| |
| |||||||
Log-Analyse und Auswertung: TrojanDownloader:Win32/Adload.DA-Virus gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.06.2013, 12:22
| #1 |
| |  TrojanDownloader:Win32/Adload.DA-Virus gefunden Hallo! Windows hat mir angezeigt, dass ich den TrojanDownloader:Win32/Adload.DA-Virus hätte. Als Problemlösung wurde mir vorgeschlagen den Microsoft Safety Scanner herunterzuladen und einen Scan durchzuführen. Das habe ich auch gemacht, jedoch wurde kein Trojaner oder etwas anderes entdeckt. Habe dann auch noch einen SpywareTerminator Scan durchgeführt, wie ich glaube auch ohne Nennenswerte Ergebnisse. Anschließend hab ich die 3 von euch empfohlenen Logs erstellt. SpywareTerminator + diese 3 Logs folgen: Ist das ein schlimmer Trojaner? Vielen Dank schon mal im voraus! Grüße Carina Spyware Terminator: ------ Logfile von Spyware Terminator (db  ------ Scann Zeit: 28.06.2013 10:32:08 länge: 0:09:24 Plattform: W7 (6.1.0.7601) Benutzer: Admin Scann typ: Schneller Scann Gescannte Objekte: 43718 (Kritisch: 5) ------ laufende Prozesse ------ smss.exe [Microsoft Corporation] : %SYSDIR%\smss.exe csrss.exe [Microsoft Corporation] : %SYSDIR%\csrss.exe wininit.exe [Microsoft Corporation] : %SYSDIR%\wininit.exe csrss.exe [Microsoft Corporation] : %SYSDIR%\csrss.exe services.exe [Microsoft Corporation] : %SYSDIR%\services.exe lsass.exe [Microsoft Corporation] : %SYSDIR%\lsass.exe lsm.exe [Microsoft Corporation] : %SYSDIR%\lsm.exe winlogon.exe [Microsoft Corporation] : %SYSDIR%\winlogon.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe nvvsvc.exe [NVIDIA Corporation] : %SYSDIR%\nvvsvc.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe audiodg.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe spoolsv.exe [Microsoft Corporation] : %SYSDIR%\spoolsv.exe sched.exe [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\sched.exe nvxdsync.exe [NVIDIA Corporation] : %SystemDiskRoot%\Program Files\NVIDIA Corporation\Display\nvxdsync.exe nvvsvc.exe [NVIDIA Corporation] : %SYSDIR%\nvvsvc.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe avguard.exe [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avguard.exe AppleMobileDeviceService.exe [Apple Inc.] : %COMMONFILES32%\Apple\Mobile Device Support\AppleMobileDeviceService.exe mDNSResponder.exe [Apple Inc.] : %SystemDiskRoot%\Program Files\Bonjour\mDNSResponder.exe btwdins.exe [Broadcom Corporation.] : %SystemDiskRoot%\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe cvpnd.exe [Cisco Systems, Inc.] : %PROGRAMFILES32%\Cisco Systems\VPN Client\cvpnd.exe taskhost.exe [Microsoft Corporation] : %SYSDIR%\taskhost.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe dwm.exe [Microsoft Corporation] : %SYSDIR%\dwm.exe st_rsser64.exe [Crawler.com] : %PROGRAMFILES%\Spyware Terminator\st_rsser64.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe explorer.exe [Microsoft Corporation] : %WINDIR%\explorer.exe WTGService.exe : %PROGRAMFILES32%\XSManager\WTGService.exe service4g.exe [4G Systems GmbH & Co. KG] : %WINDIR%\service4g.exe starter4g.exe [4G Systems GmbH & Co. KG] : %WINDIR%\starter4g.exe SpywareTerminatorShield.exe [Crawler.com] : %PROGRAMFILES32%\Spyware Terminator\SpywareTerminatorShield.exe iCloudServices.exe [Apple Inc.] : %COMMONFILES32%\Apple\Internet Services\iCloudServices.exe ApplePhotoStreams.exe [Apple Inc.] : %COMMONFILES32%\Apple\Internet Services\ApplePhotoStreams.exe BookmarkDAV_client.exe [Apple Inc.] : %COMMONFILES32%\Apple\Internet Services\BookmarkDAV_client.exe BTTray.exe [Broadcom Corporation.] : %SystemDiskRoot%\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe nvtray.exe [NVIDIA Corporation] : %SystemDiskRoot%\Program Files\NVIDIA Corporation\Display\nvtray.exe AdobeARM.exe [Adobe Systems Incorporated] : %COMMONFILES32%\Adobe\ARM\1.0\AdobeARM.exe PhilipsDeviceListener.exe : %PROGRAMFILES32%\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe avgnt.exe [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avgnt.exe DivXUpdate.exe : %PROGRAMFILES32%\DivX\DivX Update\DivXUpdate.exe iTunesHelper.exe [Apple Inc.] : %PROGRAMFILES32%\iTunes\iTunesHelper.exe Dropbox.exe [Dropbox, Inc.] : %APPDATA%\Dropbox\bin\Dropbox.exe SpywareTerminatorUpdate.exe [Crawler.com] : %PROGRAMFILES32%\Spyware Terminator\SpywareTerminatorUpdate.exe soffice.exe [OpenOffice.org] : %PROGRAMFILES32%\OpenOffice.org 3\program\soffice.exe soffice.bin [OpenOffice.org] : %PROGRAMFILES32%\OpenOffice.org 3\program\soffice.bin APSDaemon.exe [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\APSDaemon.exe avshadow.exe [Avira Operations GmbH & Co. KG] : %PROGRAMFILES%\Avira\AntiVir Desktop\avshadow.exe conhost.exe [Microsoft Corporation] : %SYSDIR%\conhost.exe SearchIndexer.exe [Microsoft Corporation] : %SYSDIR%\SearchIndexer.exe iPodService.exe [Apple Inc.] : %SystemDiskRoot%\Program Files\iPod\bin\iPodService.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe SearchProtocolHost.exe [Microsoft Corporation] : %SYSDIR%\SearchProtocolHost.exe BTStackServer.exe [Broadcom Corporation.] : %SystemDiskRoot%\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe wmpnetwk.exe [Microsoft Corporation] : %SystemDiskRoot%\Program Files\Windows Media Player\wmpnetwk.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe BluetoothHeadsetProxy.exe [Broadcom Corporation.] : %PROGRAMFILES%\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe WmiPrvSE.exe [Microsoft Corporation] : %SYSDIR%\wbem\WmiPrvSE.exe daemonu.exe [NVIDIA Corporation] : %PROGRAMFILES32%\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe sppsvc.exe [Microsoft Corporation] : %SYSDIR%\sppsvc.exe firefox.exe [Mozilla Corporation] : %PROGRAMFILES32%\Mozilla Firefox\firefox.exe wuauclt.exe [Microsoft Corporation] : %SYSDIR%\wuauclt.exe TrustedInstaller.exe [Microsoft Corporation] : %WINDIR%\servicing\TrustedInstaller.exe svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe SearchFilterHost.exe [Microsoft Corporation] : %SYSDIR%\SearchFilterHost.exe WmiPrvSE.exe [Microsoft Corporation] : %SYSDIR%\wbem\WmiPrvSE.exe taskhost.exe [Microsoft Corporation] : %SYSDIR%\taskhost.exe SearchProtocolHost.exe [Microsoft Corporation] : %SYSDIR%\SearchProtocolHost.exe