner Freundin verhält sich bei Adresseingaben im Browser (IE & FF) schon länger seltsam und öffnet selbständigt nevige "dubiose" Werbung. Ich hatte da schonmal mit dem CC cleaner (ohne Erfolg) gearbeitet und das Problem als "ärgerlich aber Trivial" abgetan. [Ja, war mein Fehler] Seit einem Neustart heute morgen und der Meldung das Windows Updates (IE 10) Installiert werden ist das Benutzerkonto in Windows "frisch". Die gespeicherten Dokumente sind leer, diese evtl. noch retten ist mein Ziel. Sind div. Dateien aus dem Studium drauf, Backups existieren natürlich nicht Genutzt wird die kostenlose Variante Avira anti Vir, es wurde seit ca. 1 Woche keine Updates durchgeführt. Bei einem vollen Virenscann nach Aktualisierung meldert Avira das "versteckte Datein gefunden wurden" ohne nährere Angaben. MBAM Log [Spoiler] funktionieren Bei meinem Post nicht, wie ist denn der TAG ? [/Spoiler] Tja nun ist für mich die Frage ob der gefundene PUP.LoadTunes etwas mit dem neuen Benutzerkonto zu tun hat. Evtl. Wurde darüber nun ein Rootkit eingepflanzt, allerdings bin ich da kein Spezialist. Drum frag ich ja auch hier nach Hilfe  Besteht evtl die Möglichkeit via Alternativen Booten von einer RettungsCD oder Stick da auf die Orginal Struiktur zuzugreifen und zu schauen ob evtl noch die Datein vom Studium gesichert werden können ? Vielen Dank für euere Hilfe schonmal an dieser stellen im Vorraus. Gruß Jan P.S: Wie ist denn hier der TAG für den Spoiler ? habs wg. der Übersicht als Datein angehängt. Geändert von Ratanna (07.04.2013 um 16:06 Uhr) Grund: Keine Spoiler Tags |
|
08.04.2013, 12:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Hallo und
__________________ Es gibt hier keine SPOILER-Tags verwende bitte CODE-Tags Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
08.04.2013, 22:03
| #3 |
| | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Jup also Malwarebytes hat bisher als einziges Programm was gefunden.
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.07.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16521 Max Mustermann :: MaxMustermann-PC [Administrator] 07.04.2013 15:16:14 MBAM-log-2013-04-07 (15-30-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230070 Laufzeit: 7 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Max Mustermann\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Keine Aktion durchgeführt. Infizierte Dateien: 17 C:\Users\Max Mustermann\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. C:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Keine Aktion durchgeführt. (Ende) Ich hab noch die OLT: Code:
ATTFilter OTL logfile created on: 07.04.2013 15:47:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 766,30 Mb Total Physical Memory | 297,34 Mb Available Physical Memory | 38,80% Memory free 1,75 Gb Paging File | 0,90 Gb Available in Paging File | 51,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 219,79 Gb Total Space | 159,42 Gb Free Space | 72,54% Space Free | Partition Type: NTFS Drive D: | 3,61 Gb Total Space | 3,60 Gb Free Space | 99,98% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.07 15:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2013.04.02 20:42:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.02 20:41:45 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.04.02 20:41:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.02 20:41:40 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.07.23 15:42:15 | 000,871,536 | ---- | M] (BitLeader) -- C:\Programme\lg_fwupdate\fwupdate.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.05.25 19:36:33 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.04.23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2010.04.01 09:26:44 | 000,027,224 | ---- | M] (Atheros Communications) -- C:\Programme\Bluetooth Suite\AdminService.exe PRC - [2010.03.17 16:17:26 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.03.17 16:16:56 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.03.03 15:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe PRC - [2010.03.03 15:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe PRC - [2009.12.15 14:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.13 05:48:50 | 000,716,800 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\iked.exe PRC - [2009.07.11 23:29:50 | 000,049,152 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe PRC - [2009.07.11 23:29:48 | 000,536,576 | ---- | M] () -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe PRC - [2005.08.11 15:52:12 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\OmniPage15.0\OpWare15.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 16:24:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013.02.14 16:22:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 16:51:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 16:50:57 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 16:50:19 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll MOD - [2013.01.10 16:50:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 16:50:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 16:49:52 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.05.25 19:36:33 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2010.05.25 19:28:16 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3728.37183__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.05.25 19:28:16 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3728.37148__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2010.05.25 19:28:16 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3728.37040__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.05.25 19:28:16 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3728.37065__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.05.25 19:28:16 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3728.37125__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.05.25 19:28:16 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3728.37103__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.05.25 19:28:16 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3728.37091__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.05.25 19:28:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3728.37058__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.05.25 19:28:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3728.37052__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.05.25 19:28:15 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3728.37109__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:15 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3728.37147__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:15 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3728.37109__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.05.25 19:28:15 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3728.37051__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:15 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3728.37149__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:15 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3728.37108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.05.25 19:28:15 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3728.37146__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010.05.25 19:28:15 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3728.37183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.05.25 19:28:14 | 001,294,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3728.37179__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:14 | 000,827,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3728.37094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:14 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3728.37066__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:14 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3728.37118__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.05.25 19:28:14 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3728.37093__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:14 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3728.37087__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:14 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3728.37102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:14 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3728.37071__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010.05.25 19:28:14 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:14 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3728.37066__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:14 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3728.37093__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.05.25 19:28:14 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3728.37100__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.05.25 19:28:14 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3728.37092__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.05.25 19:28:14 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3728.37093__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.05.25 19:28:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3728.37099__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.05.25 19:28:14 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3728.37070__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.05.25 19:28:14 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3728.37101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.05.25 19:28:14 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3728.37034__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.05.25 19:28:14 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3728.37029__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.05.25 19:28:14 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3728.37146__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.05.25 19:28:14 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3728.37034__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.05.25 19:28:14 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3728.37155__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.05.25 19:28:14 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3728.37039__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.05.25 19:28:14 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3728.37034__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.05.25 19:28:13 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3728.37032__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3728.37029__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.05.25 19:28:13 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3728.37125__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3728.37083__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3728.37108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3728.37062__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3728.37092__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3728.37051__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.05.25 19:28:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3728.37147__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3728.37103__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3728.37027__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.05.25 19:28:13 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3728.37051__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3728.37141__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.05.25 19:28:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3728.37119__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3728.37051__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3728.37062__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3728.37030__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.05.25 19:28:13 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3728.37099__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3728.37031__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.05.25 19:28:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3728.37039__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3728.37030__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.05.25 19:28:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.05.25 19:28:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.05.25 19:28:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3728.37058__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.05.25 19:28:13 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3728.37050__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.05.25 19:28:13 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3728.37029__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.05.25 19:28:13 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3728.37148__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.05.25 19:28:13 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3728.37030__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.05.25 19:28:13 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.05.25 19:28:13 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3728.37039__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.05.25 19:28:13 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3728.37032__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.05.25 19:28:13 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3728.37033__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.05.25 19:28:12 