| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Care Antivirus auf VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.04.2013, 17:20
| #1 |
| |  System Care Antivirus auf Vista Hallo, ich habe mir gestern am 29.04.2013 den Trojaner "System Care Antivirus" auf meinem Vista-Laptop eingefangen. Ich konnte keine .exe Dateien öffnen und der Trojaner hat mir angezeigt, dass mein gesamter Laptop mit Viren verseucht sei und ich das Programm kaufen solle. Heute habe ich im abgesicherten Modus mit " Malwarebytes Anti-Malware " einen Scan durchgeführt, bei welchem fünf Objekte gefunden wurden. Diese habe ich entfernt, jedoch bin ich mir unsicher, ob es wirklich etwas gebracht hat. Zumindest kann ich den Laptop im normalen Modus starten und alles wieder normal benutzen; der Trojaner ist nicht mehr sichtbar. Danach habe ich erneut einen Scan durchgeführt; diese fünf Objekte wurden aber nicht wieder gefunden. Ich werde die drei Logs anhängen. Später habe ich dann die Schritte des Forums befolgt. Ich hoffe, ihr könnt mir helfen. Vielen Dank im Voraus, Nadine Hier die Malwarebytes-Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.30.02 Windows Vista x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6000.16982 Nadine :: MEINPC [Administrator] 30.04.2013 10:47:00 mbam-log-2013-04-30 (10-47-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201120 Laufzeit: 7 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|F00ADA6E5B9533650000F009EA69382C (Trojan.FakeAlert) -> Daten: C:\ProgramData\F00ADA6E5B9533650000F009EA69382C\F00ADA6E5B9533650000F009EA69382C.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\F00ADA6E5B9533650000F009EA69382C\F00ADA6E5B9533650000F009EA69382C.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Nadine\AppData\Local\Temp\~tmp2732041668837607612.exe (Trojan.Agent.NR) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.30.02 Windows Vista x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6000.16982 Nadine :: MEINPC [Administrator] 30.04.2013 10:47:00 MBAM-log-2013-04-30 (11-01-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201120 Laufzeit: 7 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|F00ADA6E5B9533650000F009EA69382C (Trojan.FakeAlert) -> Daten: C:\ProgramData\F00ADA6E5B9533650000F009EA69382C\F00ADA6E5B9533650000F009EA69382C.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\ProgramData\F00ADA6E5B9533650000F009EA69382C\F00ADA6E5B9533650000F009EA69382C.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt. C:\Users\Nadine\AppData\Local\Temp\~tmp2732041668837607612.exe (Trojan.Agent.NR) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.30.02 Windows Vista x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 7.0.6000.16982 Nadine :: MEINPC [Administrator] 30.04.2013 11:23:20 mbam-log-2013-04-30 (11-23-20).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201183 Laufzeit: 7 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 30.04.2013 13:13:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,70% Memory free 4,20 Gb Paging File | 3,19 Gb Available in Paging File | 75,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 212,88 Gb Total Space | 50,77 Gb Free Space | 23,85% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,50 Gb Free Space | 52,52% Space Free | Partition Type: FAT32 Computer Name: MEINPC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.30 13:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\OTL.exe PRC - [2013.03.30 19:27:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.30 19:25:57 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.03.30 19:25:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.30 19:25:41 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.08.22 18:29:39 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2012.08.22 18:16:19 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.12.30 08:39:10 | 004,889,032 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2007.12.05 05:31:48 | 004,710,400 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.07.12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.19 13:11:08 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2006.05.07 18:28:48 | 000,057,451 | ---- | M] () -- C:\Programme\ICQLite\ICQLiteShell.dll ========== Services (SafeList) ========== SRV - [2013.04.03 15:58:42 | 000,116,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.30 19:27:25 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 19:25:44 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.30 08:39:10 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms) SRV - [2007.12.03 09:51:15 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.07.12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.04.19 13:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Stopped] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2007.02.25 22:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.03.30 19:27:34 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.03.30 19:27:34 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.03.30 19:27:34 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.02.25 14:12:19 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.10.04 14:03:48 | 000,367,560 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge) DRV - [2011.08.10 15:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.08.26 06:45:00 | 000,067,072 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SPR3322K.sys -- (SPR3322K) DRV - [2007.10.24 00:03:00 | 007,629,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.07.31 12:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap) DRV - [2007.06.26 14:44:22 | 000,131,584 | ---- | M] (Genesys Logic, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene) DRV - [2007.06.11 15:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.05.24 15:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007.04.24 14:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007.03.05 22:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.03.01 17:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007.01.22 11:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.20 18:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.10.10 20:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2006.05.01 13:16:22 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE2Ebus.sys -- (SE2Ebus) DRV - [2005.07.11 19:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Toshidpt.sys -- (toshidpt) DRV - [2005.01.06 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de" FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.6 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2013.01.16 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3 FF - prefs.js..extensions.enabledItems: noiatabs@sonco.com:1.4.0 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.http: "190.0.58.58" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.04.10 15:09:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] [2010.02.19 19:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions [2010.01.03 18:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.19 22:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\e927lpq3.default\extensions [2012.08.26 16:35:11 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\stealthyextension@gmail.com.xpi [2012.08.26 16:35:09 | 000,084,548 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2012.08.26 16:35:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.26 16:35:14 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.08.26 16:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.01.21 20:49:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.30 20:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.10 15:09:25 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.10.28 19:52:29 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.28 19:52:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196839374280 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F79B75-39A0-4DF4-8738-A796CFFD044A}: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC007ABC-3C0C-49A3-B143-4E67BF6BCA89}: DhcpNameServer = 192.168.179.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{06ccd367-ef84-11dc-a840-001060d11aa2}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe O33 - MountPoints2\{06ccd367-ef84-11dc-a840-001060d11aa2}\Shell\open\command - "" = G:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\recycle.exe O33 - MountPoints2\{5ff9e8be-4ed0-11df-bf34-0040d0e4dd92}\Shell - "" = AutoRun O33 - MountPoints2\{5ff9e8be-4ed0-11df-bf34-0040d0e4dd92}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O33 - MountPoints2\{87f346d3-1a56-11df-bad1-0040d0e4dd92}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe O33 - MountPoints2\{a823fb8f-296c-11e0-9680-0040d0e4dd92}\Shell - "" = AutoRun O33 - MountPoints2\{a823fb8f-296c-11e0-9680-0040d0e4dd92}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{eef0b596-8ec4-11dd-803a-001060d11aa2}\Shell - "" = AutoRun O33 - MountPoints2\{eef0b596-8ec4-11dd-803a-001060d11aa2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.30 13:10:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\OTL.exe [2013.04.30 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.30 10:45:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.30 10:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.30 10:44:41 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Nadine\mbam-setup-1.75.0.1300.exe [2013.04.29 23:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\F00ADA6E5B9533650000F009EA69382C [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Swiss Academic Software [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Citavi 3 [2013.04.10 15:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3 [2013.04.10 15:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Citavi 3 [2013.04.10 15:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software [2013.04.03 15:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2013.01.31 23:24:31 | 005,076,855 | ---- | C] (XMedia Recode ) -- C:\Users\Nadine\XMediaRecode3141_setup.exe [2012.11.23 23:14:10 | 024,842,968 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Nadine\FreeYouTubeToMP3Converter.exe [2012.10.23 00:32:02 | 000,853,513 | ---- | C] (e-merge GmbH) -- C:\Users\Nadine\mrsetup.exe [2012.10.20 15:26:01 | 021,415,874 | ---- | C] (Audacity Team ) -- C:\Users\Nadine\audacity-win-2.0.2.exe [2012.10.20 15:25:06 | 005,152,896 | ---- | C] (Canneverbe Limited ) -- C:\Users\Nadine\cdbxp_setup_4.4.2.3442_minimal.exe [2012.08.31 14:19:03 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Users\Nadine\jxpiinstall.exe [2012.08.27 16:39:37 | 023,652,248 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Nadine\FreeYouTubeDownload.exe [2012.08.26 16:30:34 | 016,660,184 | ---- | C] (Mozilla) -- C:\Users\Nadine\Firefox_Setup_14.0.1.exe [2012.07.21 21:46:32 | 014,593,325 | ---- | C] (Andrea Vacondio) -- C:\Users\Nadine\pdfsam-win-v2_2_1.exe [2012.01.14 19:16:24 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Users\Nadine\QuickTimeInstaller.exe [2011.10.04 19:13:52 | 001,081,480 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Nadine\SkypeSetup.exe [2011.08.02 19:46:49 | 002,959,376 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadine\dotnetfx35setup.exe [2011.03.21 23:12:32 | 002,406,717 | ---- | C] (Andreas Jellinghaus ) -- C:\Users\Nadine\scb-0.10.exe [2011.03.21 22:59:57 | 002,016,013 | ---- | C] (OpenSC Project ) -- C:\Users\Nadine\OpenSC-0.12.0.win32.exe [2010.04.18 20:28:09 | 000,562,848 | ---- | C] (Google Inc.) -- C:\Users\Nadine\GoogleEarthSetup.exe [2010.04.09 19:28:52 | 023,341,560 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\Nadine\avc-free.exe [2010.04.09 19:01:08 | 022,889,183 | ---- | C] (Shark007) -- C:\Users\Nadine\VistaCodecs_v567.exe [2010.01.03 18:38:44 | 008,839,520 | ---- | C] (Mozilla) -- C:\Users\Nadine\Thunderbird_Setup_3.0.exe [2010.01.03 16:01:32 | 005,865,064 | ---- | C] (SweetIM Technologies Lt) -- C:\Users\Nadine\SweetImSetup.exe [2009.12.02 21:45:33 | 004,274,696 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Nadine\Shockwave_Installer_Slim.exe [2009.10.22 13:10:07 | 001,066,456 | ---- | C] (Piriform Ltd) -- C:\Users\Nadine\ccsetup224_slim.exe [2009.06.09 16:59:32 | 001,012,704 | ---- | C] (Noteworthy Software, Inc.) -- C:\Users\Nadine\setup_nwc2_demo.exe [2009.06.06 17:27:46 | 005,566,192 | ---- | C] (labDV ) -- C:\Users\Nadine\DVDx_2_20_setup.exe [2008.07.15 17:53:07 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Users\Nadine\spybotsd160.exe ========== Files - Modified Within 30 Days ========== [2013.04.30 13:10:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\OTL.exe [2013.04.30 13:08:52 | 000,000,000 | ---- | M] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:07:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.30 13:06:31 | 000,050,477 | ---- | M] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 12:43:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 12:43:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.30 11:48:31 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.30 11:48:31 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.30 11:48:31 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.30 11:48:31 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.30 11:44:42 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2013.04.30 11:43:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.30 11:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.30 11:43:10 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.04.30 11:26:33 | 000,229,888 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.30 11:16:37 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 11:13:10 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.30 11:10:24 | 000,001,356 | ---- | M] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2013.04.30 10:45:56 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.30 10:44:41 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Nadine\mbam-setup-1.75.0.1300.exe [2013.04.30 10:22:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.04.30 09:59:05 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2013.04.29 23:57:48 | 000,020,549 | ---- | M] () -- C:\Users\Nadine\Desktop\Recherche.odt [2013.04.29 23:57:48 | 000,000,096 | -H-- | M] () -- C:\Users\Nadine\Desktop\.