SpywareTerminator.exe [Crawler.com] : %PROGRAMFILES32%\Spyware Terminator\SpywareTerminator.exe ------ Laufende Services und Treiber ------ 1394ohci [Microsoft Corporation] : %SYSDIR%\drivers\1394ohci.sys ACPI [Microsoft Corporation] : %SYSDIR%\drivers\acpi.sys AeLookupSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe AFD [Microsoft Corporation] : %SYSDIR%\drivers\afd.sys amdxata [Advanced Micro Devices] : %SYSDIR%\drivers\amdxata.sys AntiVirSchedulerService [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\sched.exe AntiVirService [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avguard.exe Apple Mobile Device [Apple Inc.] : %COMMONFILES32%\Apple\Mobile Device Support\AppleMobileDeviceService.exe AsyncMac [Microsoft Corporation] : %SYSDIR%\drivers\asyncmac.sys atapi [Microsoft Corporation] : %SYSDIR%\drivers\atapi.sys AudioEndpointBuilder [Microsoft Corporation] : %SYSDIR%\svchost.exe AudioSrv [Microsoft Corporation] : %SYSDIR%\svchost.exe avgntflt [Avira GmbH] : %SYSDIR%\drivers\avgntflt.sys avipbb [Avira GmbH] : %SYSDIR%\drivers\avipbb.sys avkmgr [Avira GmbH] : %SYSDIR%\drivers\avkmgr.sys BFE [Microsoft Corporation] : %SYSDIR%\svchost.exe BITS [Microsoft Corporation] : %SYSDIR%\svchost.exe blbdrive [Microsoft Corporation] : %SYSDIR%\drivers\blbdrive.sys Bonjour Service [Apple Inc.] : %SystemDiskRoot%\Program Files\Bonjour\mDNSResponder.exe bowser [Microsoft Corporation] : %SYSDIR%\drivers\bowser.sys Browser [Microsoft Corporation] : %SYSDIR%\svchost.exe BthEnum [Microsoft Corporation] : %SYSDIR%\drivers\bthenum.sys BTHMODEM [Microsoft Corporation] : %SYSDIR%\drivers\bthmodem.sys BthPan [Microsoft Corporation] : %SYSDIR%\drivers\bthpan.sys bthserv [Microsoft Corporation] : %SYSDIR%\svchost.exe BTHUSB [Microsoft Corporation] : %SYSDIR%\drivers\BTHUSB.SYS btwaudio [Broadcom Corporation.] : %SYSDIR%\drivers\btwaudio.sys btwavdt [Broadcom Corporation.] : %SYSDIR%\drivers\btwavdt.sys btwdins [Broadcom Corporation.] : %SystemDiskRoot%\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe btwl2cap [Broadcom Corporation.] : %SYSDIR%\drivers\btwl2cap.sys btwrchid [Broadcom Corporation.] : %SYSDIR%\drivers\btwrchid.sys cdrom [Microsoft Corporation] : %SYSDIR%\drivers\cdrom.sys CLFS [Microsoft Corporation] : %SYSDIR%\clfs.sys CmBatt [Microsoft Corporation] : %SYSDIR%\drivers\CmBatt.sys CNG [Microsoft Corporation] : %SYSDIR%\drivers\cng.sys Compbatt [Microsoft Corporation] : %SYSDIR%\drivers\compbatt.sys CompositeBus [Microsoft Corporation] : %SYSDIR%\drivers\CompositeBus.sys CryptSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe CSC [Microsoft Corporation] : %SYSDIR%\drivers\csc.sys CscService [Microsoft Corporation] : %SYSDIR%\svchost.exe CVPND [Cisco Systems, Inc.] : %PROGRAMFILES32%\Cisco Systems\VPN Client\cvpnd.exe CVPNDRVA : %SYSDIR%\drivers\CVPNDRVA.sys DcomLaunch [Microsoft Corporation] : %SYSDIR%\svchost.exe DfsC [Microsoft Corporation] : %SYSDIR%\drivers\dfsc.sys Dhcp [Microsoft Corporation] : %SYSDIR%\svchost.exe discache [Microsoft Corporation] : %SYSDIR%\drivers\discache.sys Disk [Microsoft Corporation] : %SYSDIR%\drivers\disk.sys DNE [Deterministic Networks, Inc.] : %SYSDIR%\drivers\dne64x.sys Dnscache [Microsoft Corporation] : %SYSDIR%\svchost.exe DPS [Microsoft Corporation] : %SYSDIR%\svchost.exe DXGKrnl [Microsoft Corporation] : %SYSDIR%\drivers\dxgkrnl.sys EapHost [Microsoft Corporation] : %SYSDIR%\svchost.exe EFS [Microsoft Corporation] : %SYSDIR%\lsass.exe eventlog [Microsoft Corporation] : %SYSDIR%\svchost.exe EventSystem [Microsoft Corporation] : %SYSDIR%\svchost.exe fdPHost [Microsoft Corporation] : %SYSDIR%\svchost.exe FDResPub [Microsoft Corporation] : %SYSDIR%\svchost.exe FileInfo [Microsoft Corporation] : %SYSDIR%\drivers\fileinfo.sys FltMgr [Microsoft Corporation] : %SYSDIR%\drivers\fltMgr.sys FontCache [Microsoft Corporation] : %SYSDIR%\svchost.exe fvevol [Microsoft Corporation] : %SYSDIR%\drivers\fvevol.sys GEARAspiWDM [GEAR Software Inc.] : %SYSDIR%\drivers\GEARAspiWDM.sys gpsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe HdAudAddService [Microsoft Corporation] : %SYSDIR%\drivers\HdAudio.sys HDAudBus [Microsoft Corporation] : %SYSDIR%\drivers\hdaudbus.sys hidserv [Microsoft Corporation] : %SYSDIR%\svchost.exe HomeGroupListener [Microsoft Corporation] : %SYSDIR%\svchost.exe HomeGroupProvider [Microsoft Corporation] : %SYSDIR%\svchost.exe HTTP [Microsoft Corporation] : %SYSDIR%\drivers\http.sys hwpolicy [Microsoft Corporation] : %SYSDIR%\drivers\hwpolicy.sys i8042prt [Microsoft Corporation] : %SYSDIR%\drivers\i8042prt.sys IKEEXT [Microsoft Corporation] : %SYSDIR%\svchost.exe intelppm [Microsoft Corporation] : %SYSDIR%\drivers\intelppm.sys iphlpsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe iPod Service [Apple Inc.] : %SystemDiskRoot%\Program Files\iPod\bin\iPodService.exe kbdclass [Microsoft Corporation] : %SYSDIR%\drivers\kbdclass.sys KeyIso [Microsoft Corporation] : %SYSDIR%\lsass.exe KSecDD [Microsoft Corporation] : %SYSDIR%\drivers\ksecdd.sys KSecPkg [Microsoft Corporation] : %SYSDIR%\drivers\ksecpkg.sys ksthunk [Microsoft Corporation] : %SYSDIR%\drivers\ksthunk.sys LanmanServer [Microsoft Corporation] : %SYSDIR%\svchost.exe LanmanWorkstation [Microsoft Corporation] : %SYSDIR%\svchost.exe lltdio [Microsoft Corporation] : %SYSDIR%\drivers\lltdio.sys lmhosts [Microsoft Corporation] : %SYSDIR%\svchost.exe luafv [Microsoft Corporation] : %SYSDIR%\drivers\luafv.sys Modem [Microsoft Corporation] : %SYSDIR%\drivers\modem.sys monitor [Microsoft Corporation] : %SYSDIR%\drivers\monitor.sys mouclass [Microsoft Corporation] : %SYSDIR%\drivers\mouclass.sys mountmgr [Microsoft Corporation] : %SYSDIR%\drivers\mountmgr.sys mpsdrv [Microsoft Corporation] : %SYSDIR%\drivers\mpsdrv.sys MpsSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe mrxsmb [Microsoft Corporation] : %SYSDIR%\drivers\mrxsmb.sys mrxsmb10 [Microsoft Corporation] : %SYSDIR%\drivers\mrxsmb10.sys mrxsmb20 [Microsoft Corporation] : %SYSDIR%\drivers\mrxsmb20.sys msahci [Microsoft Corporation] : %SYSDIR%\drivers\msahci.sys msisadrv [Microsoft Corporation] : %SYSDIR%\drivers\msisadrv.sys mssmbios [Microsoft