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3728.37046__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.05.25 19:28:12 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3728.37057__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.05.25 19:28:12 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3728.37142__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.05.25 19:28:12 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3728.37139__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.05.25 19:28:12 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3728.37037__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.05.25 19:28:12 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3728.37038__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.05.25 19:28:12 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3728.37034__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.05.25 19:28:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3728.37155__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.05.25 19:28:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3728.37033__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.05.25 19:28:12 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3728.37044__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.05.25 19:28:12 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3728.37031__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.05.25 19:28:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3728.37032__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.05.25 19:28:12 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3728.37057__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.05.25 19:28:12 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3728.37044__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.05.25 19:28:12 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3728.37037__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.05.25 19:28:12 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3728.37035__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.05.25 19:28:12 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3728.37035__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2010.05.25 19:28:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3728.37036__90ba9c70f846762e\APM.Server.dll MOD - [2010.05.25 19:28:11 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3728.37035__90ba9c70f846762e\AEM.Server.dll MOD - [2010.05.25 19:28:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.05.25 19:28:11 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3728.37141__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.05.25 19:28:11 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3728.37064__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.03.08 10:57:44 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.12.15 14:49:20 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.12.15 14:46:38 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service) SRV - [2013.04.02 20:42:06 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.02 20:41:41 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.13 21:03:29 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2010.11.23 18:13:50 | 001,483,072 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.11.23 18:11:36 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.04.23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.04.17 07:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.01 09:26:44 | 000,027,224 | ---- | M] (Atheros Communications) [Auto | Running] -- C:\Programme\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2010.03.17 16:16:56 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.03.03 15:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.13 05:48:50 | 000,716,800 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked) SRV - [2009.07.11 23:29:50 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd) SRV - [2009.07.11 23:29:48 | 000,536,576 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd) ========== Driver Services (SafeList) ========== DRV - [2013.04.02 20:42:12 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.02 20:42:12 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.02 20:42:12 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.11 20:02:58 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.10.07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.04.21 09:47:38 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2010.04.07 04:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.03.31 08:49:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2010.03.30 19:15:44 | 000,047,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU) DRV - [2010.03.30 19:11:24 | 000,230,952 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter) DRV - [2010.03.30 19:11:18 | 000,048,168 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV - [2010.03.30 19:11:08 | 000,177,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV - [2010.03.30 19:11:00 | 000,038,440 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort) DRV - [2010.03.30 19:10:44 | 000,141,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP) DRV - [2010.03.30 19:10:30 | 000,257,064 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV - [2010.03.30 19:10:22 | 000,028,200 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS) DRV - [2010.03.17 19:23:40 | 005,341,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2010.03.17 15:21:02 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.01.28 04:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.08.23 11:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2009.05.26 15:32:56 | 000,025,600 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmUStor.sys -- (AmUStor) DRV - [2009.01.16 09:58:30 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt) DRV - [2008.12.11 05:52:02 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\IECleanupTempUserHive\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao521&r=27b51010y206l0403ww75w4611s036 IE - HKU\IECleanupTempUserHive\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\IECleanupTempUserHive\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao521&r=27b51010y206l0403ww75w4611s036 IE - HKU\IECleanupTempUserHive\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\IECleanupTempUserHive\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\IECleanupTempUserHive\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 BB 49 5F 86 33 CE 01 [binary data] IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.02.28 23:16:12 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\IECleanupTempUserHive\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - Reg Error: Value error. File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPage15.0\OpScheduler.exe" File not found O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\IECleanupTempUserHive..\Run: [OpAgent] C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe (ScanSoft, Inc.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\IECleanupTempUserHive..\RunOnce: [Application Restart #0] C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\IECleanupTempUserHive\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66D10CA9-C14D-4F33-9A08-3096D8FAAD75}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A32D6594-C067-4E00-9232-D57F9C30AE59}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA70E1FF-0F80-48DB-91DC-6DE058F900B8}: NameServer = 192.109.135.70 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.07 15:41:13 | 000,000,000 | ---D | C] -- C:\Users\TEMP\Desktop\Neuer Ordner [2013.04.07 14:42:26 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Malwarebytes [2013.04.07 14:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.07 14:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.07 14:41:49 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.07 14:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.07 14:41:39 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Programs [2013.04.07 13:57:51 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Adobe [2013.04.07 12:18:19 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Avira [2013.04.07 12:13:49 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\ATI [2013.04.07 12:13:49 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\ATI [2013.04.07 12:13:06 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Macromedia [2013.04.07 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Power2Go [2013.04.07 12:12:53 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Apple Computer [2013.04.07 12:12:10 | 000,000,000 | R--D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.04.07 12:12:10 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Searches [2013.04.07 12:12:10 | 000,000,000 | R--D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.04.07 12:11:57 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Identities [2013.04.07 12:11:53 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Contacts [2013.04.07 12:11:36 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Adobe [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Vorlagen [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\AppData\Local\Verlauf [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\AppData\Local\Temporary Internet Files [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Startmenü [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\SendTo [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Recent [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Netzwerkumgebung [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Lokale Einstellungen [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Druckumgebung [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Cookies [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\AppData\Local\Anwendungsdaten [2013.04.07 12:11:19 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Anwendungsdaten [2013.04.07 12:11:18 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Documents\Eigene Videos [2013.04.07 12:11:18 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Documents\Eigene Musik [2013.04.07 12:11:18 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Eigene Dateien [2013.04.07 12:11:18 | 000,000,000 | -HSD | C] -- C:\Users\TEMP\Documents\Eigene Bilder [2013.04.07 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Microsoft Help [2013.04.07 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Microsoft [2013.04.07 12:11:15 | 000,000,000 | R--D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.04.07 12:11:15 | 000,000,000 | R--D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.07 12:11:15 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Local\Temp [2013.04.07 12:11:15 | 000,000,000 | ---D | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LG Power Tools [2013.04.07 12:11:14 | 000,000,000 | --SD | C] -- C:\Users\TEMP\AppData\Roaming\Microsoft [2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Videos [2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Saved Games [2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Pictures [2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Music [2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Links [2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Favorites [2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Downloads [2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Documents [2013.04.07 12:11:14 | 000,000,000 | R--D | C] -- C:\Users\TEMP\Desktop [2013.04.07 12:11:14 | 000,000,000 | -H-D | C] -- C:\Users\TEMP\AppData [2013.04.05 18:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.03.10 23:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java ========== Files - Modified Within 30 Days ========== [2013.04.07 15:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.07 15:43:54 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.07 15:43:54 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.07 15:43:54 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.07 15:43:54 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.07 15:29:01 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000UA.job [2013.04.07 14:41:57 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.07 14:32:04 | 000,000,338 | ---- | M] () -- C:\Windows\lgfwup.ini [2013.04.07 14:31:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.07 14:31:25 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.07 13:46:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.07 12:12:58 | 000,002,022 | ---- | M] () -- C:\Users\TEMP\Desktop\LG Burning Tool.lnk [2013.04.07 12:12:45 | 000,001,134 | ---- | M] () -- C:\Users\TEMP\Desktop\LG Power Tools.lnk [2013.04.07 11:46:47 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\EUCMIZLQSO.job [2013.04.07 11:46:16 | 602,640,384 | -HS- | M] () -- C:\hiberfil.sys [2013.04.07 11:41:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000Core.job [2013.04.05 10:21:58 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.02 20:42:12 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.02 20:42:12 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.04.02 20:42:12 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.10 23:39:33 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2013.04.07 14:41:57 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.07 12:11:35 | 000,001,425 | ---- | C] () -- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.07 12:11:16 | 000,002,022 | ---- | C] () -- C:\Users\TEMP\Desktop\LG Burning Tool.lnk [2013.04.07 12:11:16 | 000,001,134 | ---- | C] () -- C:\Users\TEMP\Desktop\LG Power Tools.lnk [2013.04.05 10:21:58 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.01.04 18:13:23 | 000,000,399 | ---- | C] () -- C:\Windows\MAXLINK.INI [2013.01.04 17:47:23 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw52.bin [2012.02.26 20:45:00 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\mfc100fra3.dll [2011.12.31 14:59:51 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI [2011.12.31 14:54:01 | 000,000,338 | ---- | C] () -- C:\Windows\lgfwup.ini [2010.05.11 13:34:17 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.08 23:09:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\convert [2010.11.11 20:01:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2013.03.29 19:07:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2013.01.04 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2012.07.29 21:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\loadtbs [2013.01.04 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft [2012.12.23 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011.03.11 16:49:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 07.04.2013 15:47:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