~lock.Recherche.odt# [2013.04.29 19:05:34 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9ADB12DD-3140-4893-BBC5-4A3DD1105517}.job [2013.04.18 17:17:54 | 000,019,248 | ---- | M] () -- C:\Users\Nadine\Desktop\Kündigung Wohnung.odt [2013.04.10 15:09:26 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:27:16 | 073,427,800 | ---- | M] () -- C:\Users\Nadine\CitaviSetup.exe [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.04.30 13:08:52 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:06:30 | 000,050,477 | ---- | C] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 11:43:10 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys [2013.04.30 11:16:37 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 10:45:56 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.29 22:51:02 | 000,000,096 | -H-- | C] () -- C:\Users\Nadine\Desktop\.~lock.Recherche.odt# [2013.04.29 22:51:00 | 000,020,549 | ---- | C] () -- C:\Users\Nadine\Desktop\Recherche.odt [2013.04.15 21:16:21 | 000,019,248 | ---- | C] () -- C:\Users\Nadine\Desktop\Kündigung Wohnung.odt [2013.04.10 15:09:26 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:22:44 | 073,427,800 | ---- | C] () -- C:\Users\Nadine\CitaviSetup.exe [2013.02.25 13:51:33 | 002,086,240 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus.exe [2013.02.01 16:33:06 | 447,479,568 | ---- | C] () -- C:\Users\Nadine\CL.2418_GM4_Trial_VDE121106-02.exe [2013.01.31 23:12:19 | 051,126,784 | ---- | C] () -- C:\Users\Nadine\wz170-32gev.msi [2013.01.28 01:01:55 | 000,527,423 | ---- | C] ( ) -- C:\Users\Nadine\Lame_v3.99.3_for_Windows.exe [2013.01.28 01:01:01 | 000,251,234 | ---- | C] () -- C:\Users\Nadine\Lame_Library_v3.98.2_for_Audacity_on_OSX.dmg [2012.10.31 22:49:14 | 001,280,956 | ---- | C] () -- C:\Users\Nadine\happy_install.exe [2012.10.23 00:53:40 | 000,000,910 | ---- | C] () -- C:\Windows\XLMSoft.ini [2012.10.01 19:06:55 | 152,249,762 | ---- | C] () -- C:\Users\Nadine\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.08.23 20:50:28 | 000,025,165 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png [2012.08.06 17:55:18 | 022,617,148 | ---- | C] () -- C:\Users\Nadine\vlc-2.0.3-win32.exe [2012.04.04 14:07:42 | 168,166,968 | ---- | C] () -- C:\Users\Nadine\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2012.01.29 21:53:14 | 087,262,320 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus_de.exe [2010.10.18 11:56:12 | 000,611,613 | ---- | C] () -- C:\Users\Nadine\SecureW2_Personal_Client_206_UniGi_20091021.exe [2010.07.15 18:50:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.12 12:25:19 | 020,483,048 | ---- | C] () -- C:\Users\Nadine\Sun_ODF_Template_Pack2_de.oxt [2010.04.05 19:23:51 | 000,000,322 | ---- | C] () -- C:\Users\Nadine\mp4toavi.ini [2010.02.24 21:14:09 | 003,421,451 | ---- | C] () -- C:\Users\Nadine\odf-converter-integrator-0.2.3-installer.exe [2009.12.31 17:48:16 | 000,001,024 | ---- | C] () -- C:\Users\Nadine\.rnd [2009.12.30 18:32:26 | 000,001,356 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2009.11.26 20:20:01 | 000,899,414 | ---- | C] () -- C:\Users\Nadine\SetupDVDDecrypter_3.5.4.0.exe [2009.08.24 00:13:01 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2009.08.24 00:13:00 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2008.11.10 22:14:46 | 000,204,073 | ---- | C] () -- C:\Users\Nadine\DataRecovery_EN.zip [2008.11.10 22:08:05 | 025,093,328 | ---- | C] () -- C:\Users\Nadine\antivir_workstation8.1.0.331_winu_de_h.exe [2008.03.12 21:41:48 | 000,000,214 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\default.pls [2008.02.18 20:57:52 | 050,712,703 | ---- | C] () -- C:\Users\Nadine\23000 Guitar Pro Tabs - My Songbook.zip [2008.02.02 18:36:10 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\sversion.ini [2008.01.21 19:01:05 | 000,002,188 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\wklnhst.dat [2008.01.21 18:56:41 | 000,000,094 | ---- | C] () -- C:\Users\Nadine\AppData\Local\fusioncache.dat [2008.01.21 18:56:30 | 000,000,375 | ---- | C] () -- C:\Users\Nadine\Pictures.lnk [2008.01.21 18:20:35 | 000,229,888 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.08.22 18:32:00 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.22 18:21:44 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.04.09 19:32:24 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\AnvSoft [2013.01.28 01:08:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Audacity [2009.01.28 10:12:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Buhl Data Service GmbH [2010.02.01 23:55:32 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Canneverbe Limited [2011.03.21 22:25:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Cherry [2013.03.25 23:21:26 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoft [2013.02.04 21:24:12 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers [2008.06.09 22:35:35 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\gtopala [2009.06.09 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Noteworthy Software [2012.04.04 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenOffice.org [2012.08.23 20:50:27 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PeerNetworking [2013.03.18 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PhotoScape [2008.01.21 22:18:35 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Sonavis [2008.05.10 15:41:25 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\STOIK [2013.04.10 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Swiss Academic Software [2011.11.24 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Template [2010.01.03 18:41:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Thunderbird [2009.11.18 21:05:51 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Toshiba [2008.01.21 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Ulead Systems [2010.04.09 19:14:36 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\VistaCodecs [2013.03.18 01:27:00 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\XMedia Recode [2012.02.07 14:37:58 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Yhaty ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 30.04.2013 13:13:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 63,70% Memory free
4,20 Gb Paging File | 3,19 Gb Available in Paging File | 75,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212,88 Gb Total Space | 50,77 Gb Free Space | 23,85% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,50 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
Computer Name: MEINPC | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F220FCE-1F96-4568-B0E2-1DB05251A593}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A418F797-B170-49F8-A372-E6164E436FDB}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A9752B-9DD3-4069-A698-B04E5E186262}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{13CE01A1-06DC-4057-8480-55827776D201}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{13E7AD4A-BFCC-4F5A-9805-68AD0A50464B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{14B890A1-568D-4578-A397-5C9612D6F462}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DD7DAEF-83BE-4E20-B053-6FEFBF783DDB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{37978879-6125-4E63-8B03-F8D040113224}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{56A9574E-04FD-45B0-9143-B8BFE444BB55}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{585CD4CE-3FBC-4E9B-A6F0-5AED0A00839C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{6FCDD6A5-98BD-4351-8129-0574451946B4}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{7A9C420A-5843-4B0B-86BC-FCAA72D45926}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{7CC2E197-F165-494F-9F4D-3A5497F7B771}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{817013FA-6AF2-47E5-97A9-192FF93F7FF6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{8AB7485E-E78D-4787-A74F-640334414280}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{B3718080-BEFE-4FE9-9020-17B02925988F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B40D036E-98DD-403D-A5C9-BA31E9F1BCEB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BBD0401B-946E-4704-A8E3-A82FEF38555F}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{BCAA4B2C-32C8-4B67-B788-B81EE38AAC8B}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{C7F5B251-39DD-42F1-8436-347DCCC543A1}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{CA989E53-5EA9-4CCC-9D38-7B1FE65FC99B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{CAFD479B-74C0-4F4F-AB8E-659B9FEF1E85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB071F6F-68B1-45A8-ACFC-E542185945BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CEA632DA-2AFC-4A93-B177-220F442C250E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF8765A7-4B47-4E92-BBD5-8DD8E638B354}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{D3A76EA0-9F2F-4404-BD0D-C7FE6DD603D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DA09ED9E-2720-484C-BEE3-D1598D474D92}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{E074B0F7-55BC-496C-97CE-A6642CE69F4F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{EDC2CF85-9297-400A-A14C-3F01B707AC52}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{EEAC32AE-AB2F-405E-A0FD-9C07F26F4B23}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{42ED0569-52A9-4C83-9F46-5A87A4178A3B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6004CAD2-CA80-4472-A299-257A839E0CFB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{DDA6119A-8D32-4FFD-AE7B-D371EA5BDDF1}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{E9B3E9B3-F93E-4AA9-8D37-B753C213FEF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F31FF8CE-1450-4E7B-928D-17C0BFCEFDF8}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{215217C5-F36B-450B-90EE-029EB0F1C288}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{23C74E52-250B-4321-BE6C-2CB2610CFAA2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{60E1E0F2-C338-4E25-85EF-676268DE0927}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{88A6293D-9F63-45BD-A8C1-0B5907290196}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C8B45BC7-6B77-4B5B-B1E0-CDF0E1BF32AA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8751236B-9BF4-4EA6-B599-6FB9F3A74927}" = Sven Bomwollen
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BDD73EB0-0485-4B79-93EC-CF2EAEFF3BAB}_is1" = OpenSC
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ANNO1602" = Anno 1602
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mad Robots 2004" = Mad Robots 2004
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moorhuhn Winter-Edition" = Moorhuhn Winter-Edition
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"odf-converter-integrator" = odf-converter-integrator
"pdfsam" = pdfsam
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Revo Uninstaller" = Revo Uninstaller 1.94
"SecureW2 Personal Client - Distribution Edition" = SecureW2 Personal Client - Distribution Edition 2.0.6 for Windows
"Shockwave" = Shockwave
"Smart card bundle_is1" = Smart card bundle 0.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.73
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.02.2012 18:25:02 | Computer Name = MeinPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.1.0.137, Zeitstempel
0x46444e37, fehlerhaftes Modul ADMPlugin.apl, Version 3.16.128.32, Zeitstempel
0x464415c4, Ausnahmecode 0x40000015, Fehleroffset 0x000aa341, Prozess-ID 0x9f0, Anwendungsstartzeit
01cce12f91ea6d50.