Corporation] : %SYSDIR%\drivers\mssmbios.sys Mup [Microsoft Corporation] : %SYSDIR%\drivers\mup.sys NativeWifiP [Microsoft Corporation] : %SYSDIR%\drivers\nwifi.sys NDIS [Microsoft Corporation] : %SYSDIR%\drivers\ndis.sys NdisTapi [Microsoft Corporation] : %SYSDIR%\drivers\ndistapi.sys Ndisuio [Microsoft Corporation] : %SYSDIR%\drivers\ndisuio.sys NdisWan [Microsoft Corporation] : %SYSDIR%\drivers\ndiswan.sys NetBIOS [Microsoft Corporation] : %SYSDIR%\drivers\netbios.sys NetBT [Microsoft Corporation] : %SYSDIR%\drivers\netbt.sys Netman [Microsoft Corporation] : %SYSDIR%\svchost.exe netprofm [Microsoft Corporation] : %SYSDIR%\svchost.exe netw5v64 [Intel Corporation] : %SYSDIR%\drivers\netw5v64.sys NlaSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe npf [CACE Technologies, Inc.] : %SYSDIR%\drivers\npf.sys nsi [Microsoft Corporation] : %SYSDIR%\svchost.exe nsiproxy [Microsoft Corporation] : %SYSDIR%\drivers\nsiproxy.sys nvlddmkm [NVIDIA Corporation] : %SYSDIR%\drivers\nvlddmkm.sys nvsvc [NVIDIA Corporation] : %SYSDIR%\nvvsvc.exe nvUpdatusService [NVIDIA Corporation] : %PROGRAMFILES32%\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe p2pimsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe p2psvc [Microsoft Corporation] : %SYSDIR%\svchost.exe partmgr [Microsoft Corporation] : %SYSDIR%\drivers\partmgr.sys PcaSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe pci [Microsoft Corporation] : %SYSDIR%\drivers\pci.sys pcw [Microsoft Corporation] : %SYSDIR%\drivers\pcw.sys PEAUTH [Microsoft Corporation] : %SYSDIR%\drivers\PEAuth.sys PlugPlay [Microsoft Corporation] : %SYSDIR%\svchost.exe PNRPsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe Power [Microsoft Corporation] : %SYSDIR%\svchost.exe PptpMiniport [Microsoft Corporation] : %SYSDIR%\drivers\raspptp.sys ProfSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe Psched [Microsoft Corporation] : %SYSDIR%\drivers\pacer.sys RasAgileVpn [Microsoft Corporation] : %SYSDIR%\drivers\agilevpn.sys Rasl2tp [Microsoft Corporation] : %SYSDIR%\drivers\rasl2tp.sys RasMan [Microsoft Corporation] : %SYSDIR%\svchost.exe RasPppoe [Microsoft Corporation] : %SYSDIR%\drivers\raspppoe.sys RasSstp [Microsoft Corporation] : %SYSDIR%\drivers\rassstp.sys rdbss [Microsoft Corporation] : %SYSDIR%\drivers\rdbss.sys rdpbus [Microsoft Corporation] : %SYSDIR%\drivers\rdpbus.sys RDPCDD [Microsoft Corporation] : %SYSDIR%\drivers\RDPCDD.sys RDPENCDD [Microsoft Corporation] : %SYSDIR%\drivers\RDPENCDD.sys RDPREFMP [Microsoft Corporation] : %SYSDIR%\drivers\RDPREFMP.sys rdyboost [Microsoft Corporation] : %SYSDIR%\drivers\rdyboost.sys RFCOMM [Microsoft Corporation] : %SYSDIR%\drivers\rfcomm.sys RpcEptMapper [Microsoft Corporation] : %SYSDIR%\svchost.exe RpcSs [Microsoft Corporation] : %SYSDIR%\svchost.exe rspndr [Microsoft Corporation] : %SYSDIR%\drivers\rspndr.sys SamSs [Microsoft Corporation] : %SYSDIR%\lsass.exe Schedule [Microsoft Corporation] : %SYSDIR%\svchost.exe sdbus [Microsoft Corporation] : %SYSDIR%\drivers\sdbus.sys seclogon [Microsoft Corporation] : %SYSDIR%\svchost.exe SENS [Microsoft Corporation] : %SYSDIR%\svchost.exe SFEP [Sony Corporation] : %SYSDIR%\drivers\SFEP.sys ShellHWDetection [Microsoft Corporation] : %SYSDIR%\svchost.exe Spooler [Microsoft Corporation] : %SYSDIR%\spoolsv.exe sppsvc [Microsoft Corporation] : %SYSDIR%\sppsvc.exe sp_rsdrv2 [Windows (R) Win 7 DDK provider] : %SYSDIR%\drivers\stflt.sys srv [Microsoft Corporation] : %SYSDIR%\drivers\srv.sys srv2 [Microsoft Corporation] : %SYSDIR%\drivers\srv2.sys srvnet [Microsoft Corporation] : %SYSDIR%\drivers\srvnet.sys SSDPSRV [Microsoft Corporation] : %SYSDIR%\svchost.exe SstpSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe ST2012_Svc [Crawler.com] : %PROGRAMFILES%\Spyware Terminator\st_rsser64.exe stisvc [Microsoft Corporation] : %SYSDIR%\svchost.exe storflt [Microsoft Corporation] : %SYSDIR%\drivers\vmstorfl.sys swenum [Microsoft Corporation] : %SYSDIR%\drivers\swenum.sys SysMain [Microsoft Corporation] : %SYSDIR%\svchost.exe TapiSrv [Microsoft Corporation] : %SYSDIR%\svchost.exe Tcpip [Microsoft Corporation] : %SYSDIR%\drivers\tcpip.sys tcpipreg [Microsoft Corporation] : %SYSDIR%\drivers\tcpipreg.sys tdx [Microsoft Corporation] : %SYSDIR%\drivers\tdx.sys TermDD [Microsoft Corporation] : %SYSDIR%\drivers\termdd.sys Themes [Microsoft Corporation] : %SYSDIR%\svchost.exe TrkWks [Microsoft Corporation] : %SYSDIR%\svchost.exe TrustedInstaller [Microsoft Corporation] : %WINDIR%\servicing\TrustedInstaller.exe tunnel [Microsoft Corporation] : %SYSDIR%\drivers\tunnel.sys umbus [Microsoft Corporation] : %SYSDIR%\drivers\umbus.sys upnphost [Microsoft Corporation] : %SYSDIR%\svchost.exe usbccgp [Microsoft Corporation] : %SYSDIR%\drivers\usbccgp.sys usbehci [Microsoft Corporation] : %SYSDIR%\drivers\usbehci.sys usbhub [Microsoft Corporation] : %SYSDIR%\drivers\usbhub.sys usbuhci [Microsoft Corporation] : %SYSDIR%\drivers\usbuhci.sys usbvideo [Microsoft Corporation] : %SYSDIR%\drivers\usbvideo.sys UxSms [Microsoft Corporation] : %SYSDIR%\svchost.exe vdrvroot [Microsoft Corporation] : %SYSDIR%\drivers\vdrvroot.sys VgaSave [Microsoft Corporation] : %SYSDIR%\drivers\vga.sys vmbus [Microsoft Corporation] : %SYSDIR%\drivers\vmbus.sys volmgr [Microsoft Corporation] : %SYSDIR%\drivers\volmgr.sys volmgrx [Microsoft Corporation] : %SYSDIR%\drivers\volmgrx.sys volsnap [Microsoft Corporation] : %SYSDIR%\drivers\volsnap.sys Wanarpv6 [Microsoft Corporation] : %SYSDIR%\drivers\wanarp.sys Wdf01000 [Microsoft Corporation] : %SYSDIR%\drivers\Wdf01000.sys WdiServiceHost [Microsoft Corporation] : %SYSDIR%\svchost.exe WdiSystemHost [Microsoft Corporation] : %SYSDIR%\svchost.exe wercplsupport [Microsoft Corporation] : %SYSDIR%\svchost.exe WerSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe WfpLwf [Microsoft Corporation] : %SYSDIR%\drivers\wfplwf.sys WinHttpAutoProxySvc [Microsoft Corporation] : %SYSDIR%\svchost.exe Winmgmt [Microsoft Corporation] : %SYSDIR%\svchost.exe Wlansvc [Microsoft Corporation] : %SYSDIR%\svchost.exe WMPNetworkSvc [Microsoft Corporation] : %SystemDiskRoot%\Program Files\Windows Media Player\wmpnetwk.exe wscsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe WSearch [Microsoft Corporation] : %SYSDIR%\SearchIndexer.exe WTGService : %PROGRAMFILES32%\XSManager\WTGService.exe wuauserv [Microsoft Corporation] : %SYSDIR%\svchost.exe XS Stick Service [4G Systems GmbH & Co. KG] : %WINDIR%\service4g.exe yukonw7 [Marvell] : %SYSDIR%\drivers\yk62x64.sys ------ geladene Bibliotheken ------ Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ntdll.