766,30 Mb Total Physical Memory | 297,34 Mb Available Physical Memory | 38,80% Memory free
1,75 Gb Paging File | 0,90 Gb Available in Paging File | 51,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 159,42 Gb Free Space | 72,54% Space Free | Partition Type: NTFS
Drive D: | 3,61 Gb Total Space | 3,60 Gb Free Space | 99,98% Space Free | Partition Type: FAT32
Computer Name: MaxMustermann-PC | User Name: Max Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AE3423-5154-444B-A9CA-8830435F7264}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08C2703B-5A3A-4B28-8DCD-166EE1126422}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{834F3FA4-4BC0-4A63-9A8F-ECE366E2175E}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{8D568047-DA4A-434E-89EB-25E0942185C3}" = lport=28883 | protocol=6 | dir=in | name=windows core service |
"{D79663C9-6986-4BE2-B552-73C31272D959}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{F3E430E0-9341-4215-8E04-CC91EE915B81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F60786-9468-4589-9A66-9A8F9798D5D6}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{0C0902BA-77B8-4A43-9E59-5454740B70C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3019A4C6-37E5-4D2C-9C12-96868634C39B}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{38157963-84F9-453B-9F06-FA46E7FE983C}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{523D3022-08B5-42F2-A2C8-EA7EB735CD58}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5696D2C0-ED99-4647-A936-E95EE46F5691}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{671E1202-B643-4BF5-A1DB-BC99B1383F22}" = protocol=17 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
"{6BE8C82E-2DC2-4B75-A3C9-066C2345EAB0}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"{70AE6545-795E-4387-8333-F6E2DBB939D7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7CE8AA06-EC5E-4532-A655-1FCAE72F68F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91F6DBB8-6055-4EF5-8927-7DFE0A6A0844}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A1F07959-7C93-4ECC-B436-FCE124A991E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BE2AE7A5-66B4-40FF-8966-0DF04C9629A8}" = protocol=6 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
"{C186281A-47F7-4CB9-A49A-52DB1126D5F7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C218806E-3A2B-4BEC-9150-BE3C92786157}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFB957DF-5E9E-4AFB-8489-B175B79AD7BA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EFBD6A49-4AFA-4A5D-8425-DB28902A1022}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{F243532F-A8E7-4CD8-AC35-1D5EAD3A9BED}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{75CF14CB-92A9-4A66-A8F1-7ED80E5D9BCF}C:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{7ED00B5A-56EF-4F99-9D2D-3C38FA157C64}C:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{09D816C9-81E7-9CF4-2F70-4665CDE8CF22}" = CCC Help Swedish
"{0C11CE22-B6E6-5EF1-26A3-67AB377E4544}" = CCC Help Thai
"{0D3BCEB7-2F03-ACCA-3108-3888A4139E05}" = CCC Help Russian
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16C25121-24BE-0724-569D-F76E08BFF067}" = CCC Help Danish
"{16E7B680-D5F9-ED88-910A-41139D9D0523}" = CCC Help Hungarian
"{1E6340DC-51E5-5F11-3A2F-FC0175923671}" = CCC Help Turkish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A4BA38-316B-65EB-497A-DA212E1A560A}" = Catalyst Control Center Localization All
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A023941-B1E7-90A5-44A2-50F40F5B5EF2}" = CCC Help Italian
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D13FC7D-42A8-4BF1-AF0C-B3DC68C59448}_is1" = Atheros_7.0.2.13_patch2_32
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32950AC0-90A9-A331-9A0A-A53E25135C36}" = CCC Help German
"{37B84CDE-B76D-067A-979D-1A7013677181}" = Catalyst Control Center Core Implementation
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD6FAED-95C2-6052-1263-5451780B8022}" = CCC Help Chinese Traditional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC6E081-DC9D-EB50-5B87-FE582F9EE86B}" = CCC Help Polish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{62AF3B34-41F3-803E-2F69-CD66974B958E}" = CCC Help French
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D616-B9E8-38F0-708C-4C098F20E28D}" = CCC Help Chinese Standard
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EF7783D-8474-8B27-D2A9-BD1FCA69BA2A}" = Catalyst Control Center Graphics Full New
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C872F7-DE54-5837-D112-B39122EE3C2B}" = CCC Help Greek
"{84CC59D3-9F73-98B3-5BFE-E0F1F98313FD}" = CCC Help Norwegian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{930F4BA6-53B3-E73C-2E7B-AB39D804C6D5}" = CCC Help Czech
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3E27909-446C-0494-14FC-5C7A27035C0D}" = ccc-utility
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AE0CDE19-8212-97F1-B53F-F0B5CB2B1B89}" = Catalyst Control Center Graphics Previews Common
"{BFFAA35C-CE19-4FAF-1766-D499F58C1E81}" = CCC Help Finnish
"{C15BCA23-3080-7F99-7D9D-E39C5FBCD275}" = CCC Help Dutch
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C55CA6B4-811D-99B0-A80E-C13616683EC2}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{CBA047D0-64B3-BA72-3505-7C153B9481E1}" = CCC Help Japanese
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.174.419
"{D1AA79CE-0F31-38F4-424B-16A8EC161F6B}" = Catalyst Control Center Graphics Light
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{E6C049AB-5A32-A46F-1068-2EA943CE07DA}" = CCC Help Spanish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE426B11-ECEE-4811-8FE5-DDCDC1750CC4}" = CCC Help Korean
"{EFEC373B-FF11-1FD8-DD3F-D4A556591E93}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DAEC21-207C-E969-150D-8BE3F097BDC8}" = CCC Help Portuguese
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F13F589E-00BB-0469-C4E0-B7CEC73F7831}" = ccc-core-static
"{F41D214A-E6C2-D3AC-12A1-101994909F3E}" = ATI Catalyst Install Manager
"{F46DC3C4-65C7-4686-A6B4-EA19B2BDA029}" = ScanSoft OmniPage 15.0
"{F8FBC8E6-CFBC-522A-5477-93020C479A84}" = CCC Help English
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"loadtbs-3.0" = loadtbs-3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\IECleanupTempUserHive\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.09.2012 13:15:37 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13260
Error - 27.09.2012 13:15:38 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.09.2012 13:15:38 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14336
Error - 27.09.2012 13:15:38 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14336
Error - 27.09.2012 13:54:54 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.09.2012 13:54:54 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1232
Error - 27.09.2012 13:54:54 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1232
Error - 27.09.2012 13:54:57 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.09.2012 13:54:57 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4071
Error - 27.09.2012 13:54:57 | Computer Name = MaxMustermann-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4071
[ System Events ]
Error - 07.04.2013 07:53:08 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.04.2013 07:53:08 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.04.2013 07:53:08 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.04.2013 07:53:11 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 07.04.2013 07:57:18 | Computer Name = MaxMustermann-PC | Source = DCOM | ID = 10010
Description =
Error - 07.04.2013 09:42:56 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.04.2013 09:42:57 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.04.2013 09:42:57 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.04.2013 09:42:58 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 07.04.2013 09:42:58 | Computer Name = MaxMustermann-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-07 16:51:01
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVT-22A23T0 rev.01.01A01 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\TEMP\AppData\Local\Temp\awrcypob.sys
---- System - GMER 2.1 ----
SSDT 89CE80C6 ZwCreateSection
SSDT 89CE80D0 ZwRequestWaitReplyPort
SSDT 89CE80CB ZwSetContextThread
SSDT 89CE80D5 ZwSetSecurityObject
SSDT 89CE80DA ZwSystemDebugControl
SSDT 89CE8067 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C919E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81CCB1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81CD230C 1 Byte [C6]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81CD230C 4 Bytes [C6, 80, CE, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81CD2668 4 Bytes [D0, 80, CE, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81CD26AC 4 Bytes [CB, 80, CE, 89] {RETF ; OR DH, 0x89}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81CD2728 4 Bytes [D5, 80, CE, 89]
.text ...
? System32\Drivers\spvx.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x8A803000, 0x2ED370, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[3496] SHELL32.dll!SHCreateDefaultExtractIcon + 736B 76503454 4 Bytes [80, 1B, 00, 10]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs 83E7E1F8
Device \FileSystem\fastfat \FatCdrom 84142500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys
Device \Driver\volmgr \Device\VolMgrControl 835881F8
Device \Driver\usbohci \Device\USBPDO-0 8458E1F8
Device \Driver\usbehci \Device\USBPDO-1 8458F1F8
Device \Driver\usbohci \Device\USBPDO-2 8458E1F8
Device \Driver\usbehci \Device\USBPDO-3 8458F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 835881F8
Device \Driver\volmgr \Device\HarddiskVolume2 835881F8
Device \Driver\volmgr \Device\HarddiskVolume3 835881F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8358A1F8
Device \Driver\atapi \Device\Ide\IdePort0 8358A1F8
Device \Driver\atapi \Device\Ide\IdePort1 8358A1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8358B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel3 8358B1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{66D10CA9-C14D-4F33-9A08-3096D8FAAD75} 8448F1F8
Device \Driver\volmgr \Device\HarddiskVolume4 835881F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8448F1F8
Device \Driver\USBSTOR \Device\00000078 83EB41F8
Device \Driver\USBSTOR \Device\00000079 83EB41F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A32D6594-C067-4E00-9232-D57F9C30AE59} 8448F1F8
Device \Driver\usbohci \Device\USBFDO-0 8458E1F8
Device \Driver\usbehci \Device\USBFDO-1 8458F1F8
Device \Driver\usbohci \Device\USBFDO-2 8458E1F8
Device \Driver\usbehci \Device\USBFDO-3 8458F1F8
Device \FileSystem\fastfat \Fat 84142500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Trace I/O - GMER 2.1 ----
Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8358a1f8]<< 8358a1f8
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x843cf030] 843cf030
Trace 3 CLASSPNP.SYS[869a259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x842a6030] 842a6030
Trace \Driver\atapi[0x842b7608] -> IRP_MJ_CREATE -> 0x8358a1f8 8358a1f8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\78e400ad21ed
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\78e400ad21ed (not active ControlSet)
---- EOF - GMER 2.1 ----
Evtl bin ich auch nur einfach Doof und es ist kein Trojaner oder so... Aber nen Benutzerkonto wird doch nicht mal einfach so zurückgesetzt. Haben wa da ne Chance mit z.B. EasyRecovery oder ähnlichem, einfach mal zu schauen ob die Datein einfach nur normal "gelöscht" worden sind. ? Danke Schonmal im Voraus, echt Super euer Service  |
|
09.04.2013, 10:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2013, 21:49
| #5 |
| |  Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Hallo ich war die Woche über leider beschäftigt und bin erst gestern zum abarbeiten der Liste gekommen. Die Anleitungen habe ich nach besten Wissen und Gewissen befolgt. Als erstes hier das MBAR Log (hat auch was gefunden und wohl bereinigt) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.18.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Max Mustermann :: MaxMustermann-PC [administrator]
18.04.2013 22:04:43
mbar-log-2013-04-18 (22-04-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29546
Time elapsed: 22 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\loadtbs-3.0 (PUP.LoadTubes) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 3
c:\Users\Max Mustermann\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Delete on reboot.