Error - 01.02.2012 18:53:57 | Computer Name = MeinPC | Source = VSS | ID = 8194
Description =
Error - 01.02.2012 18:58:59 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:29 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:32 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:32 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:33 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:47 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:47 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09.02.2012 19:45:00 | Computer Name = MeinPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6000.6344, Zeitstempel
0x46e5f12e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x3b8, Anwendungsstartzeit
01cce783fc782c18.
[ OSession Events ]
Error - 21.10.2009 15:10:20 | Computer Name = MeinPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.04.2013 07:26:28 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:29 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:30 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:31 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:32 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:33 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:34 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:35 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:36 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 30.04.2013 07:26:38 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-30 17:41:09
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Nadine\AppData\Local\Temp\pfrdypog.sys
---- System - GMER 2.1 ----
SSDT 88EA275C ZwClose
SSDT 88EA2766 ZwCreateSection
SSDT 88EA2757 ZwDuplicateObject
SSDT 88EA26F8 ZwOpenProcess
SSDT 88EA26FD ZwOpenThread
SSDT 88EA2770 ZwRequestWaitReplyPort
SSDT 88EA276B ZwSetContextThread
SSDT 88EA2775 ZwSetSecurityObject
SSDT 88EA277A ZwSystemDebugControl
SSDT 88EA2707 ZwTerminateProcess
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwCreateKey [0x82800FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82800FEC] ZwCreateKey [0x82800FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe ZwOpenKey [0x82800FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82800FF1] ZwOpenKey [0x82800FF1]
INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82800FFB
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 4AD 828809B9 3 Bytes JMP A3FAD988
? System32\drivers\pxkmcr.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C0B9360, 0x35BDD2, 0xE8000020]
.text C:\Windows\system32\drivers\aksfridge.sys section is writeable [0x9B1A5000, 0x49C57, 0xE0000020]
.init C:\Windows\system32\drivers\aksfridge.sys entry point in ".init" section [0x9B1FC224]
.init C:\Windows\system32\drivers\aksfridge.sys unknown last code section [0x9B1FC000, 0x4000, 0xE20000E0]
.text C:\Windows\system32\drivers\hardlock.sys section is writeable [0x9B114400, 0x6EED8, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B19F020] C:\Windows\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9B19F020]
.protectÿÿÿÿhardlockunknown last code section [0x9B19EE00, 0x50BA, 0xE0000020] C:\Windows\system32\drivers\hardlock.sys unknown last code section [0x9B19EE00, 0x50BA, 0xE0000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 84455AB0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d152bb
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d152bb (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x90 0x08 0x94 0xD9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{32DFCCAF-CDCB-B9EB-E809-967FEFB798B1}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{6756F499-59D5-5623-651F-331EF2AC1E01}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{6E5D5855-768C-98D6-7036-0F03FEFA6D94}\ProgID@ Aholdolo.Hochac.1????????????????????????????????
Reg HKLM\SOFTWARE\Classes\CLSID\{80B8CFCB-9C93-2457-1059-13CD273BE9DF}\Server
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@f!s!d!d!\22!`!y!m!\24!t!t!\24!{!`!s!\30! 19583823
Reg HKLM\SOFTWARE\Classes\CLSID\{FDC6E85F-8348-AA8A-2D83-274CA2AF3ABB}\Server
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{658A89C6-BDAF-FAD7-777B-77A75BAE2492}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{658A89C6-BDAF-FAD7-777B-77A75BAE2492}@iaacicllifikmaobbc 0x6B 0x61 0x6F 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{658A89C6-BDAF-FAD7-777B-77A75BAE2492}@hakeofpfgeapngfj 0x6B 0x61 0x6F 0x69 ...
---- EOF - GMER 2.1 ----
|
|
30.04.2013, 17:26
| #2 |
| /// Malwareteam   |  System Care Antivirus auf Vista Mein Name ist Heiko. Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld 
__________________ |
|
01.05.2013, 19:35
| #3 | |
| /// Malwareteam | System Care Antivirus auf Vista Hallo Kasparella
__________________Die Bereinigung deines Systems ist individuell auf dich zugeschnitten und mitunter mit viel Arbeit für uns beide verbunden.  Bitte Lesen:Regeln für die Bereinigung Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schließn von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du mit der abarbeitung der Schritte beginnst.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Schritt 1 Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind): Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung. Schritt 2 Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
02.05.2013, 16:28
| #4 |
| | System Care Antivirus auf Vista Vielen lieben Dank für die schnelle Antwort trotz Feiertag. Ich habe den Scan durchgeführt und hänge die Logdatei an die Nachricht an. Viele Grüße, Nadine Code:
ATTFilter ComboFix 13-05-01.03 - Nadine 02.05.2013 16:19:48.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.2046.1342 [GMT 2:00] ausgeführt von:: c:\users\Nadine\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\SecureW2 c:\program files\SecureW2\Uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk c:\users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2 c:\users\Nadine\FreeYouTubeToMP3Converter.exe c:\users\Nadine\gmer_2.1.19163.exe c:\users\Nadine\GoogleEarthSetup.exe c:\users\Nadine\mbam-setup-1.75.0.1300.exe c:\users\Nadine\OTL.exe c:\users\Nadine\QuickTimeInstaller.exe c:\users\Nadine\vlc-2.0.3-win32.exe c:\windows\IsUn0407.exe c:\windows\unin0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-02 bis 2013-05-02 )))))))))))))))))))))))))))))) . . 2013-05-02 14:31 . 2013-05-02 14:31 -------- d-----w- c:\users\Nadine\AppData\Local\temp 2013-05-02 14:31 . 2013-05-02 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-30 11:06 . 2013-04-30 11:06 50477 ----a-w- c:\users\Nadine\Defogger.exe 2013-04-30 08:46 . 2013-04-30 08:46 -------- d-----w- c:\users\Nadine\AppData\Roaming\Malwarebytes 2013-04-30 08:45 . 2013-04-30 08:45 -------- d-----w- c:\programdata\Malwarebytes 2013-04-30 08:45 . 2013-04-30 08:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-30 08:45 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-29 21:50 . 2013-04-30 09:03 -------- d-----w- c:\programdata\F00ADA6E5B9533650000F009EA69382C 2013-04-10 13:55 . 2013-04-10 14:13 -------- d-----w- c:\users\Nadine\AppData\Roaming\Swiss Academic Software 2013-04-10 13:07 . 2013-04-10 13:07 -------- d-----w- c:\program files\Citavi 3 2013-04-10 13:02 . 2013-04-10 13:09 -------- d-----w- c:\programdata\Swiss Academic Software 2013-04-10 12:22 . 2013-04-10 12:27 73427800 ----a-w- c:\users\Nadine\CitaviSetup.exe 2013-04-03 13:58 . 2013-04-04 10:52 -------- d-----w- c:\program files\Mozilla Thunderbird . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-30 17:27 . 2013-02-25 14:59 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-30 17:27 . 2013-02-25 14:59 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-30 17:27 . 2013-02-25 14:59 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-21 11:05 . 2013-01-31 21:12 51126784 ----a-w- c:\users\Nadine\wz170-32gev.msi 2013-03-17 22:37 . 2012-10-20 13:26 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-17 22:37 . 2011-10-14 18:02 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-25 11:51 . 2013-02-25 11:51 2086240 ----a-w- c:\users\Nadine\avira_free_antivirus.exe 2013-02-01 14:48 . 2013-02-01 14:33 447479568 ----a-w- c:\users\Nadine\CL.2418_GM4_Trial_VDE121106-02.exe 2012-10-28 17:52 . 2012-08-26 14:33 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2012-08-22 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-23 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-23 8501792] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-09 1025320] "RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 4710400] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-10-09 102400] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-30 345312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Office-Bibliothek-Direktsuche.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Office-Bibliothek-Direktsuche.lnk backup=c:\windows\pss\Office-Bibliothek-Direktsuche.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Nadine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Nadine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Nadine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk] path=c:\users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup backupExtension=.Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullGuard HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CherryConfigDlg] 2008-07-14 09:36 606208 ----a-w- c:\program files\Cherry\SmartDevice\ConfigDlg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2007-10-17 14:42 128296 ------w- c:\program files\HomeCinema\Power2Go\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2007-01-08 21:17 52256 ----a-w- c:\program files\HomeCinema\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2007-10-23 22:03 81920 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2007-02-09 19:51 71216 ----a-w- c:\program files\HomeCinema\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] 2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-09-13 15:32 222504 ------w- c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-02 12:36 201728 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Inhalt des "geplante Tasks" Ordners . 2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 18:29] . 2013-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 18:29] . 2013-05-02 c:\windows\Tasks\User_Feed_Synchronization-{9ADB12DD-3140-4893-BBC5-4A3DD1105517}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45] . 2013-04-30 c:\windows\Tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job - c:\program files\mozilla firefox\firefox.exe [2008-01-28 17:52] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll TCP: DhcpNameServer = 192.168.179.1 FF - ProfilePath - c:\users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\e927lpq3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - prefs.js: network.proxy.http - 190.0.58.58 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-04-10 15:09; {8AA36F4F-6DC7-4c06-77AF-5035170634FE}; c:\programdata\Swiss Academic Software\Citavi Picker\Firefox FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe MSConfigStartUp-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe MSConfigStartUp-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe AddRemove-SecureW2 Personal Client - Distribution Edition - c:\program files\SecureW2\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-05-02 16:31 Windows 6.0.6000 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . . c:\users\Nadine\AppData\Local\Temp\catchme.dll 53248 bytes executable . Scan erfolgreich abgeschlossen versteckte Dateien: 1 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-674090431-4016850349-1187641555-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{658A89C6-BDAF-FAD7-777B-77A75BAE2492}*] "iaacicllifikmaobbc"=hex:6b,61,6f,69,66,68,6d,66,66,67,68,70,64,62,70,6b,6a,61, 68,66,6c,67,00,00 "hakeofpfgeapngfj"=hex:6b,61,6f,69,69,68,66,65,64,6f,68,6f,6e,69,63,63,67,69, 6a,66,69,6d,00,00 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Zeit der Fertigstellung: 2013-05-02 16:34:25 ComboFix-quarantined-files.txt 2013-05-02 14:34 . Vor Suchlauf: 9 Verzeichnis(se), 62.988.410.880 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 63.914.782.720 Bytes frei . - - End Of File - - B91C3B2AA2C00B55E7E306F12027F9BE |
|
03.05.2013, 11:02
| #5 |
| /// Malwareteam | System Care Antivirus auf Vista Hallo Kasparella Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
|
|
03.05.2013, 16:55
| #6 |
| | System Care Antivirus auf Vista Hier nun die beiden Logs. Code:
ATTFilter OTL logfile created on: 03.05.2013 17:33:17 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,72% Memory free 4,20 Gb Paging File | 3,04 Gb Available in Paging File | 72,38% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 212,88 Gb Total Space | 59,40 Gb Free Space | 27,91% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,50 Gb Free Space | 52,52% Space Free | Partition Type: FAT32 Computer Name: MEINPC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nadine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Nadine\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (SPR3322K) -- C:\Windows\System32\drivers\SPR3322K.sys (SCM Microsystems Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBGENE.sys (Genesys Logic, Inc.) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (SE2Ebus) -- C:\Windows\System32\drivers\SE2Ebus.sys (MCCI) DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de" FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.6 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2013.01.16 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3 FF - prefs.js..extensions.enabledItems: noiatabs@sonco.com:1.4.0 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.http: "190.0.58.58" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.04.10 15:09:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] [2010.02.19 19:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions [2010.01.03 18:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.19 22:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\e927lpq3.default\extensions [2012.08.26 16:35:11 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\stealthyextension@gmail.com.xpi [2012.08.26 16:35:09 | 000,084,548 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2012.08.26 16:35:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.26 16:35:14 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.08.26 16:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.01.21 20:49:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.30 20:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.10 15:09:25 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.10.28 19:52:29 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.28 19:52:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.02 16:31:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196839374280 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F79B75-39A0-4DF4-8738-A796CFFD044A}: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC007ABC-3C0C-49A3-B143-4E67BF6BCA89}: DhcpNameServer = 192.168.179.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.03 17:31:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2013.05.02 16:34:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.02 16:34:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\temp [2013.05.02 16:16:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.02 16:16:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.02 16:16:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2013.05.02 16:16:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.02 16:16:25 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.02 16:15:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.02 16:15:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.02 16:11:58 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Nadine\Desktop\ComboFix.exe [2013.04.30 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.30 10:45:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.30 10:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.29 23:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\F00ADA6E5B9533650000F009EA69382C [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Swiss Academic Software [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Citavi 3 [2013.04.10 15:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3 [2013.04.10 15:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Citavi 3 [2013.04.10 15:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software [2013.01.31 23:24:31 | 005,076,855 | ---- | C] (XMedia Recode ) -- C:\Users\Nadine\XMediaRecode3141_setup.exe [2012.10.23 00:32:02 | 000,853,513 | ---- | C] (e-merge GmbH) -- C:\Users\Nadine\mrsetup.exe [2012.10.20 15:26:01 | 021,415,874 | ---- | C] (Audacity Team ) -- C:\Users\Nadine\audacity-win-2.0.2.exe [2012.10.20 15:25:06 | 005,152,896 | ---- | C] (Canneverbe Limited ) -- C:\Users\Nadine\cdbxp_setup_4.4.2.3442_minimal.exe [2012.08.31 14:19:03 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Users\Nadine\jxpiinstall.exe [2012.08.27 16:39:37 | 023,652,248 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Nadine\FreeYouTubeDownload.exe [2012.08.26 16:30:34 | 016,660,184 | ---- | C] (Mozilla) -- C:\Users\Nadine\Firefox_Setup_14.0.1.exe [2012.07.21 21:46:32 | 014,593,325 | ---- | C] (Andrea Vacondio) -- C:\Users\Nadine\pdfsam-win-v2_2_1.exe [2011.10.04 19:13:52 | 001,081,480 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Nadine\SkypeSetup.exe [2011.08.02 19:46:49 | 002,959,376 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadine\dotnetfx35setup.exe [2011.03.21 23:12:32 | 002,406,717 | ---- | C] (Andreas Jellinghaus ) -- C:\Users\Nadine\scb-0.10.exe [2011.03.21 22:59:57 | 002,016,013 | ---- | C] (OpenSC Project ) -- C:\Users\Nadine\OpenSC-0.12.0.win32.exe [2010.04.09 19:28:52 | 023,341,560 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\Nadine\avc-free.exe [2010.04.09 19:01:08 | 022,889,183 | ---- | C] (Shark007) -- C:\Users\Nadine\VistaCodecs_v567.exe [2010.01.03 18:38:44 | 008,839,520 | ---- | C] (Mozilla) -- C:\Users\Nadine\Thunderbird_Setup_3.0.exe [2010.01.03 16:01:32 | 005,865,064 | ---- | C] (SweetIM Technologies Lt) -- C:\Users\Nadine\SweetImSetup.exe [2009.12.02 21:45:33 | 004,274,696 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Nadine\Shockwave_Installer_Slim.exe [2009.10.22 13:10:07 | 001,066,456 | ---- | C] (Piriform Ltd) -- C:\Users\Nadine\ccsetup224_slim.exe [2009.06.09 16:59:32 | 001,012,704 | ---- | C] (Noteworthy Software, Inc.) -- C:\Users\Nadine\setup_nwc2_demo.exe [2009.06.06 17:27:46 | 005,566,192 | ---- | C] (labDV ) -- C:\Users\Nadine\DVDx_2_20_setup.exe [2008.07.15 17:53:07 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Users\Nadine\spybotsd160.exe ========== Files - Modified Within 30 Days ========== [2013.05.03 17:33:08 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.03 17:33:08 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.03 17:33:08 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.03 17:33:08 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.03 17:31:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2013.05.03 17:29:10 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2013.05.03 17:29:09 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2013.05.03 17:29:09 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9ADB12DD-3140-4893-BBC5-4A3DD1105517}.job [2013.05.03 17:28:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.03 17:27:48 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.03 17:27:48 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.03 17:27:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.03 17:27:34 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.05.03 12:00:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.02 18:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.02 16:31:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.02 16:12:37 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Nadine\Desktop\ComboFix.exe [2013.04.30 20:16:39 | 000,090,680 | ---- | M] () -- C:\Users\Nadine\Desktop\Recherche Medienprojekte.pdf [2013.04.30 20:16:19 | 000,029,542 | ---- | M] () -- C:\Users\Nadine\Desktop\Recherche.odt [2013.04.30 13:08:52 | 000,000,000 | ---- | M] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:06:31 | 000,050,477 | ---- | M] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 11:26:33 | 000,229,888 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.30 11:16:37 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 11:13:10 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.30 11:10:24 | 000,001,356 | ---- | M] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2013.04.30 10:45:56 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.18 17:17:54 | 000,019,248 | ---- | M] () -- C:\Users\Nadine\Desktop\Kündigung Wohnung.odt [2013.04.10 15:09:26 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:27:16 | 073,427,800 | ---- | M] () -- C:\Users\Nadine\CitaviSetup.exe [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.05.02 16:16:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.02 16:16:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.02 16:16:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.02 16:16:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.02 16:16:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.30 20:15:33 | 000,090,680 | ---- | C] () -- C:\Users\Nadine\Desktop\Recherche Medienprojekte.pdf [2013.04.30 13:08:52 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:06:30 | 000,050,477 | ---- | C] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 11:43:10 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys [2013.04.30 11:16:37 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 10:45:56 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.29 22:51:00 | 000,029,542 | ---- | C] () -- C:\Users\Nadine\Desktop\Recherche.odt [2013.04.15 21:16:21 | 000,019,248 | ---- | C] () -- C:\Users\Nadine\Desktop\Kündigung Wohnung.odt [2013.04.10 15:09:26 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:22:44 | 073,427,800 | ---- | C] () -- C:\Users\Nadine\CitaviSetup.exe [2013.02.25 13:51:33 | 002,086,240 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus.exe [2013.02.01 16:33:06 | 447,479,568 | ---- | C] () -- C:\Users\Nadine\CL.2418_GM4_Trial_VDE121106-02.exe [2013.01.31 23:12:19 | 051,126,784 | ---- | C] () -- C:\Users\Nadine\wz170-32gev.msi [2013.01.28 01:01:55 | 000,527,423 | ---- | C] ( ) -- C:\Users\Nadine\Lame_v3.99.3_for_Windows.exe [2013.01.28 01:01:01 | 000,251,234 | ---- | C] () -- C:\Users\Nadine\Lame_Library_v3.98.2_for_Audacity_on_OSX.dmg [2012.10.31 22:49:14 | 001,280,956 | ---- | C] () -- C:\Users\Nadine\happy_install.exe [2012.10.23 00:53:40 | 000,000,910 | ---- | C] () -- C:\Windows\XLMSoft.ini [2012.10.01 19:06:55 | 152,249,762 | ---- | C] () -- C:\Users\Nadine\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.08.23 20:50:28 | 000,025,165 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png [2012.04.04 14:07:42 | 168,166,968 | ---- | C] () -- C:\Users\Nadine\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2012.01.29 21:53:14 | 087,262,320 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus_de.exe [2010.10.18 11:56:12 | 000,611,613 | ---- | C] () -- C:\Users\Nadine\SecureW2_Personal_Client_206_UniGi_20091021.exe [2010.07.15 18:50:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.12 12:25:19 | 020,483,048 | ---- | C] () -- C:\Users\Nadine\Sun_ODF_Template_Pack2_de.oxt [2010.04.05 19:23:51 | 000,000,322 | ---- | C] () -- C:\Users\Nadine\mp4toavi.ini [2010.02.24 21:14:09 | 003,421,451 | ---- | C] () -- C:\Users\Nadine\odf-converter-integrator-0.2.3-installer.exe [2009.12.31 17:48:16 | 000,001,024 | ---- | C] () -- C:\Users\Nadine\.rnd [2009.12.30 18:32:26 | 000,001,356 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2009.11.26 20:20:01 | 000,899,414 | ---- | C] () -- C:\Users\Nadine\SetupDVDDecrypter_3.5.4.0.exe [2009.08.24 00:13:01 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2009.08.24 00:13:00 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2008.11.10 22:14:46 | 000,204,073 | ---- | C] () -- C:\Users\Nadine\DataRecovery_EN.zip [2008.11.10 22:08:05 | 025,093,328 | ---- | C] () -- C:\Users\Nadine\antivir_workstation8.1.0.331_winu_de_h.exe [2008.03.12 21:41:48 | 000,000,214 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\default.pls [2008.02.18 20:57:52 | 050,712,703 | ---- | C] () -- C:\Users\Nadine\23000 Guitar Pro Tabs - My Songbook.zip [2008.02.02 18:36:10 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\sversion.ini [2008.01.21 19:01:05 | 000,002,188 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\wklnhst.dat [2008.01.21 18:56:41 | 000,000,094 | ---- | C] () -- C:\Users\Nadine\AppData\Local\fusioncache.dat [2008.01.21 18:56:30 | 000,000,375 | ---- | C] () -- C:\Users\Nadine\Pictures.lnk [2008.01.21 18:20:35 | 000,229,888 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.08.22 18:32:00 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.22 18:21:44 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.05.2013 17:33:17 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,72% Memory free