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\kernel32.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\KERNELBASE.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\user32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\gdi32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\lpk.dll Microsoft(R) Uniscribe Unicode script processor [Microsoft Corporation] : %SYSDIR32%\usp10.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\msvcrt.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\advapi32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\sechost.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\rpcrt4.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\sspicli.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\CRYPTBASE.dll Microsoft® Visual Studio® 2010 [Microsoft Corporation] : %SYSDIR32%\msvcp100.dll Microsoft® Visual Studio® 2010 [Microsoft Corporation] : %SYSDIR32%\msvcr100.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\imm32.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\msctf.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\grdcore.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\shell32.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\shlwapi.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\cfglib.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpipc.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\mpr.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpgen.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpschd.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\IPHLPAPI.DLL Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\nsi.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\winnsi.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\version.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wtsapi32.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\rasapi32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\rasman.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ws2_32.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avevtlog.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\schedr.dll SQLite Database : %PROGRAMFILES32%\Avira\AntiVir Desktop\sqlite3.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cfgmgr32.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avipc.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\apphelp.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpgrd.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpavgio.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpgui.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gplegacy.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpgenrep.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\onlcfg.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\guardmsg.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avgio.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\fltLib.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\avpref.dll AVCORE [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aecore.dll AVVDF [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aevdf.dll AVSCRIPT [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aescript.dll AVSCN [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aescn.dll AVSBX [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aesbx.dll AVRDL [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aerdl.dll AVPACK [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aepack.dll AVOFFICE [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aeoffice.dll AVHEUR [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aeheur.dll AVHELP [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aehelp.dll AVGEN [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aegen.dll AVEXP [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aeexp.dll AVEMU [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aeemu.dll AVBB [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aebb.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\avesvc.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\avesvcr.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ole32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\profapi.dll AntiVir Desktop [Avira Operations GmbH] : %PROGRAMFILES32%\Avira\antivir desktop\avreg.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\userenv.dll Microsoft® Visual Studio® 2005 [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll Microsoft® Visual Studio® 2005 [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll Apple Software Support Version Check [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\AppleVersions.dll [Apple Inc.]%COMMONFILES32%\Apple\Apple Application Support\YSCrashDump.DLL CoreFoundation [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\CoreFoundation.dll [Open Source Software community project]%COMMONFILES32%\Apple\Apple Application Support\pthreadVC2.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\wsock32.dll objc4 [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\objc.dll libdispatch [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\libdispatch.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\winmm.dll International Components for Unicode [The ICU Project] : %COMMONFILES32%\Apple\Apple Application Support\libicuin.dll International Components for Unicode [The ICU Project] : %COMMONFILES32%\Apple\Apple Application Support\libicuuc.dll International Components for Unicode [The ICU Project] : %COMMONFILES32%\Apple\Apple Application Support\icudt46.dll [Apple Inc.]%COMMONFILES32%\Apple\Apple Application Support\ASL.dll Apple Mobile Device Service [Apple Inc.] : %COMMONFILES32%\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\setupapi.dll [Microsoft Corporation]%SYSDIR32%\oleaut32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\devobj.dll Bonjour [Apple Inc.] : %SYSDIR32%\dnssd.