Files Detected: 17
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Delete on reboot.
c:\Users\Max Mustermann\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Delete on reboot.
(end)
dieses mal wurde ncihts mehr gefunden. Hier das entsprechende LOG: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.04.18.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Max Mustermann :: MaxMustermann-PC [administrator]
18.04.2013 23:06:22
mbar-log-2013-04-18 (23-06-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29498
Time elapsed: 26 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Es ist allerdings abgestürzt Ich habe dann entsprechend der Anleitung das Programm nochmal gestartet und diesesmal "NONE" gewählt. Hier ist das LOG: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-19 02:00:12
-----------------------------
02:00:12.944 OS Version: Windows 6.1.7601 Service Pack 1
02:00:12.944 Number of processors: 1 586 0x603
02:00:12.944 ComputerName: MaxMustermann-PC UserName: Max Mustermann
02:00:14.457 Initialize success
02:00:42.412 AVAST engine defs: 13041801
02:00:59.104 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:00:59.104 Disk 0 Vendor: WDC_WD2500BEVT-22A23T0 01.01A01 Size: 238475MB BusType: 11
02:00:59.120 Disk 0 MBR read successfully
02:00:59.120 Disk 0 MBR scan
02:00:59.182 Disk 0 Windows 7 default MBR code
02:00:59.213 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
02:00:59.260 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
02:00:59.276 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225061 MB offset 27469824
02:00:59.276 Disk 0 scanning sectors +488394752
02:00:59.400 Disk 0 scanning C:\Windows\system32\drivers
02:01:19.119 Service scanning
02:01:49.320 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
02:01:59.882 Modules scanning
02:02:13.579 Disk 0 trace - called modules:
02:02:13.610 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8378a1f8]<<
02:02:13.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x845cf6c8]
02:02:13.625 3 CLASSPNP.SYS[86c7f59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x844a7340]
02:02:13.625 \Driver\atapi[0x844bb940] -> IRP_MJ_CREATE -> 0x8378a1f8
02:02:13.641 Scan finished successfully
02:07:00.603 Disk 0 MBR has been saved successfully to "D:\Rootkit\MBR.dat"
02:07:00.635 The log file has been saved successfully to "D:\Rootkit\aswMBR.txt"
Das Log von TDSS sprengt hier leider die Grenzen. Ich habe es als Logdatei angehängt. Geändert von Ratanna (19.04.2013 um 21:53 Uhr) Grund: TDSS Log ist zu groß. |
|
19.04.2013, 22:00
| #6 |
| | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Danach wurde dann TDSS durchgeführt und hat noch 3 Datein / Signaturen gefunden. Code:
ATTFilter 02:09:45.0662 3200 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:09:46.0021 3200 ============================================================
02:09:46.0021 3200 Current date / time: 2013/04/19 02:09:46.0021
02:09:46.0021 3200 SystemInfo:
02:09:46.0021 3200
02:09:46.0021 3200 OS Version: 6.1.7601 ServicePack: 1.0
02:09:46.0021 3200 Product type: Workstation
02:09:46.0021 3200 ComputerName: MaxMustermann-PC
02:09:46.0037 3200 UserName: Max Mustermann
02:09:46.0037 3200 Windows directory: C:\Windows
02:09:46.0037 3200 System windows directory: C:\Windows
02:09:46.0037 3200 Processor architecture: Intel x86
02:09:46.0037 3200 Number of processors: 1
02:09:46.0037 3200 Page size: 0x1000
02:09:46.0037 3200 Boot type: Normal boot
02:09:46.0037 3200 ============================================================
02:09:47.0503 3200 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:09:47.0519 3200 Drive \Device\Harddisk1\DR1 - Size: 0xE7400000 (3.61 Gb), SectorSize: 0x200, Cylinders: 0x1D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:09:47.0550 3200 ============================================================
02:09:47.0550 3200 \Device\Harddisk0\DR0:
02:09:47.0550 3200 MBR partitions:
02:09:47.0550 3200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
02:09:47.0550 3200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1B792800
02:09:47.0550 3200 \Device\Harddisk1\DR1:
02:09:47.0550 3200 MBR partitions:
02:09:47.0550 3200 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x739FC1
02:09:47.0550 3200 ============================================================
02:09:47.0597 3200 C: <-> \Device\Harddisk0\DR0\Partition2
02:09:47.0675 3200 ============================================================
02:09:47.0675 3200 Initialize success
02:09:47.0675 3200 ============================================================
02:10:17.0658 1568 ============================================================
02:10:17.0658 1568 Scan started
02:10:17.0658 1568 Mode: Manual; SigCheck; TDLFS;
02:10:17.0658 1568 ============================================================
02:10:18.0032 1568 ================ Scan system memory ========================
02:10:18.0032 1568 System memory - ok
02:10:18.0048 1568 ================ Scan services =============================
22:24:13.0170 1360 ================ Scan global ===============================
22:24:13.0217 1360 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:24:13.0264 1360 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:24:13.0295 1360 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:24:13.0326 1360 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:24:13.0404 1360 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:24:13.0404 1360 [Global] - ok
22:24:13.0435 1360 ================ Scan MBR ==================================
22:24:13.0451 1360 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:24:14.0122 1360 \Device\Harddisk0\DR0 - ok
22:24:14.0122 1360 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1
22:24:14.0309 1360 \Device\Harddisk1\DR1 - ok
22:24:14.0309 1360 ================ Scan VBR ==================================
22:24:14.0309 1360 [ F3D053F91C4C1029406A2CE61ECECA67 ] \Device\Harddisk0\DR0\Partition1
22:24:14.0324 1360 \Device\Harddisk0\DR0\Partition1 - ok
22:24:14.0340 1360 [ 539B6DC323570130A540991B0EABF3CE ] \Device\Harddisk0\DR0\Partition2
22:24:14.0340 1360 \Device\Harddisk0\DR0\Partition2 - ok
22:24:14.0340 1360 [ 831C440AF894CD779B888EE2302CAD3C ] \Device\Harddisk1\DR1\Partition1
22:24:14.0340 1360 \Device\Harddisk1\DR1\Partition1 - ok
22:24:14.0340 1360 ============================================================
22:24:14.0340 1360 Scan finished
22:24:14.0340 1360 ============================================================
22:24:14.0340 3264 Detected object count: 3
22:24:14.0340 3264 Actual detected object count: 3
22:26:46.0766 3264 AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:46.0766 3264 AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:26:46.0766 3264 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:26:46.0766 3264 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:26:46.0766 3264 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:46.0766 3264 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vielen Dank das Du solange gewartet hast auf meine Antwort. Eine gute Nachricht habe ich schon ! Die vermissten Dateien im "eigene Dokumente" Ordner sind seit der Prozedur wieder aufgetaucht! Wir sind also auf dem richtigen Weg..  Schonmal an dieser Stelle. Wie gehts jetzt weiter ? |
|
20.04.2013, 17:20
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.04.2013, 22:56
| #8 |
| | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube So habe Combofix ausgeführt. Ich habe den Avira deaktiviert, wie schon in der Beschreibung hat das die Combofix.exe direkt gemerkt und 2 x besheid gesagt. Die ganze Aktion wurde dann erfolgreich ohne Fehler ausgeführt. Hier das Log: Code:
ATTFilter ComboFix 13-04-20.01 - Max Mustermann 20.04.2013 19:31:47.1.1 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.766.317 [GMT 2:00]
ausgeführt von:: c:\users\Max Mustermann\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Max Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\{586912A9-678F-424E-97E6-2113D121F2B7}.xps
c:\users\Max Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\{68635B52-D7AA-4BFA-A143-8C3427B86525}.xps
c:\users\Max Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\{810924FE-C6E4-47ED-AC7E-A2AB1A43BEB9}.xps
c:\users\Max Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\{92216283-3F04-4C23-9EB8-A7C45FFA46B0}.xps
c:\users\Max Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4ED320D-68AE-488C-B8CE-AECCAEAA0115}.xps
c:\users\Max Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C4177A82-0C90-4914-AF7D-EB7F8F430089}.xps
c:\users\Max Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F3CB0883-20DD-48C6-AF24-C784F4617DCE}.xps
c:\users\Max Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F8544245-038E-4330-8739-2DF666040B78}.xps
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-20 bis 2013-04-20 ))))))))))))))))))))))))))))))
.