4,20 Gb Paging File | 3,04 Gb Available in Paging File | 72,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212,88 Gb Total Space | 59,40 Gb Free Space | 27,91% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,50 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
Computer Name: MEINPC | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F220FCE-1F96-4568-B0E2-1DB05251A593}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A418F797-B170-49F8-A372-E6164E436FDB}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A9752B-9DD3-4069-A698-B04E5E186262}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{13CE01A1-06DC-4057-8480-55827776D201}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{13E7AD4A-BFCC-4F5A-9805-68AD0A50464B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{14B890A1-568D-4578-A397-5C9612D6F462}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DD7DAEF-83BE-4E20-B053-6FEFBF783DDB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{37978879-6125-4E63-8B03-F8D040113224}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{56A9574E-04FD-45B0-9143-B8BFE444BB55}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{585CD4CE-3FBC-4E9B-A6F0-5AED0A00839C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{6FCDD6A5-98BD-4351-8129-0574451946B4}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{7A9C420A-5843-4B0B-86BC-FCAA72D45926}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{7CC2E197-F165-494F-9F4D-3A5497F7B771}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{817013FA-6AF2-47E5-97A9-192FF93F7FF6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{8AB7485E-E78D-4787-A74F-640334414280}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{B3718080-BEFE-4FE9-9020-17B02925988F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B40D036E-98DD-403D-A5C9-BA31E9F1BCEB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BBD0401B-946E-4704-A8E3-A82FEF38555F}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{BCAA4B2C-32C8-4B67-B788-B81EE38AAC8B}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{C7F5B251-39DD-42F1-8436-347DCCC543A1}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{CA989E53-5EA9-4CCC-9D38-7B1FE65FC99B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{CAFD479B-74C0-4F4F-AB8E-659B9FEF1E85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB071F6F-68B1-45A8-ACFC-E542185945BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CEA632DA-2AFC-4A93-B177-220F442C250E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF8765A7-4B47-4E92-BBD5-8DD8E638B354}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{D3A76EA0-9F2F-4404-BD0D-C7FE6DD603D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DA09ED9E-2720-484C-BEE3-D1598D474D92}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{E074B0F7-55BC-496C-97CE-A6642CE69F4F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{EDC2CF85-9297-400A-A14C-3F01B707AC52}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{EEAC32AE-AB2F-405E-A0FD-9C07F26F4B23}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{42ED0569-52A9-4C83-9F46-5A87A4178A3B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6004CAD2-CA80-4472-A299-257A839E0CFB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{DDA6119A-8D32-4FFD-AE7B-D371EA5BDDF1}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{E9B3E9B3-F93E-4AA9-8D37-B753C213FEF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F31FF8CE-1450-4E7B-928D-17C0BFCEFDF8}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{215217C5-F36B-450B-90EE-029EB0F1C288}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{23C74E52-250B-4321-BE6C-2CB2610CFAA2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{60E1E0F2-C338-4E25-85EF-676268DE0927}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{88A6293D-9F63-45BD-A8C1-0B5907290196}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C8B45BC7-6B77-4B5B-B1E0-CDF0E1BF32AA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8751236B-9BF4-4EA6-B599-6FB9F3A74927}" = Sven Bomwollen
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BDD73EB0-0485-4B79-93EC-CF2EAEFF3BAB}_is1" = OpenSC
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ANNO1602" = Anno 1602
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mad Robots 2004" = Mad Robots 2004
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"odf-converter-integrator" = odf-converter-integrator
"pdfsam" = pdfsam
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Revo Uninstaller" = Revo Uninstaller 1.94
"Shockwave" = Shockwave
"Smart card bundle_is1" = Smart card bundle 0.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.73
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.02.2012 18:25:02 | Computer Name = MeinPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.1.0.137, Zeitstempel
0x46444e37, fehlerhaftes Modul ADMPlugin.apl, Version 3.16.128.32, Zeitstempel
0x464415c4, Ausnahmecode 0x40000015, Fehleroffset 0x000aa341, Prozess-ID 0x9f0, Anwendungsstartzeit
01cce12f91ea6d50.
Error - 01.02.2012 18:53:57 | Computer Name = MeinPC | Source = VSS | ID = 8194
Description =
Error - 01.02.2012 18:58:59 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:29 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:32 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:32 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:33 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:47 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.02.2012 19:00:47 | Computer Name = MeinPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 09.02.2012 19:45:00 | Computer Name = MeinPC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6000.6344, Zeitstempel
0x46e5f12e, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x3b8, Anwendungsstartzeit
01cce783fc782c18.
[ OSession Events ]
Error - 21.10.2009 15:10:20 | Computer Name = MeinPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 03.05.2013 11:47:58 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 03.05.2013 11:47:59 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 03.05.2013 11:48:00 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 03.05.2013 11:48:01 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 03.05.2013 11:48:02 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 03.05.2013 11:48:03 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 03.05.2013 11:48:04 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 03.05.2013 11:48:05 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 03.05.2013 11:48:06 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 03.05.2013 11:48:07 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
04.05.2013, 20:55
| #7 |
| /// Malwareteam | System Care Antivirus auf Vista Hallo Kasparella bitte speichere die Tools die du downloadest auf deinem Desktop wie in den Anleitungen beschrieben. Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
[2013.04.29 23:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\F00ADA6E5B9533650000F009EA69382C
:commands
[emptytemp]
Schritt 2 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Teile mit bitte mit ob dein System nach diesem Fix noch irgendwelche Probleme bereitet. |
|
05.05.2013, 16:48
| #8 |
| | System Care Antivirus auf Vista Vielen Dank für die Antwort. Ich habe eigentlich alle Downloads, die hierfür nötig waren, auf dem Desktop gespeichert sowie die dazugehörigen Logs. Oder habe ich etwas falsch gemacht? Der Laptop funktioniert einwandfrei wie vor dem Trojanerbefall. Ich hänge die beiden Logs von OTL an die Nachricht an. Kann/soll ich den Teatimer von Spybot wieder aktivieren, den ich bei einem der Scans ausschalten sollte? Wäre es nötig, alle Passwörter (z.B. auch Online-Banking) zu wechseln oder hat der Trojaner nicht danach gesucht (inwiefern du das beurteilen kannst)? Vielen Dank im Voraus, Nadine Code:
ATTFilter All processes killed
========== OTL ==========
Folder C:\ProgramData\F00ADA6E5B9533650000F009EA69382C\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Nadine
->Temp folder emptied: 132032 bytes
->Temporary Internet Files folder emptied: 2122893 bytes
->Java cache emptied: 204689 bytes
->FireFox cache emptied: 60405292 bytes
->Flash cache emptied: 8109993 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8435809 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 76,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05052013_162202
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\JET3014.tmp not found!
C:\Windows\temp\JET54D3.tmp moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 05.05.2013 16:28:32 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 66,25% Memory free 4,20 Gb Paging File | 3,35 Gb Available in Paging File | 79,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 212,88 Gb Total Space | 54,75 Gb Free Space | 25,72% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,50 Gb Free Space | 52,52% Space Free | Partition Type: FAT32 Computer Name: MEINPC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nadine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Nadine\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (SPR3322K) -- C:\Windows\System32\drivers\SPR3322K.sys (SCM Microsystems Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBGENE.sys (Genesys Logic, Inc.) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (SE2Ebus) -- C:\Windows\System32\drivers\SE2Ebus.sys (MCCI) DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de" FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.6 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2013.01.16 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3 FF - prefs.js..extensions.enabledItems: noiatabs@sonco.com:1.4.0 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - prefs.js..network.proxy.http: "190.14.232.98" FF - prefs.js..network.proxy.http_port: 8089 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.04.10 15:09:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] [2010.02.19 19:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions [2010.01.03 18:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.19 22:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\e927lpq3.default\extensions [2012.08.26 16:35:11 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\stealthyextension@gmail.com.xpi [2012.08.26 16:35:09 | 000,084,548 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2012.08.26 16:35:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.26 16:35:14 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.08.26 16:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.01.21 20:49:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.30 20:11:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.10 15:09:25 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.10.28 19:52:29 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.28 19:52:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.02 16:31:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196839374280 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F79B75-39A0-4DF4-8738-A796CFFD044A}: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC007ABC-3C0C-49A3-B143-4E67BF6BCA89}: DhcpNameServer = 192.168.179.