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ntmarta.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\Wldap32.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\mswsock.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\WSHTCPIP.DLL iTunesMobileDevice [Apple Inc.] : %COMMONFILES32%\Apple\Mobile Device Support\MobileDevice.dll Windows® Internet Explorer [Microsoft Corporation] : %SYSDIR32%\wininet.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\api-ms-win-downlevel-user32-l1-1-0.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\api-ms-win-downlevel-advapi32-l1-1-0.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\api-ms-win-downlevel-shlwapi-l1-1-0.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\api-ms-win-downlevel-version-l1-1-0.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\api-ms-win-downlevel-normaliz-l1-1-0.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\normaliz.dll Windows® Internet Explorer [Microsoft Corporation] : %SYSDIR32%\iertutil.dll zlib : %COMMONFILES32%\Apple\Apple Application Support\zlib1.dll CFNetwork [Apple, Inc.] : %COMMONFILES32%\Apple\Apple Application Support\CFNetwork.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\crypt32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\msasn1.dll SQLite3 [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\SQLite3.dll libxml2.dll : %COMMONFILES32%\Apple\Apple Application Support\libxml2.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wintrust.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\winsta.dll %PROGRAMFILES32%\Cisco Systems\VPN Client\vpnapi.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\msvcirt.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\msvcp60.dll Microsoft (R) Visual C++ [Microsoft Corporation] : %SYSDIR32%\mfc42.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\odbc32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\odbcint.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\dhcpcsvc.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\dhcpcsvc6.DLL Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\nlaapi.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\NapiNSP.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\pnrpnsp.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wshbth.dll Bonjour [Apple Inc.] : %PROGRAMFILES32%\Bonjour\mdnsNSP.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\dnsapi.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\winrnr.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\FWPUCLNT.DLL Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\rasadhlp.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\newdev.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\uxtheme.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\devrtl.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\oleacc.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\winspool.drv Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\rtutils.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\dwmapi.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cryptsp.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\rsaenh.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\RpcRtRemote.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\shfolder.dll Microsoft® Visual Studio® 2010 [Microsoft Corporation] : %PROGRAMFILES32%\Mozilla Firefox\msvcr100.dll Firefox [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\mozglue.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\clbcatq.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\msimg32.dll iCloud [Apple Inc.] : %COMMONFILES32%\Apple\Internet Services\iCloudServices_main.dll AOSKit Dynamic Link Library [Apple Inc.] : %COMMONFILES32%\Apple\Internet Services\AOSKit.dll Foundation [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\Foundation.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\netapi32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\netutils.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\srvcli.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wkscli.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\samcli.dll [Apple Inc.]%COMMONFILES32%\Apple\Apple Application Support\libtidy.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\secur32.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\sxs.dll iCloud [Apple Inc.] : %COMMONFILES32%\Apple\Internet Services\ApplePhotoStreams_main.dll CoreGraphics [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\CoreGraphics.dll [Apple Inc.]%COMMONFILES32%\Apple\Internet Services\mmcs.dll [Apple Inc.]%COMMONFILES32%\Apple\Internet Services\ChunkingLibrary.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\psapi.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\WindowsCodecs.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\actxprxy.dll iCloud [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\ApplePushService.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\api-ms-win-downlevel-advapi32-l2-1-0.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\api-ms-win-downlevel-ole32-l1-1-0.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\api-ms-win-downlevel-shlwapi-l2-1-0.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\wship6.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\netprofm.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\npmproxy.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\credssp.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\schannel.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ncrypt.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\bcrypt.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\bcryptprimitives.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\gpapi.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cryptnet.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\SensApi.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\winhttp.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\webio.dll [Apple Inc.]