.
2013-04-20 17:41 . 2013-04-20 17:41 -------- d-----w- c:\users\Max Mustermann\AppData\Local\temp
2013-04-20 17:41 . 2013-04-20 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-14 18:00 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-14 18:00 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-14 18:00 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-14 18:00 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-14 18:00 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-14 18:00 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-07 12:41 . 2013-04-07 12:41 -------- d-----w- c:\programdata\Malwarebytes
2013-04-07 12:41 . 2013-04-07 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-07 12:41 . 2012-12-14 14:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-07 10:11 . 2013-04-14 22:03 -------- d-----w- c:\users\TEMP
2013-04-05 16:56 . 2013-04-05 16:56 -------- d-----w- c:\program files\Common Files\Skype
2013-04-05 08:21 . 2013-04-05 08:21 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 08:19 . 2013-04-05 08:19 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 18:42 . 2012-10-19 05:09 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-02 18:42 . 2012-10-19 05:09 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-02 18:42 . 2012-10-19 05:09 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-13 19:03 . 2012-04-09 18:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 19:03 . 2012-02-23 12:29 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 21:43 . 2013-03-10 21:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 21:43 . 2012-09-15 18:41 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-10 21:43 . 2012-09-15 18:41 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 04:48 . 2013-03-14 15:52 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 15:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-20 20:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpAgent"="c:\program files\ScanSoft\OmniPage15.0\OpAgent.exe" [2005-08-11 155648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-03-03 1300560]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-17 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-05-25 206208]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-07-23 27760]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-04-02 345312]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"Opware15"="c:\program files\ScanSoft\OmniPage15.0\Opware15.exe" [2005-08-11 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Max Mustermann\Desktop\mbar\mbar.exe" [2013-03-22 1398856]
.
c:\users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Users^Max Mustermann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Max Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"AmIcoSinglun"=c:\program files\AmIcoSingLun\AmIcoSinglun.exe
"mwlDaemon"=c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" -d
"cAudioFilterAgent"=c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
"Acer ePower Management"=c:\program files\Acer\Acer ePower Management\ePowerTray.exe
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 85929312
*NewlyCreated* - ASWMBR
*Deregistered* - 85929312
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:03]
.
2013-04-20 c:\windows\Tasks\EUCMIZLQSO.job
- c:\windows\system32\mfc100fra3.dll [2012-02-26 18:45]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000Core.job
- c:\users\Max Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 17:51]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000UA.job
- c:\users\Max Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 17:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao521&r=27b51010y206l0403ww75w4611s036
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FA70E1FF-0F80-48DB-91DC-6DE058F900B8}: NameServer = 192.109.135.70
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
HKLM-Run-OpScheduler - c:\program files\ScanSoft\OmniPage15.0\OpScheduler.exe
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-20 19:44:44
ComboFix-quarantined-files.txt 2013-04-20 17:44
.
Vor Suchlauf: 8 Verzeichnis(se), 170.648.698.880 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 171.410.227.200 Bytes frei
.
- - End Of File - - D094980BBC1929281252AE88F55E046C
Da rücken wir den Pösen Code ganz schon auf die Pelle  Schönen Gruß Jan |
|
21.04.2013, 01:01
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Combofix-Skript
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.04.2013, 17:41
| #10 |
| | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Hallo nochmal, habe den Combofix mit dem Drag&Drop Methode gestartet. Wieder hat Combofix den Scanner bemerkt und gemeckert. Ist dannach allerdings auch wieder ohne Probleme durchgelaufen. Hier ist das LOG: Code:
ATTFilter ComboFix 13-04-21.01 - Max Mustermann 21.04.2013 18:21:28.2.1 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.766.321 [GMT 2:00]
ausgeführt von:: c:\users\Max Mustermann\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Max Mustermann\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-21 bis 2013-04-21 ))))))))))))))))))))))))))))))
.
.
2013-04-21 16:30 . 2013-04-21 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-20 17:44 . 2013-04-21 16:30 -------- d-----w- c:\users\Max Mustermann\AppData\Local\temp
2013-04-14 18:00 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-14 18:00 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-14 18:00 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-14 18:00 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-14 18:00 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-14 18:00 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-07 12:41 . 2013-04-07 12:41 -------- d-----w- c:\programdata\Malwarebytes
2013-04-07 12:41 . 2013-04-07 12:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-07 12:41 . 2012-12-14 14:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-07 10:11 . 2013-04-14 22:03 -------- d-----w- c:\users\TEMP
2013-04-05 16:56 . 2013-04-05 16:56 -------- d-----w- c:\program files\Common Files\Skype
2013-04-05 08:21 . 2013-04-05 08:21 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 08:19 . 2013-04-05 08:19 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 18:42 . 2012-10-19 05:09 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-02 18:42 . 2012-10-19 05:09 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-02 18:42 . 2012-10-19 05:09 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-13 19:03 . 2012-04-09 18:12 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 19:03 . 2012-02-23 12:29 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 21:43 . 2013-03-10 21:43 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 21:43 . 2012-09-15 18:41 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-10 21:43 . 2012-09-15 18:41 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-12 04:48 . 2013-03-14 15:52 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 15:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-20 20:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\TEMP ----
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpAgent"="c:\program files\ScanSoft\OmniPage15.0\OpAgent.exe" [2005-08-11 155648]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-03-03 1300560]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-17 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-05-25 206208]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-07-23 27760]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-04-02 345312]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"Opware15"="c:\program files\ScanSoft\OmniPage15.0\Opware15.exe" [2005-08-11 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Max Mustermann\Desktop\mbar\mbar.exe" [2013-03-22 1398856]
.
c:\users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Users^Max Mustermann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 16:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Max Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"AmIcoSinglun"=c:\program files\AmIcoSingLun\AmIcoSinglun.exe
"mwlDaemon"=c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" -d
"cAudioFilterAgent"=c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
"Acer ePower Management"=c:\program files\Acer\Acer ePower Management\ePowerTray.exe
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [x]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
R2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
R2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [x]
R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [x]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 85929312
*NewlyCreated* - ASWMBR
*Deregistered* - 85929312
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 19:03]
.
2013-04-20 c:\windows\Tasks\EUCMIZLQSO.job
- c:\windows\system32\mfc100fra3.dll [2012-02-26 18:45]
.
2013-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000Core.job
- c:\users\Max Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 17:51]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000UA.job
- c:\users\Max Mustermann\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-11 17:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao521&r=27b51010y206l0403ww75w4611s036
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FA70E1FF-0F80-48DB-91DC-6DE058F900B8}: NameServer = 192.109.135.70
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2928)
c:\users\Max Mustermann\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
.
Zeit der Fertigstellung: 2013-04-21 18:34:10
ComboFix-quarantined-files.txt 2013-04-21 16:34
ComboFix2.txt 2013-04-20 17:44
.
Vor Suchlauf: 12 Verzeichnis(se), 171.433.697.280 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 171.384.233.984 Bytes frei
.