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.05 16:22:02 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.03 17:31:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2013.05.02 16:34:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.02 16:34:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\temp [2013.05.02 16:16:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.02 16:16:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.02 16:16:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2013.05.02 16:16:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.02 16:16:25 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.02 16:15:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.02 16:15:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.02 16:11:58 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Nadine\Desktop\ComboFix.exe [2013.04.30 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.30 10:45:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.30 10:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.29 23:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\F00ADA6E5B9533650000F009EA69382C [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Swiss Academic Software [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Citavi 3 [2013.04.10 15:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3 [2013.04.10 15:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Citavi 3 [2013.04.10 15:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software [2013.01.31 23:24:31 | 005,076,855 | ---- | C] (XMedia Recode ) -- C:\Users\Nadine\XMediaRecode3141_setup.exe [2012.10.23 00:32:02 | 000,853,513 | ---- | C] (e-merge GmbH) -- C:\Users\Nadine\mrsetup.exe [2012.10.20 15:26:01 | 021,415,874 | ---- | C] (Audacity Team ) -- C:\Users\Nadine\audacity-win-2.0.2.exe [2012.10.20 15:25:06 | 005,152,896 | ---- | C] (Canneverbe Limited ) -- C:\Users\Nadine\cdbxp_setup_4.4.2.3442_minimal.exe [2012.08.31 14:19:03 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Users\Nadine\jxpiinstall.exe [2012.08.27 16:39:37 | 023,652,248 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Nadine\FreeYouTubeDownload.exe [2012.08.26 16:30:34 | 016,660,184 | ---- | C] (Mozilla) -- C:\Users\Nadine\Firefox_Setup_14.0.1.exe [2012.07.21 21:46:32 | 014,593,325 | ---- | C] (Andrea Vacondio) -- C:\Users\Nadine\pdfsam-win-v2_2_1.exe [2011.10.04 19:13:52 | 001,081,480 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Nadine\SkypeSetup.exe [2011.08.02 19:46:49 | 002,959,376 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadine\dotnetfx35setup.exe [2011.03.21 23:12:32 | 002,406,717 | ---- | C] (Andreas Jellinghaus ) -- C:\Users\Nadine\scb-0.10.exe [2011.03.21 22:59:57 | 002,016,013 | ---- | C] (OpenSC Project ) -- C:\Users\Nadine\OpenSC-0.12.0.win32.exe [2010.04.09 19:28:52 | 023,341,560 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\Nadine\avc-free.exe [2010.04.09 19:01:08 | 022,889,183 | ---- | C] (Shark007) -- C:\Users\Nadine\VistaCodecs_v567.exe [2010.01.03 18:38:44 | 008,839,520 | ---- | C] (Mozilla) -- C:\Users\Nadine\Thunderbird_Setup_3.0.exe [2010.01.03 16:01:32 | 005,865,064 | ---- | C] (SweetIM Technologies Lt) -- C:\Users\Nadine\SweetImSetup.exe [2009.12.02 21:45:33 | 004,274,696 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Nadine\Shockwave_Installer_Slim.exe [2009.10.22 13:10:07 | 001,066,456 | ---- | C] (Piriform Ltd) -- C:\Users\Nadine\ccsetup224_slim.exe [2009.06.09 16:59:32 | 001,012,704 | ---- | C] (Noteworthy Software, Inc.) -- C:\Users\Nadine\setup_nwc2_demo.exe [2009.06.06 17:27:46 | 005,566,192 | ---- | C] (labDV ) -- C:\Users\Nadine\DVDx_2_20_setup.exe [2008.07.15 17:53:07 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Users\Nadine\spybotsd160.exe ========== Files - Modified Within 30 Days ========== [2013.05.05 16:30:22 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.05 16:30:22 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.05 16:30:22 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.05 16:30:22 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.05 16:24:45 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2013.05.05 16:24:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.05 16:23:24 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.05 16:23:24 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.05 16:23:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.05 16:23:10 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.05.05 16:22:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.05 16:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.05 15:55:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9ADB12DD-3140-4893-BBC5-4A3DD1105517}.job [2013.05.04 17:24:02 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2013.05.03 17:31:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2013.05.02 16:31:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.02 16:12:37 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Nadine\Desktop\ComboFix.exe [2013.04.30 20:16:39 | 000,090,680 | ---- | M] () -- C:\Users\Nadine\Desktop\Recherche Medienprojekte.pdf [2013.04.30 20:16:19 | 000,029,542 | ---- | M] () -- C:\Users\Nadine\Desktop\Recherche.odt [2013.04.30 13:08:52 | 000,000,000 | ---- | M] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:06:31 | 000,050,477 | ---- | M] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 11:26:33 | 000,229,888 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.30 11:16:37 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 11:13:10 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.30 11:10:24 | 000,001,356 | ---- | M] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2013.04.30 10:45:56 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.18 17:17:54 | 000,019,248 | ---- | M] () -- C:\Users\Nadine\Desktop\Kündigung Wohnung.odt [2013.04.10 15:09:26 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:27:16 | 073,427,800 | ---- | M] () -- C:\Users\Nadine\CitaviSetup.exe ========== Files Created - No Company Name ========== [2013.05.02 16:16:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.02 16:16:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.02 16:16:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.02 16:16:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.02 16:16:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.30 20:15:33 | 000,090,680 | ---- | C] () -- C:\Users\Nadine\Desktop\Recherche Medienprojekte.pdf [2013.04.30 13:08:52 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:06:30 | 000,050,477 | ---- | C] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 11:43:10 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys [2013.04.30 11:16:37 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 10:45:56 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.29 22:51:00 | 000,029,542 | ---- | C] () -- C:\Users\Nadine\Desktop\Recherche.odt [2013.04.15 21:16:21 | 000,019,248 | ---- | C] () -- C:\Users\Nadine\Desktop\Kündigung Wohnung.odt [2013.04.10 15:09:26 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:22:44 | 073,427,800 | ---- | C] () -- C:\Users\Nadine\CitaviSetup.exe [2013.02.25 13:51:33 | 002,086,240 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus.exe [2013.02.01 16:33:06 | 447,479,568 | ---- | C] () -- C:\Users\Nadine\CL.2418_GM4_Trial_VDE121106-02.exe [2013.01.31 23:12:19 | 051,126,784 | ---- | C] () -- C:\Users\Nadine\wz170-32gev.msi [2013.01.28 01:01:55 | 000,527,423 | ---- | C] ( ) -- C:\Users\Nadine\Lame_v3.99.3_for_Windows.exe [2013.01.28 01:01:01 | 000,251,234 | ---- | C] () -- C:\Users\Nadine\Lame_Library_v3.98.2_for_Audacity_on_OSX.dmg [2012.10.31 22:49:14 | 001,280,956 | ---- | C] () -- C:\Users\Nadine\happy_install.exe [2012.10.23 00:53:40 | 000,000,910 | ---- | C] () -- C:\Windows\XLMSoft.ini [2012.10.01 19:06:55 | 152,249,762 | ---- | C] () -- C:\Users\Nadine\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.08.23 20:50:28 | 000,025,165 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png [2012.04.04 14:07:42 | 168,166,968 | ---- | C] () -- C:\Users\Nadine\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2012.01.29 21:53:14 | 087,262,320 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus_de.exe [2010.10.18 11:56:12 | 000,611,613 | ---- | C] () -- C:\Users\Nadine\SecureW2_Personal_Client_206_UniGi_20091021.exe [2010.07.15 18:50:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.12 12:25:19 | 020,483,048 | ---- | C] () -- C:\Users\Nadine\Sun_ODF_Template_Pack2_de.oxt [2010.04.05 19:23:51 | 000,000,322 | ---- | C] () -- C:\Users\Nadine\mp4toavi.ini [2010.02.24 21:14:09 | 003,421,451 | ---- | C] () -- C:\Users\Nadine\odf-converter-integrator-0.2.3-installer.exe [2009.12.31 17:48:16 | 000,001,024 | ---- | C] () -- C:\Users\Nadine\.rnd [2009.12.30 18:32:26 | 000,001,356 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2009.11.26 20:20:01 | 000,899,414 | ---- | C] () -- C:\Users\Nadine\SetupDVDDecrypter_3.5.4.0.exe [2009.08.24 00:13:01 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2009.08.24 00:13:00 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2008.11.10 22:14:46 | 000,204,073 | ---- | C] () -- C:\Users\Nadine\DataRecovery_EN.zip [2008.11.10 22:08:05 | 025,093,328 | ---- | C] () -- C:\Users\Nadine\antivir_workstation8.1.0.331_winu_de_h.exe [2008.03.12 21:41:48 | 000,000,214 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\default.pls [2008.02.18 20:57:52 | 050,712,703 | ---- | C] () -- C:\Users\Nadine\23000 Guitar Pro Tabs - My Songbook.zip [2008.02.02 18:36:10 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\sversion.ini [2008.01.21 19:01:05 | 000,002,188 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\wklnhst.dat [2008.01.21 18:56:41 | 000,000,094 | ---- | C] () -- C:\Users\Nadine\AppData\Local\fusioncache.dat [2008.01.21 18:56:30 | 000,000,375 | ---- | C] () -- C:\Users\Nadine\Pictures.lnk [2008.01.21 18:20:35 | 000,229,888 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.08.22 18:32:00 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.22 18:21:44 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.04.09 19:32:24 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\AnvSoft [2013.01.28 01:08:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Audacity [2009.01.28 10:12:40 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Buhl Data Service GmbH [2010.02.01 23:55:32 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Canneverbe Limited [2011.03.21 22:25:31 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Cherry [2013.03.25 23:21:26 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoft [2013.02.04 21:24:12 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\DVDVideoSoftIEHelpers [2008.06.09 22:35:35 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\gtopala [2009.06.09 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Noteworthy Software [2012.04.04 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\OpenOffice.org [2012.08.23 20:50:27 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PeerNetworking [2013.03.18 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\PhotoScape [2008.01.21 22:18:35 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Sonavis [2008.05.10 15:41:25 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\STOIK [2013.04.10 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Swiss Academic Software [2011.11.24 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Template [2010.01.03 18:41:56 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Thunderbird [2009.11.18 21:05:51 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Toshiba [2008.01.21 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Ulead Systems [2010.04.09 19:14:36 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\VistaCodecs [2013.03.18 01:27:00 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\XMedia Recode [2012.02.07 14:37:58 | 000,000,000 | ---D | M] -- C:\Users\Nadine\AppData\Roaming\Yhaty ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > |
|
06.05.2013, 21:25
| #9 | ||||
| /// Malwareteam | System Care Antivirus auf Vista Hallo Kasparella Zitat:
Zitat:
Zitat:
Zitat:
Schritt 1: Deinstalliere bitte folgende Programme: Code:
ATTFilter Spybot - Search & Destroy
alles mit Java Version 6 sowie Java Update
CCleaner (remove only)
Wise Registry Cleaner 4 Free 4.73
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3: Fixen mit OTL
Code:
ATTFilter :commands
[createrestorepoint]
|
|
06.05.2013, 22:28
| #10 |
| | System Care Antivirus auf Vista Vielen Dank für deine Antwort. Die Scans habe ich durchgeführt und hänge die Logs wieder anbei. Eine kurze Frage habe ich noch: Ich war ein wenig überrascht, dass ich den CCleaner deinstallieren sollte. Ich hatte bis jetzt eigentlich nur Gutes davon gehört und es auch anderen Personen weiterempfohlen. Kannst du mir bitte ganz kurz als Experte sagen, warum ich dies tun sollte? Also ist das Programm doch nicht so gut ist, wie behauptet, oder behindert (o.ä.) es speziell meinen PC? Ich weiß, es ist eigentlich eher off-topic, aber es würde mich interessieren; ich würde mich freuen, wenn du mir ganz kurz eine Antwort geben könntest. (Die genannten Programme habe ich natürlich alle deinstalliert.) Vielen Dank im Voraus dafür, Nadine Hier die beiden Logs: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows Vista (TM) Home Premium x86
Ran by Nadine on 06.05.2013 at 23:03:24,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Nadine\AppData\Roaming\dvdvideosoftiehelpers"
~~~ FireFox
Successfully deleted: [File] C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\user.js
Successfully deleted: [Folder] C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\winamptoolbardata
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Successfully deleted the following from C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\prefs.js
user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
user_pref("winamp_toolbar.search.searchtype", "web");