%COMMONFILES32%\Apple\Internet Services\BookmarkDAV_client_main.dll [Apple Inc.]%COMMONFILES32%\Apple\Internet Services\CoreDAV.dll [Apple Inc.]%COMMONFILES32%\Apple\Apple Application Support\YSUtilities.dll [Apple Inc.]%COMMONFILES32%\Apple\Internet Services\LibRainfall.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\dbghelp.dll [Apple Inc.]%COMMONFILES32%\Apple\Internet Services\InternetExplorerBookmarkDAV.dll Windows® Search [Microsoft Corporation] : %SYSDIR32%\propsys.dll Windows Installer - Unicode [Microsoft Corporation] : %SYSDIR32%\msi.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\comdlg32.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\oledlg.dll Windows® Internet Explorer [Microsoft Corporation] : %SYSDIR32%\urlmon.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\imagehlp.dll Microsoft® Visual Studio® 10 [Microsoft Corporation] : %SYSDIR32%\mfc100u.dll Microsoft® Visual Studio® 10 [Microsoft Corporation] : %SYSDIR32%\MFC100DEU.DLL Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\ccwkrlib.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\logoncli.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\browcli.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\activeds.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\adsldpc.dll Microsoft (R) Visual C++ [Microsoft Corporation] : %SYSDIR32%\atl.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccguard.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccgrdrc.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccgrdw.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccwgrd.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccgen.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccgenrc.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccupdate.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccupdrc.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\cclic.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\cclicrc.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccmsg.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccmsgrc.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\rcimage.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccmainrc.dll Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\ccupdw.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cabinet.dll DivX Update : %PROGRAMFILES32%\DivX\DivX Update\DivXUpdateCheck.dll iTunes [Apple Inc.] : %PROGRAMFILES32%\iTunes\iTunesHelper.dll iTunes [Apple Inc.] : %PROGRAMFILES32%\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalized.DLL iTunes [Apple Inc.] : %PROGRAMFILES32%\iTunes\iTunesHelper.Resources\iTunesHelper.DLL iTunesMobileDevice [Apple Inc.] : %COMMONFILES32%\Apple\Mobile Device Support\iTunesMobileDevice.dll Microsoft® Visual Studio® 2008 [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\sfc.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\sfc_os.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\security.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\ntdsapi.dll wxWidgets [wxWidgets development team] : %APPDATA%\Dropbox\bin\wxmsw28uh_vc.dll Microsoft® Visual Studio® 2008 [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\FirewallAPI.dll Chromium Embedded Framework (CEF) Dynamic Link Library : %APPDATA%\Dropbox\bin\libcef.dll International Components for Unicode [The ICU Project] : %APPDATA%\Dropbox\bin\icudt.dll [Microsoft Corporation]%SYSDIR32%\olepro32.dll Spyware Terminator 2011 [Crawler.com] : %PROGRAMFILES32%\Spyware Terminator\TorrentDll.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\sal3.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\uwinapi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\sofficeapp.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\comphelp4MSC.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\salhelper3MSC.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\cppu3.dll STLport Standard ANSI C++ Libarary [STLport Consulting, Inc.] : %PROGRAMFILES32%\OpenOffice.org 3\URE\bin\stlport_vc7145.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\ucbhelper4MSC.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\vos3MSC.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\deploymentmiscmi.dll Oracle libdb [Oracle] : %PROGRAMFILES32%\OpenOffice.org 3\program\libdb47.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\tlmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\basegfxmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\i18nisolang1MSC.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\utlmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\xcrmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\sfxmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\fwemi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\fwimi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\svtmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\tkmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\vclmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\sotmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\i18npapermi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\i18nutilMSC.dll International Components for Unicode [IBM Corporation and others] : %PROGRAMFILES32%\OpenOffice.org 3\program\icuuc40.dll International Components for Unicode [IBM Corporation and others] : %PROGRAMFILES32%\OpenOffice.org 3\program\icudt40.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\svlmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\jvmfwk3.dll %PROGRAMFILES32%\OpenOffice.org 3\program\libxml2.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\sbmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\saxmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\msci_uno.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\bootstrap.uno.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\reg3.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\store3.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\configmgr.uno.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\localebe1.uno.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\URE\bin\stocservices.uno.