- - End Of File - - 348C2A4655A0A2275FAF3A828B4006F2
|
|
21.04.2013, 23:02
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.04.2013, 00:40
| #12 |
| | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Moin Moin habe die Programme alle ausgeführt. Zuerst JRT Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.8 (04.21.2013:2)
OS: Windows 7 Starter x86
Ran by Max Mustermann on 22.04.2013 at 23:02:34,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\system32\turegopt.exe"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.04.2013 at 23:03:54,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.201 - Datei am 22/04/2013 um 23:14:53 erstellt
# Aktualisiert am 21/04/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : Max Mustermann - MaxMustermann-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Max Mustermann\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Max Mustermann\AppData\Local\APN
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Max Mustermann\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.51] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.54] : keyword = "ask.com",
Gelöscht [l.58] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=d[...]
Gelöscht [l.59] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
Gelöscht [l.2194] : homepage = "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE",
*************************
AdwCleaner[S1].txt - [1353 octets] - [22/04/2013 23:14:53]
########## EOF - C:\AdwCleaner[S1].txt - [1413 octets] ##########
OTL.Txt Code:
ATTFilter OTL logfile created on: 23.04.2013 00:17:52 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max Mustermann\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 766,30 Mb Total Physical Memory | 334,86 Mb Available Physical Memory | 43,70% Memory free 1,75 Gb Paging File | 1,04 Gb Available in Paging File | 59,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 219,79 Gb Total Space | 159,50 Gb Free Space | 72,57% Space Free | Partition Type: NTFS Computer Name: MaxMustermann-PC | User Name: Max Mustermann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Max Mustermann\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Max Mustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\lg_fwupdate\fwupdate.exe (BitLeader) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Communications) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\ShrewSoft\VPN Client\iked.exe () PRC - C:\Programme\ShrewSoft\VPN Client\dtpd.exe () PRC - C:\Programme\ShrewSoft\VPN Client\ipsecd.exe () PRC - C:\Programme\ScanSoft\OmniPage15.0\OpWare15.exe (ScanSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1a66b44c4780c039576eaf18f4cd8dc\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3728.37183__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3728.37148__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3728.37040__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3728.37065__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3728.37125__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3728.37103__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3728.37091__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3728.37058__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3728.37052__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3728.37109__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3728.37147__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3728.37109__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3728.37051__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3728.37149__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3728.37108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3728.37146__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3728.37183__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3728.37179__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3728.37094__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3728.37066__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3728.37118__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3728.37093__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3728.37087__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3728.37102__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3728.37071__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3728.37066__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3728.37093__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3728.37100__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3728.37092__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3728.37093__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3728.37099__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3728.37070__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3728.37101__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3728.37034__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3728.37029__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3728.37146__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3728.37034__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3728.37155__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3728.37039__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3728.37034__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3728.37032__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3728.37029__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3728.37125__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3728.37083__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3728.37108__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3728.37062__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3728.37092__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3728.37051__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3728.37147__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3728.37103__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3728.37027__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3728.37051__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3728.37141__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3728.37119__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3728.37051__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3728.37062__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3728.37030__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3728.37099__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3728.37031__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3728.37039__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3728.37030__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3728.37058__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3728.37050__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3728.37029__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3728.37148__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3728.37030__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3728.37039__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3728.37032__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3728.37033__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3728.37046__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3728.37057__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3728.37142__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3728.37139__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3728.37037__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3728.37038__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3728.37034__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3728.37155__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3728.37033__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3728.37044__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3728.37031__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3728.37032__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3728.37057__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3728.37044__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3728.37037__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3728.37035__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3728.37035__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3728.37036__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3728.37035__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3728.37141__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3728.37064__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Programme\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (AtherosSvc) -- C:\Programme\Bluetooth Suite\AdminService.exe (Atheros Communications) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (iked) -- C:\Programme\ShrewSoft\VPN Client\iked.exe () SRV - (dtpd) -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe () SRV - (ipsecd) -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe () ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Max~1\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (ATHDFU) -- C:\Windows\System32\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV - (BtFilter) -- C:\Windows\System32\drivers\btfilter.sys (Atheros) DRV - (BTATH_LWFLT) -- C:\Windows\System32\drivers\btath_lwflt.sys (Atheros) DRV - (BTATH_HCRP) -- C:\Windows\System32\drivers\btath_hcrp.sys (Atheros) DRV - (AthBTPort) -- C:\Windows\System32\drivers\btath_flt.sys (Atheros) DRV - (BTATH_RCP) -- C:\Windows\System32\drivers\btath_rcp.sys (Atheros) DRV - (BTATH_A2DP) -- C:\Windows\System32\drivers\btath_a2dp.sys (Atheros) DRV - (BTATH_BUS) -- C:\Windows\System32\drivers\btath_bus.sys (Atheros) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV - (vflt) -- C:\Windows\System32\drivers\vfilter.sys (Shrew Soft Inc) DRV - (vnet) -- C:\Windows\System32\drivers\virtualnet.sys (Shrew Soft Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error. IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=ao521&r=27b51010y206l0403ww75w4611s036 IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Max Mustermann\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Max Mustermann\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.02.28 23:16:12 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=8cbab178-cab1-41cd-8a38-777355b0b3f7&apn_ptnrs=%5EAGS&apn_sauid=294530A1-D610-4C4C-8595-DBF50B47E92E&apn_dtid=%5EYYYYYY%5EVK%5EDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Max Mustermann\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Max Mustermann\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Max Mustermann\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Max Mustermann\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: McAfee SiteAdvisor = C:\Users\Max Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.30.153.1_0\ O1 HOSTS File: ([2013.04.20 19:41:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Opware15] C:\Program Files\ScanSoft\OmniPage15.0\Opware15.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3030714274-741536063-3896117500-1000..\Run: [OpAgent] C:\Program Files\ScanSoft\OmniPage15.0\OpAgent.exe (ScanSoft, Inc.) O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Max Mustermann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66D10CA9-C14D-4F33-9A08-3096D8FAAD75}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A32D6594-C067-4E00-9232-D57F9C30AE59}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA70E1FF-0F80-48DB-91DC-6DE058F900B8}: NameServer = 192.109.135.70 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.22 23:50:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max Mustermann\Desktop\OTL.exe [2013.04.22 23:02:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.22 23:00:18 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.22 23:00:18 | 000,000,000 | ---D | C] -- \JRT [2013.04.22 22:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.22 22:53:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.04.22 22:53:22 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.04.22 22:53:22 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.04.22 22:49:54 | 000,535,747 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Max Mustermann\Desktop\JRT.exe [2013.04.21 18:34:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.21 18:33:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.21 18:33:17 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN [2013.04.21 18:17:50 | 005,057,323 | R--- | C] (Swearware) -- C:\Users\Max Mustermann\Desktop\ComboFix.exe [2013.04.20 19:44:47 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\temp [2013.04.20 19:29:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.20 19:29:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.20 19:29:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.20 19:28:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.20 19:28:15 | 000,000,000 | ---D | C] -- \Qoobox [2013.04.20 19:27:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.18 21:40:49 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\Desktop\mbar [2013.04.15 00:05:32 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.15 00:05:30 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.15 00:05:30 