Emptied folder: C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\minidumps [68 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.05.2013 at 23:06:25,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ========== COMMANDS ==========
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 05062013_231030
|
|
07.05.2013, 15:49
| #11 |
| /// Malwareteam | System Care Antivirus auf Vista Hallo Kasparella Zur beantwortung deiner Frage: Hinweis: Registry CleanerIch sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. so gehts weiter... Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2: ESET Online Scanner
Schritt 3: Macht dein System noch Probleme nach dem du die beiden Scanner ausgeführt hast? Wenn ja teile mir bitte mit wie sich dein System verhält. Abschließend benötige ich noch einen neuen OTL Scan... dieser ist dazu gedacht ein abschließendes Bild der Bereinigung zu erhalten. Im nächsten Post räumen wir dann dein System noch auf und machen einige Updates Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. |
|
08.05.2013, 17:09
| #12 |
| | System Care Antivirus auf Vista Lieben Dank für die hilfreiche Antwort. Ich hatte nämlich gehört, dass man Programme nicht auf dem herkömmlichen Wege deinstallieren solle, da nicht alles gelöscht werden würde. Nun bin ich auf jeden Fall schlauer. Die Scans habe ich durchgeführt und füge die Logs wieder anbei. Mir ist bis jetzt nichts Ungewöhnliches an meinem Laptop aufgefallen, nachdem ich die Scans durchgeführt hatte. Viele Grüße, Nadine Hier die Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.07.07 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Nadine :: MEINPC [Administrator] 07.05.2013 19:54:44 mbam-log-2013-05-07 (19-54-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 206350 Laufzeit: 9 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=38105db48a71ca4bb65e76b4c4198a14
# engine=13779
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-07 09:11:14
# local_time=2013-05-07 11:11:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1799 16775165 100 97 18624 138632379 11376 0
# compatibility_mode=5892 16776574 100 100 6928480 205493802 0 0
# scanned=199378
# found=0
# cleaned=0
# scan_time=10746
Code:
ATTFilter OTL logfile created on: 08.05.2013 17:49:30 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 49,00% Memory free 4,20 Gb Paging File | 2,96 Gb Available in Paging File | 70,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 212,88 Gb Total Space | 44,96 Gb Free Space | 21,12% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 10,50 Gb Free Space | 52,52% Space Free | Partition Type: FAT32 Computer Name: MEINPC | User Name: Nadine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Nadine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\hasplms.exe (SafeNet Inc.) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll () MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (hasplms) -- C:\Windows\System32\hasplms.exe (SafeNet Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (srvcPVR) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Nadine\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (aksfridge) -- C:\Windows\System32\drivers\aksfridge.sys (SafeNet Inc.) DRV - (hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (SPR3322K) -- C:\Windows\System32\drivers\SPR3322K.sys (SCM Microsystems Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBGENE.sys (Genesys Logic, Inc.) DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.) DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (SE2Ebus) -- C:\Windows\System32\drivers\SE2Ebus.sys (MCCI) DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.) DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de" FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..extensions.enabledAddons: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:12.6 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2013.01.16 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.3 FF - prefs.js..extensions.enabledItems: noiatabs@sonco.com:1.4.0 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..network.proxy.http: "190.14.232.98" FF - prefs.js..network.proxy.http_port: 8089 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.04.10 15:09:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.18 00:52:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.03 15:58:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.03 15:58:29 | 000,000,000 | ---D | M] [2010.02.19 19:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions [2010.01.03 18:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.19 22:57:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\Firefox\Profiles\e927lpq3.default\extensions [2012.08.26 16:35:11 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\stealthyextension@gmail.com.xpi [2012.08.26 16:35:09 | 000,084,548 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}.xpi [2012.08.26 16:35:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.26 16:35:14 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\e927lpq3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.05.06 22:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.01.21 20:49:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.04.10 15:09:25 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.10.28 19:52:29 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.28 19:52:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.02 16:31:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196839374280 (MUWebControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.179.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F79B75-39A0-4DF4-8738-A796CFFD044A}: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC007ABC-3C0C-49A3-B143-4E67BF6BCA89}: DhcpNameServer = 192.168.179.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Nadine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.06 23:03:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.06 23:03:08 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.06 23:02:48 | 000,545,926 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Nadine\Desktop\JRT.exe [2013.05.05 23:25:52 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Desktop\Ich [2013.05.05 16:22:02 | 000,000,000 | ---D | C] -- C:\_OTL [2013.05.03 17:31:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2013.05.02 16:34:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.02 16:34:28 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Local\temp [2013.05.02 16:16:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.02 16:16:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.02 16:16:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2013.05.02 16:16:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.02 16:16:25 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.02 16:15:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.02 16:15:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.02 16:11:58 | 005,064,153 | R--- | C] (Swearware) -- C:\Users\Nadine\Desktop\ComboFix.exe [2013.04.30 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Malwarebytes [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.30 10:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.30 10:45:54 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.30 10:45:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.29 23:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\F00ADA6E5B9533650000F009EA69382C [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\AppData\Roaming\Swiss Academic Software [2013.04.10 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Nadine\Documents\Citavi 3 [2013.04.10 15:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3 [2013.04.10 15:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Citavi 3 [2013.04.10 15:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software [2013.01.31 23:24:31 | 005,076,855 | ---- | C] (XMedia Recode ) -- C:\Users\Nadine\XMediaRecode3141_setup.exe [2012.10.23 00:32:02 | 000,853,513 | ---- | C] (e-merge GmbH) -- C:\Users\Nadine\mrsetup.exe [2012.10.20 15:26:01 | 021,415,874 | ---- | C] (Audacity Team ) -- C:\Users\Nadine\audacity-win-2.0.2.exe [2012.10.20 15:25:06 | 005,152,896 | ---- | C] (Canneverbe Limited ) -- C:\Users\Nadine\cdbxp_setup_4.4.2.3442_minimal.exe [2012.08.31 14:19:03 | 000,894,952 | ---- | C] (Oracle Corporation) -- C:\Users\Nadine\jxpiinstall.exe [2012.08.27 16:39:37 | 023,652,248 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Nadine\FreeYouTubeDownload.exe [2012.08.26 16:30:34 | 016,660,184 | ---- | C] (Mozilla) -- C:\Users\Nadine\Firefox_Setup_14.0.1.exe [2012.07.21 21:46:32 | 014,593,325 | ---- | C] (Andrea Vacondio) -- C:\Users\Nadine\pdfsam-win-v2_2_1.exe [2011.10.04 19:13:52 | 001,081,480 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Nadine\SkypeSetup.exe [2011.08.02 19:46:49 | 002,959,376 | ---- | C] (Microsoft Corporation) -- C:\Users\Nadine\dotnetfx35setup.exe [2011.03.21 23:12:32 | 002,406,717 | ---- | C] (Andreas Jellinghaus ) -- C:\Users\Nadine\scb-0.10.exe [2011.03.21 22:59:57 | 002,016,013 | ---- | C] (OpenSC Project ) -- C:\Users\Nadine\OpenSC-0.12.0.win32.exe [2010.04.09 19:28:52 | 023,341,560 | ---- | C] (Any-Video-Converter.com ) -- C:\Users\Nadine\avc-free.exe [2010.04.09 19:01:08 | 022,889,183 | ---- | C] (Shark007) -- C:\Users\Nadine\VistaCodecs_v567.exe [2010.01.03 18:38:44 | 008,839,520 | ---- | C] (Mozilla) -- C:\Users\Nadine\Thunderbird_Setup_3.0.exe [2010.01.03 16:01:32 | 005,865,064 | ---- | C] (SweetIM Technologies Lt) -- C:\Users\Nadine\SweetImSetup.exe [2009.12.02 21:45:33 | 004,274,696 | ---- | C] (Adobe Systems Inc.) -- C:\Users\Nadine\Shockwave_Installer_Slim.exe [2009.10.22 13:10:07 | 001,066,456 | ---- | C] (Piriform Ltd) -- C:\Users\Nadine\ccsetup224_slim.exe [2009.06.09 16:59:32 | 001,012,704 | ---- | C] (Noteworthy Software, Inc.) -- C:\Users\Nadine\setup_nwc2_demo.exe [2009.06.06 17:27:46 | 005,566,192 | ---- | C] (labDV ) -- C:\Users\Nadine\DVDx_2_20_setup.exe [2008.07.15 17:53:07 | 015,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Users\Nadine\spybotsd160.exe ========== Files - Modified Within 30 Days ========== [2013.05.08 17:55:13 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9ADB12DD-3140-4893-BBC5-4A3DD1105517}.job [2013.05.08 17:32:25 | 000,651,350 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.08 17:32:25 | 000,618,470 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.08 17:32:25 | 000,121,114 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.08 17:32:25 | 000,107,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.08 17:27:56 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2013.05.08 17:27:55 | 000,027,934 | ---- | M] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2013.05.08 17:27:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.08 17:26:41 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 17:26:41 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 17:26:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.08 17:26:23 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys [2013.05.07 23:44:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.07 23:24:09 | 000,233,984 | ---- | M] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.07 23:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.06 23:02:50 | 000,545,926 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Nadine\Desktop\JRT.exe [2013.05.03 17:31:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe [2013.05.02 16:31:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.02 16:12:37 | 005,064,153 | R--- | M] (Swearware) -- C:\Users\Nadine\Desktop\ComboFix.exe [2013.04.30 13:08:52 | 000,000,000 | ---- | M] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:06:31 | 000,050,477 | ---- | M] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 11:16:37 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 11:13:10 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.04.30 11:10:24 | 000,001,356 | ---- | M] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2013.04.30 10:45:56 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 15:09:26 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:27:16 | 073,427,800 | ---- | M] () -- C:\Users\Nadine\CitaviSetup.exe ========== Files Created - No Company Name ========== [2013.05.02 16:16:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.02 16:16:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.02 16:16:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.02 16:16:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.02 16:16:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.30 13:08:52 