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\wer.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\ucb1.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\fwkmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\ucpfile1.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\i18npool.uno.dll International Components for Unicode [IBM Corporation and others] : %PROGRAMFILES32%\OpenOffice.org 3\program\icuin40.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\oooimprovementmi.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\oleautobridge.uno.dll [OpenOffice.org]%PROGRAMFILES32%\OpenOffice.org 3\program\emsermi.dll iCloud [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\APSDaemon_main.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %WINDIR%\AppPatch\AcGenral.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\msacm32.dll Firefox [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\nss3.dll Microsoft® Visual Studio® 2010 [Microsoft Corporation] : %PROGRAMFILES32%\Mozilla Firefox\msvcp100.dll %PROGRAMFILES32%\Mozilla Firefox\mozjs.dll Firefox [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\mozalloc.dll Firefox [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\gkmedias.dll Firefox [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\xul.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\DWrite.dll Firefox [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\browser\components\browsercomps.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\dxgi.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\d3d10_1.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\d3d10_1core.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\d3d11.dll NVIDIA D3D10 drivers [NVIDIA Corporation] : %SYSDIR32%\nvwgf2um.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\d2d1.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\mscms.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\feclient.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\MMDevAPI.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\AudioSes.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\explorerframe.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\duser.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\dui70.dll Network Security Services [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\softokn3.dll Network Security Services [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\nssdbm3.dll Network Security Services [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\freebl3.dll Network Security Services [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\nssckbi.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\shdocvw.dll Microsoft® DirectX for Windows® [Microsoft Corporation] : %PROGRAMFILES32%\Mozilla Firefox\D3DCompiler_43.dll Firefox [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\libGLESv2.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\d3d9.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\d3d8thk.dll Firefox [Mozilla Foundation] : %PROGRAMFILES32%\Mozilla Firefox\libEGL.dll NVIDIA Windows WDDM D3D driver [NVIDIA Corporation] : %SYSDIR32%\nvd3dum.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\powrprof.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\linkinfo.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ntshrui.dll Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cscapi.dll Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\slc.dll ------ Report Ende ------ Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:48 on 28/06/2013 (Carina) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- OTL: OTL logfile created on: 28.06.2013 10:53:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,89% Memory free 7,99 Gb Paging File | 4,94 Gb Available in Paging File | 61,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,71 Gb Total Space | 136,52 Gb Free Space | 47,45% Space Free | Partition Type: NTFS Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.28 10:49:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Desktop\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Carina\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.04.21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2013.04.05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2013.04.05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2013.04.05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2013.04.03 03:16:02 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.09 05:21:14 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012.08.08 20:19:16 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.27 17:52:22 | 000,375,296 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe PRC - [2009.09.25 16:38:16 | 000,312,784 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2009.09.17 18:37:48 | 000,157,968 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2009.07.01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe ========== Modules (No Company Name) ========== MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.04.10 19:57:24 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.05.27 17:52:22 | 000,375,296 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.25 22:10:55 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.13 18:20:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.09 05:21:34 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.09.25 16:38:16 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.02 15:00:30 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.18 21:35:55 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.08.23 18:33:07 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.08.23 18:33:05 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.08.23 18:33:05 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.08.23 18:33:05 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.01.27 04:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.08.03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV - [2010.05.10 02:18:40 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2008.10.31 17:19:36 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys -- (cmnsusbser) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E F6 AD F1 1E 3F CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.25 18:01:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.25 22:10:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.26 20:41:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.25 18:01:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.25 22:10:48 | 000,000,000 | ---D | M] [2010.11.08 20:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions [2010.11.08 20:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2013.05.09 11:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\9k5w0qbx.default\extensions [2010.10.05 10:52:30 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\9k5w0qbx.