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.15 00:05:30 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.15 00:05:29 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.15 00:05:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.15 00:05:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.15 00:05:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.04.15 00:05:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.15 00:05:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.14 20:00:11 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.14 20:00:07 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.14 20:00:07 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.14 20:00:06 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.07 14:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.07 14:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.07 14:41:49 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.07 14:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.05 18:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.04.05 10:22:15 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.05 10:22:15 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.05 10:22:14 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.05 10:22:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.05 10:22:13 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.05 10:22:12 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.05 10:22:12 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.05 10:22:06 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.05 10:22:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.05 10:22:00 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.05 10:22:00 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.05 10:22:00 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.05 10:22:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.05 10:22:00 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.05 10:22:00 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.05 10:22:00 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.05 10:21:59 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.05 10:21:59 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.05 10:21:59 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.05 10:21:58 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.05 10:21:58 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.05 10:21:58 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.05 10:21:58 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.05 10:21:58 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.05 10:21:58 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.05 10:21:58 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.05 10:19:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.05 10:19:34 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.05 10:19:34 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.05 10:19:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.05 10:19:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.05 10:19:24 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.05 10:19:23 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.04.05 10:19:23 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.04.05 10:19:23 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.05 10:19:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.05 10:19:23 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.05 10:19:22 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.04.05 10:19:22 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.04.05 10:19:22 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.04.05 10:19:22 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.04.05 10:19:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.04.05 10:19:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.04.05 10:19:22 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.04.05 10:19:22 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.04.05 10:19:21 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.04.05 10:19:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.04.05 10:19:19 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.04.05 10:19:19 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.04.05 10:19:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.04.05 10:19:19 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.03.27 19:57:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\Application Data ========== Files - Modified Within 30 Days ========== [2013.04.22 23:58:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.22 23:58:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.22 23:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.22 23:36:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max Mustermann\Desktop\OTL.exe [2013.04.22 23:29:14 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000UA.job [2013.04.22 23:26:59 | 000,000,338 | ---- | M] () -- C:\Windows\lgfwup.ini [2013.04.22 23:19:17 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\EUCMIZLQSO.job [2013.04.22 23:19:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.22 23:18:55 | 602,640,384 | -HS- | M] () -- C:\hiberfil.sys [2013.04.22 23:09:15 | 000,615,935 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\adwcleaner.exe [2013.04.22 22:50:30 | 000,535,747 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Max Mustermann\Desktop\JRT.exe [2013.04.22 22:29:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3030714274-741536063-3896117500-1000Core.job [2013.04.21 20:10:14 | 000,001,022 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.21 20:08:39 | 000,001,004 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Dropbox.lnk [2013.04.21 18:13:00 | 005,057,323 | R--- | M] (Swearware) -- C:\Users\Max Mustermann\Desktop\ComboFix.exe [2013.04.20 19:41:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.18 21:38:00 | 000,657,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.18 21:38:00 | 000,619,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.18 21:38:00 | 000,131,250 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.18 21:38:00 | 000,107,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.18 21:15:11 | 000,002,365 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Google Chrome.lnk [2013.04.18 21:04:47 | 000,410,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.08 00:22:42 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.07 14:41:57 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.05 10:22:15 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.05 10:22:15 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.05 10:22:14 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.05 10:22:13 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.05 10:22:13 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.05 10:22:12 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.05 10:22:12 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.05 10:22:06 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.05 10:22:04 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.05 10:22:00 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.05 10:22:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.05 10:22:00 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.05 10:22:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.05 10:22:00 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.05 10:22:00 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.05 10:22:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.05 10:21:59 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.05 10:21:59 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.05 10:21:59 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.05 10:21:59 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.05 10:21:58 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.05 10:21:58 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.05 10:21:58 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.05 10:21:58 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.05 10:21:58 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.05 10:21:58 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.05 10:21:58 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.05 10:19:35 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.05 10:19:34 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.05 10:19:34 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.05 10:19:33 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.05 10:19:25 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.05 10:19:24 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.05 10:19:23 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.04.05 10:19:23 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.04.05 10:19:23 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.05 10:19:23 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.05 10:19:23 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.05 10:19:22 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.04.05 10:19:22 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.04.05 10:19:22 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.04.05 10:19:22 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.04.05 10:19:22 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.04.05 10:19:22 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.04.05 10:19:22 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.04.05 10:19:22 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.04.05 10:19:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.04.05 10:19:21 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.04.05 10:19:21 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.04.05 10:19:19 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.04.05 10:19:19 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.04.05 10:19:19 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.04.04 05:35:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.04.02 20:42:12 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.04.02 20:42:12 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.04.02 20:42:12 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.24 13:28:28 | 000,117,151 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Haus im see.jpg ========== Files Created - No Company Name ========== [2013.04.22 23:14:40 | 000,615,935 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\adwcleaner.exe [2013.04.20 19:29:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.20 19:29:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.20 19:29:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.20 19:29:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.20 19:29:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.07 14:41:57 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.05 10:21:58 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.24 13:28:24 | 000,117,151 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Haus im see.jpg [2013.03.13 21:00:45 | 000,007,603 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\Resmon.ResmonCfg [2013.01.04 18:13:23 | 000,000,399 | ---- | C] () -- C:\Windows\MAXLINK.INI [2013.01.04 17:47:23 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw52.bin [2012.02.26 20:45:00 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\mfc100fra3.dll [2011.12.31 14:59:51 | 000,162,304 | ---- | C] () -- \UNWISE.EXE [2011.12.31 14:59:51 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI [2011.12.31 14:54:01 | 000,000,338 | ---- | C] () -- C:\Windows\lgfwup.ini [2010.05.25 19:24:31 | 602,640,384 | -HS- | C] () -- \hiberfil.sys [2010.05.11 14:06:50 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2009.07.14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat [2009.07.14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.25 20:38:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2010.05.11 13:55:35 | 000,000,000 | ---D | M] -- C:\Users\All Users\Acer [2010.05.11 13:31:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\AmUStor [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2012.06.24 16:35:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\ClubSanDisk [2010.11.11 20:01:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\DAEMON Tools Lite [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente [2010.05.11 14:14:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\EgisTec IPS [2010.05.11 13:50:10 | 000,000,000 | ---D | M] -- C:\Users\All Users\eSobi [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2010.05.11 13:39:08 | 000,000,000 | ---D | M] -- C:\Users\All Users\OberonGameConsole [2010.10.28 20:29:47 | 000,000,000 | ---D | M] -- C:\Users\All Users\OEM [2013.01.04 18:13:01 | 000,000,000 | ---D | M] -- C:\Users\All Users\ScanSoft [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü [2011.12.31 14:54:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\Temp [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2011.03.11 16:51:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\TuneUp Software [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen [2011.03.11 16:47:30 | 000,000,000 | -HSD | M] -- C:\Users\All