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\defogger_reenable [2013.04.30 13:06:30 | 000,050,477 | ---- | C] () -- C:\Users\Nadine\Defogger.exe [2013.04.30 11:43:10 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys [2013.04.30 11:16:37 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\{98E2824C-5377-49FF-8D1F-181C7793FD2A}.job [2013.04.30 10:45:56 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 15:09:26 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk [2013.04.10 14:22:44 | 073,427,800 | ---- | C] () -- C:\Users\Nadine\CitaviSetup.exe [2013.02.25 13:51:33 | 002,086,240 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus.exe [2013.02.01 16:33:06 | 447,479,568 | ---- | C] () -- C:\Users\Nadine\CL.2418_GM4_Trial_VDE121106-02.exe [2013.01.31 23:12:19 | 051,126,784 | ---- | C] () -- C:\Users\Nadine\wz170-32gev.msi [2013.01.28 01:01:55 | 000,527,423 | ---- | C] ( ) -- C:\Users\Nadine\Lame_v3.99.3_for_Windows.exe [2013.01.28 01:01:01 | 000,251,234 | ---- | C] () -- C:\Users\Nadine\Lame_Library_v3.98.2_for_Audacity_on_OSX.dmg [2012.10.31 22:49:14 | 001,280,956 | ---- | C] () -- C:\Users\Nadine\happy_install.exe [2012.10.23 00:53:40 | 000,000,910 | ---- | C] () -- C:\Windows\XLMSoft.ini [2012.10.01 19:06:55 | 152,249,762 | ---- | C] () -- C:\Users\Nadine\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.08.23 20:50:28 | 000,025,165 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\UserTile.png [2012.04.04 14:07:42 | 168,166,968 | ---- | C] () -- C:\Users\Nadine\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2012.01.29 21:53:14 | 087,262,320 | ---- | C] () -- C:\Users\Nadine\avira_free_antivirus_de.exe [2010.10.18 11:56:12 | 000,611,613 | ---- | C] () -- C:\Users\Nadine\SecureW2_Personal_Client_206_UniGi_20091021.exe [2010.07.15 18:50:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.12 12:25:19 | 020,483,048 | ---- | C] () -- C:\Users\Nadine\Sun_ODF_Template_Pack2_de.oxt [2010.04.05 19:23:51 | 000,000,322 | ---- | C] () -- C:\Users\Nadine\mp4toavi.ini [2010.02.24 21:14:09 | 003,421,451 | ---- | C] () -- C:\Users\Nadine\odf-converter-integrator-0.2.3-installer.exe [2009.12.31 17:48:16 | 000,001,024 | ---- | C] () -- C:\Users\Nadine\.rnd [2009.12.30 18:32:26 | 000,001,356 | ---- | C] () -- C:\Users\Nadine\AppData\Local\d3d9caps.dat [2009.11.26 20:20:01 | 000,899,414 | ---- | C] () -- C:\Users\Nadine\SetupDVDDecrypter_3.5.4.0.exe [2009.08.24 00:13:01 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.001 [2009.08.24 00:13:00 | 000,027,934 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\nvModes.dat [2008.11.10 22:14:46 | 000,204,073 | ---- | C] () -- C:\Users\Nadine\DataRecovery_EN.zip [2008.11.10 22:08:05 | 025,093,328 | ---- | C] () -- C:\Users\Nadine\antivir_workstation8.1.0.331_winu_de_h.exe [2008.03.12 21:41:48 | 000,000,214 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\default.pls [2008.02.18 20:57:52 | 050,712,703 | ---- | C] () -- C:\Users\Nadine\23000 Guitar Pro Tabs - My Songbook.zip [2008.02.02 18:36:10 | 000,000,000 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\sversion.ini [2008.01.21 19:01:05 | 000,002,188 | ---- | C] () -- C:\Users\Nadine\AppData\Roaming\wklnhst.dat [2008.01.21 18:56:41 | 000,000,094 | ---- | C] () -- C:\Users\Nadine\AppData\Local\fusioncache.dat [2008.01.21 18:56:30 | 000,000,375 | ---- | C] () -- C:\Users\Nadine\Pictures.lnk [2008.01.21 18:20:35 | 000,233,984 | ---- | C] () -- C:\Users\Nadine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.08.22 18:32:00 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.22 18:21:44 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.05.2013 17:49:30 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 49,00% Memory free
4,20 Gb Paging File | 2,96 Gb Available in Paging File | 70,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212,88 Gb Total Space | 44,96 Gb Free Space | 21,12% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,50 Gb Free Space | 52,52% Space Free | Partition Type: FAT32
Computer Name: MEINPC | User Name: Nadine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F220FCE-1F96-4568-B0E2-1DB05251A593}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A418F797-B170-49F8-A372-E6164E436FDB}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11A9752B-9DD3-4069-A698-B04E5E186262}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{13CE01A1-06DC-4057-8480-55827776D201}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{13E7AD4A-BFCC-4F5A-9805-68AD0A50464B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{14B890A1-568D-4578-A397-5C9612D6F462}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1DD7DAEF-83BE-4E20-B053-6FEFBF783DDB}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{37978879-6125-4E63-8B03-F8D040113224}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{56A9574E-04FD-45B0-9143-B8BFE444BB55}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{585CD4CE-3FBC-4E9B-A6F0-5AED0A00839C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{6FCDD6A5-98BD-4351-8129-0574451946B4}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{7A9C420A-5843-4B0B-86BC-FCAA72D45926}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{7CC2E197-F165-494F-9F4D-3A5497F7B771}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{817013FA-6AF2-47E5-97A9-192FF93F7FF6}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{8AB7485E-E78D-4787-A74F-640334414280}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{B3718080-BEFE-4FE9-9020-17B02925988F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B40D036E-98DD-403D-A5C9-BA31E9F1BCEB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BBD0401B-946E-4704-A8E3-A82FEF38555F}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{BCAA4B2C-32C8-4B67-B788-B81EE38AAC8B}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{C7F5B251-39DD-42F1-8436-347DCCC543A1}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{CA989E53-5EA9-4CCC-9D38-7B1FE65FC99B}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{CAFD479B-74C0-4F4F-AB8E-659B9FEF1E85}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB071F6F-68B1-45A8-ACFC-E542185945BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CEA632DA-2AFC-4A93-B177-220F442C250E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CF8765A7-4B47-4E92-BBD5-8DD8E638B354}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{D3A76EA0-9F2F-4404-BD0D-C7FE6DD603D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DA09ED9E-2720-484C-BEE3-D1598D474D92}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{E074B0F7-55BC-496C-97CE-A6642CE69F4F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{EDC2CF85-9297-400A-A14C-3F01B707AC52}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{EEAC32AE-AB2F-405E-A0FD-9C07F26F4B23}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{42ED0569-52A9-4C83-9F46-5A87A4178A3B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{6004CAD2-CA80-4472-A299-257A839E0CFB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{DDA6119A-8D32-4FFD-AE7B-D371EA5BDDF1}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"TCP Query User{E9B3E9B3-F93E-4AA9-8D37-B753C213FEF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F31FF8CE-1450-4E7B-928D-17C0BFCEFDF8}C:\program files\gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{215217C5-F36B-450B-90EE-029EB0F1C288}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe |
"UDP Query User{23C74E52-250B-4321-BE6C-2CB2610CFAA2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{60E1E0F2-C338-4E25-85EF-676268DE0927}C:\program files\gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu\gg.exe |
"UDP Query User{88A6293D-9F63-45BD-A8C1-0B5907290196}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C8B45BC7-6B77-4B5B-B1E0-CDF0E1BF32AA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05440044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Enzyklopädie 2005
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It!-Bibliothek 10
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Foto Premium 10
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E4EE98-59F4-4220-89A6-A20AF5BEC689}" = Microsoft AutoRoute 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8751236B-9BF4-4EA6-B599-6FB9F3A74927}" = Sven Bomwollen
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BDD73EB0-0485-4B79-93EC-CF2EAEFF3BAB}_is1" = OpenSC
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C6A12D9B-D86A-4ee6-B980-95E4B26A2E13}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7DAC756-8358-484B-928C-457F4E0E4B82}" = Cherry Smart Device Package V1.10 Build 4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ANNO1602" = Anno 1602
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mad Robots 2004" = Mad Robots 2004
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"odf-converter-integrator" = odf-converter-integrator
"pdfsam" = pdfsam
"PictureItPrem_v10" = Microsoft Picture It! Foto Premium 10
"Revo Uninstaller" = Revo Uninstaller 1.94
"Shockwave" = Shockwave
"Smart card bundle_is1" = Smart card bundle 0.10
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"Works2005Setup" = Setup-Start von Microsoft Works 2005
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 21.10.2009 15:10:20 | Computer Name = MeinPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.05.2013 11:58:55 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.05.2013 11:58:56 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.05.2013 11:58:57 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.05.2013 11:58:58 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.05.2013 11:58:59 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.05.2013 11:59:00 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.05.2013 11:59:01 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.05.2013 11:59:02 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.05.2013 11:59:03 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
Error - 08.05.2013 11:59:04 | Computer Name = MeinPC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
08.05.2013, 20:36
| #13 |
| /// Malwareteam | System Care Antivirus auf Vista Hallo Kasparella das sieht soweit gut aus. Dann gehen wir mal das "Aufräumen" an. Schritt 1 Java Installation. Wir haben bei dir das alte Java deinstalliert, jetzt packen wir das aktuelle wieder drauf...
Schritt 2 Kontrolle andere Programme Downloade Dir bitte  SecurityCheck und:
|
|
08.05.2013, 22:57
| #14 |
| | System Care Antivirus auf Vista Die Updates habe ich durchgeführt, wobei mein Firefox wirklich schon etwas älter war...Ich werde mich wohl zukünftig lieber von Firefox an Updates erinnern lassen, da man es ja doch vergisst. Mit dem Update vom Adobe Reader habe ich jedoch ein Problem gehabt: Ich hatte die aktuelle Version heruntergeladen, weil sie ja veraltet war, aber es wurde mir angezeigt, dass die Version schon auf dem Laptop vorhanden sei. Ich habe es noch einmal probiert. Bei FilePony wird auf Version 11. verwiesen, der Link führt jedoch zur Version 10. von Adobe, die ich schon installiert habe, aber ja veraltet ist. Gibt es noch einen anderen Link, wo ich die aktuelle Version herunterladen kann? Oder gibt es eine andere Ursache? Ich füge den Log des Check-Up wieder anbei. Viele Grüße und vielen Dank im Voraus, Nadine Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows Vista x86 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 21 Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Mozilla Thunderbird (17.0.5) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
10.05.2013, 18:48
| #15 |
| /// Malwareteam | System Care Antivirus auf Vista Hallo Nadine ich hatte nicht gesagt dass du schon Updates durchführen sollst aber gut ...Bitte prüfe ob du die hier aufgelisteten Updates durchgeführt hast. Schritt 1 Downloade Dir bitte den Internet Explorer 9 von hier und installiere diesen. Auch wenn dieser nicht dein Standard-Browser ist, sollte sich die aktuelle Version am Rechner befinden. Es gibt noch genug Software die diesen zum Updaten verwendet. Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3 Besuche bitte die Microsoft-Update-Seite und lade Dir alle Updates unter Benutzerdefiniert herunter Mache das so lange bis du nichts mehr angeboten bekommst Du musst dafür mit den Internet Explorer ins Netz gehen Wenn du dies mit FireFox durchführen willst musst Du vorher das Addon IE View installieren Schritt 4 Update: Firefox, Addons und Plugins Schritt 5 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. |
|
Beim ersten Anzeichen illegal genutzter Software (Cracks, Patches und Co) wird der Support ohne Diskussion beendet.
Gruß Aneri 
Textbox. 
Linear-Darstellung