Users\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.12.31 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\Anwendungsdaten [2010.10.28 20:26:55 | 000,000,000 | -H-D | M] -- C:\Users\Max Mustermann\AppData [2013.03.27 19:57:33 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\Application Data [2012.07.12 14:53:54 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Contacts [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\Cookies [2013.04.22 23:51:03 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Desktop [2013.03.14 01:59:59 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Documents [2013.04.23 00:00:02 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Downloads [2013.04.22 23:27:12 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Dropbox [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\Druckumgebung [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\Eigene Dateien [2012.07.12 14:53:54 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Favorites [2012.10.05 16:45:51 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Links [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\Lokale Einstellungen [2012.07.12 14:53:54 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Music [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\Netzwerkumgebung [2013.04.22 12:43:15 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Pictures [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\Recent [2012.07.12 14:53:54 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Saved Games [2012.07.12 14:53:54 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Searches [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\SendTo [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\Startmenü [2012.11.13 09:35:24 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\Tracing [2012.07.12 14:53:54 | 000,000,000 | R--D | M] -- C:\Users\Max Mustermann\Videos [2010.10.28 20:26:55 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\Vorlagen [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten [2009.07.14 04:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2011.12.31 14:55:04 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2010.10.28 20:26:47 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009.07.14 04:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009.07.14 04:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2010.10.28 20:26:47 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen [2013.04.20 19:44:47 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData [2013.04.08 00:22:42 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2010.10.28 20:26:47 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents [2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009.07.14 04:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2009.07.14 06:41:57 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2010.05.11 14:02:37 | 000,000,000 | ---D | M] -- C:\Users\Public\OEM [2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2009.07.14 06:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos [2013.04.15 00:03:24 | 000,000,000 | -H-D | M] -- C:\Users\TEMP\AppData ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.04.2013 00:17:52 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max Mustermann\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
766,30 Mb Total Physical Memory | 334,86 Mb Available Physical Memory | 43,70% Memory free
1,75 Gb Paging File | 1,04 Gb Available in Paging File | 59,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 159,50 Gb Free Space | 72,57% Space Free | Partition Type: NTFS
Computer Name: MaxMustermann-PC | User Name: Max Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06AE3423-5154-444B-A9CA-8830435F7264}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08C2703B-5A3A-4B28-8DCD-166EE1126422}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{56CB8D6B-519D-4CC7-A1CB-2CFA9CA57BFC}" = lport=54411 | protocol=6 | dir=in | name=windows core service |
"{834F3FA4-4BC0-4A63-9A8F-ECE366E2175E}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{D79663C9-6986-4BE2-B552-73C31272D959}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{F3E430E0-9341-4215-8E04-CC91EE915B81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F60786-9468-4589-9A66-9A8F9798D5D6}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{0C0902BA-77B8-4A43-9E59-5454740B70C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3019A4C6-37E5-4D2C-9C12-96868634C39B}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{38157963-84F9-453B-9F06-FA46E7FE983C}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{523D3022-08B5-42F2-A2C8-EA7EB735CD58}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5696D2C0-ED99-4647-A936-E95EE46F5691}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{671E1202-B643-4BF5-A1DB-BC99B1383F22}" = protocol=17 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
"{6BE8C82E-2DC2-4B75-A3C9-066C2345EAB0}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"{70AE6545-795E-4387-8333-F6E2DBB939D7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7CE8AA06-EC5E-4532-A655-1FCAE72F68F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{91F6DBB8-6055-4EF5-8927-7DFE0A6A0844}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A1F07959-7C93-4ECC-B436-FCE124A991E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{BE2AE7A5-66B4-40FF-8966-0DF04C9629A8}" = protocol=6 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
"{C186281A-47F7-4CB9-A49A-52DB1126D5F7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C218806E-3A2B-4BEC-9150-BE3C92786157}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFB957DF-5E9E-4AFB-8489-B175B79AD7BA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EFBD6A49-4AFA-4A5D-8425-DB28902A1022}" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"{F243532F-A8E7-4CD8-AC35-1D5EAD3A9BED}" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{75CF14CB-92A9-4A66-A8F1-7ED80E5D9BCF}C:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{7ED00B5A-56EF-4F99-9D2D-3C38FA157C64}C:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\Max Mustermann\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{09D816C9-81E7-9CF4-2F70-4665CDE8CF22}" = CCC Help Swedish
"{0C11CE22-B6E6-5EF1-26A3-67AB377E4544}" = CCC Help Thai
"{0D3BCEB7-2F03-ACCA-3108-3888A4139E05}" = CCC Help Russian
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Bluetooth Win7 Suite
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{16C25121-24BE-0724-569D-F76E08BFF067}" = CCC Help Danish
"{16E7B680-D5F9-ED88-910A-41139D9D0523}" = CCC Help Hungarian
"{1E6340DC-51E5-5F11-3A2F-FC0175923671}" = CCC Help Turkish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A4BA38-316B-65EB-497A-DA212E1A560A}" = Catalyst Control Center Localization All
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A023941-B1E7-90A5-44A2-50F40F5B5EF2}" = CCC Help Italian
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D13FC7D-42A8-4BF1-AF0C-B3DC68C59448}_is1" = Atheros_7.0.2.13_patch2_32
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{32950AC0-90A9-A331-9A0A-A53E25135C36}" = CCC Help German
"{37B84CDE-B76D-067A-979D-1A7013677181}" = Catalyst Control Center Core Implementation
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD6FAED-95C2-6052-1263-5451780B8022}" = CCC Help Chinese Traditional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC6E081-DC9D-EB50-5B87-FE582F9EE86B}" = CCC Help Polish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{62AF3B34-41F3-803E-2F69-CD66974B958E}" = CCC Help French
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D7D616-B9E8-38F0-708C-4C098F20E28D}" = CCC Help Chinese Standard
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EF7783D-8474-8B27-D2A9-BD1FCA69BA2A}" = Catalyst Control Center Graphics Full New
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C872F7-DE54-5837-D112-B39122EE3C2B}" = CCC Help Greek
"{84CC59D3-9F73-98B3-5BFE-E0F1F98313FD}" = CCC Help Norwegian
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{930F4BA6-53B3-E73C-2E7B-AB39D804C6D5}" = CCC Help Czech
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3E27909-446C-0494-14FC-5C7A27035C0D}" = ccc-utility
"{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AE0CDE19-8212-97F1-B53F-F0B5CB2B1B89}" = Catalyst Control Center Graphics Previews Common
"{BFFAA35C-CE19-4FAF-1766-D499F58C1E81}" = CCC Help Finnish
"{C15BCA23-3080-7F99-7D9D-E39C5FBCD275}" = CCC Help Dutch
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C55CA6B4-811D-99B0-A80E-C13616683EC2}" = Catalyst Control Center Graphics Full Existing
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{CBA047D0-64B3-BA72-3505-7C153B9481E1}" = CCC Help Japanese
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.174.419
"{D1AA79CE-0F31-38F4-424B-16A8EC161F6B}" = Catalyst Control Center Graphics Light
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"{E6C049AB-5A32-A46F-1068-2EA943CE07DA}" = CCC Help Spanish
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE426B11-ECEE-4811-8FE5-DDCDC1750CC4}" = CCC Help Korean
"{EFEC373B-FF11-1FD8-DD3F-D4A556591E93}" = Catalyst Control Center InstallProxy
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DAEC21-207C-E969-150D-8BE3F097BDC8}" = CCC Help Portuguese
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F13F589E-00BB-0469-C4E0-B7CEC73F7831}" = ccc-core-static
"{F41D214A-E6C2-D3AC-12A1-101994909F3E}" = ATI Catalyst Install Manager
"{F46DC3C4-65C7-4686-A6B4-EA19B2BDA029}" = ScanSoft OmniPage 15.0
"{F8FBC8E6-CFBC-522A-5477-93020C479A84}" = CCC Help English
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON Scanner" = EPSON Scan
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"InstallShield_{E5EABF66-F9C4-430C-B97D-3CF28A58D50B}" = Alcor Micro USB Card Reader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3030714274-741536063-3896117500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 22.04.2013 17:19:08 | Computer Name = MaxMustermann-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 22.04.2013 17:19:13 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 22.04.2013 17:19:27 | Computer Name = MaxMustermann-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
seltsamer Werbung um sich, sobald mann mit geöffneter google seite auf Suchen klickt. Offensichtlich ist die Geschichte doch noch nicht komplett verschwunden. Wenn das Hilft kann ich den Google Chrome gerne einfach deinstallieren und neu installieren. Gemacht hab ich natürlich noch nichts, möchte das nur als Möglichkeit anbieten. Da ja mittlerweile die wichtigen Daten wieder aufgetaucht sind, überlege ich ob mann nicht einfach die Daten als Backup auf einen USB Stick speichert und dann Windows von der Recovery CD oder Partition wieder einspielt. Aber erstmal sollte die Infektion weg sein, nicht dasm ann am Ende das auch auf dem Neuen System hat. Ich verlass mich da ganz auf dich Cosinus. Nochmals danke an dieser Stelle für den ganzen Aufwand deinerseits ! Gruß Jan Oh und was mir grade einfällt, ich habe wohl eher aus Reflex als wohlüberlegt das aktuelle Javaupdate eingespielt. Nicht das du dich wunderst, ich hoffe das macht es nun nicht schwieriger. Geändert von Ratanna (23.04.2013 um 00:46 Uhr) Grund: P.S.: Java Update fehlte |
|
23.04.2013, 09:15
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTubeFixen mit OTL
Code:
ATTFilter :OTL
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=8cbab178-cab1-41cd-8a38-777355b0b3f7&apn_ptnrs=%5EAGS&apn_sauid=294530A1-D610-4C4C-8595-DBF50B47E92E&apn_dtid=%5EYYYYYY%5EVK%5EDE&q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
[2013.04.22 23:19:17 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\EUCMIZLQSO.job
[2012.02.26 20:45:00 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\mfc100fra3.dll
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.04.2013, 13:56
| #14 |
| | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Moin Moin hier das Log nach dem erfoglreichem neustart mit OLT Code:
ATTFilter All processes killed
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
C:\Windows\Tasks\EUCMIZLQSO.job moved successfully.
C:\Windows\System32\mfc100fra3.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Max Mustermann\Desktop\cmd.bat deleted successfully.
C:\Users\Max Mustermann\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Max Mustermann
->Temp folder emptied: 3288669 bytes
->Temporary Internet Files folder emptied: 50900679 bytes
->Java cache emptied: 563635 bytes
->Google Chrome cache emptied: 391268867 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 425,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 04252013_220937
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Geändert von Ratanna (26.04.2013 um 13:58 Uhr) Grund: Benutzer anonymisiert |
|
26.04.2013, 15:14
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Nach Windows Updates "Frisches" Benutzerkonto, keine Dokumente mehr. MBAM findet PUP.LoadTube |
| antivir, avira, bho, bonjour, booten, browser, cc cleaner, desktop, error, excel, firefox, flash player, helper, ie 10, logfile, problem, registry, rootkit, scan, security, senden, siteadvisor, software, svchost.exe, updates, windows, windows updates |
Textbox. 
Linear-Darstellung