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2012.12.12 17:01:03 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\9k5w0qbx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.09 11:58:36 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\9k5w0qbx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.25 22:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.25 22:10:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.07.08 21:08:24 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gears.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Carina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Carina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Carina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FC563E3-18F3-4997-94CA-0C1A28C0DD5E}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{46addbfa-29a4-11e1-bd96-0024338aef45}\Shell - "" = AutoRun O33 - MountPoints2\{46addbfa-29a4-11e1-bd96-0024338aef45}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.28 10:49:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carina\Desktop\OTL.exe [2013.06.25 22:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.21 13:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.21 13:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.21 13:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.21 13:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.21 13:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.20 18:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.06.20 18:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.06.20 18:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2013.06.28 10:49:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Desktop\OTL.exe [2013.06.28 10:48:51 | 000,000,000 | ---- | M] () -- C:\Users\Carina\defogger_reenable [2013.06.28 10:47:06 | 000,050,477 | ---- | M] () -- C:\Users\Carina\Desktop\Defogger.exe [2013.06.28 10:33:47 | 000,016,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.28 10:33:47 | 000,016,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.28 10:25:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.28 10:25:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.28 10:24:58 | 3218,845,696 | -HS- | M] () -- C:\hiberfil.sys [2013.06.27 22:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.27 22:16:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.27 22:01:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1252215016-2014628191-3784178226-1000UA.job [2013.06.27 10:01:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1252215016-2014628191-3784178226-1000Core.job [2013.06.26 11:07:32 | 000,271,175 | ---- | M] () -- C:\Users\Carina\Documents\HSV Leverkusen.png [2013.06.21 13:44:28 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.20 18:21:09 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.10 13:47:06 | 006,042,922 | ---- | M] () -- C:\Users\Carina\Desktop\Arteriosklerose.pdf [2013.06.08 13:15:23 | 000,001,051 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.08 13:14:52 | 000,001,021 | ---- | M] () -- C:\Users\Carina\Desktop\Dropbox.lnk [2013.06.05 15:54:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.05 15:54:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.03 10:13:00 | 410,635,002 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.02 11:22:58 | 000,010,848 | ---- | M] () -- C:\Users\Carina\Desktop\images.jpg ========== Files Created - No Company Name ========== [2013.06.28 10:48:51 | 000,000,000 | ---- | C] () -- C:\Users\Carina\defogger_reenable [2013.06.28 10:47:05 | 000,050,477 | ---- | C] () -- C:\Users\Carina\Desktop\Defogger.exe [2013.06.26 11:07:30 | 000,271,175 | ---- | C] () -- C:\Users\Carina\Documents\HSV Leverkusen.png [2013.06.21 13:44:28 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.10 13:46:54 | 006,042,922 | ---- | C] () -- C:\Users\Carina\Desktop\Arteriosklerose.pdf [2013.06.05 15:54:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.05 15:54:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.02 11:22:58 | 000,010,848 | ---- | C] () -- C:\Users\Carina\Desktop\images.jpg [2012.11.27 18:06:25 | 000,004,608 | ---- | C] () -- C:\Users\Carina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.07 20:22:24 | 000,002,134 | ---- | C] () -- C:\Users\Carina\.recently-used.xbel [2011.08.10 14:40:07 | 000,000,132 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.08.04 23:47:08 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{BF4BACC3-B56C-43EB-B67E-D67CB9C8508C} [2011.07.14 23:10:08 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{BDD53448-FF9D-4A06-A81F-BBBD1BABD976} [2011.06.08 01:08:34 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{F2B717BF-F1EA-4D2A-BF4B-D8A5A2A941CF} [2011.05.31 01:22:57 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{A356016A-A4D5-4590-9391-15058EF08F00} ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.11.09 20:54:45 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Amazon [2011.08.10 13:58:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.10 11:37:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.06.28 10:28:10 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Dropbox [2013.04.19 12:48:02 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DVDVideoSoft [2011.10.11 11:58:50 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DVDVideoSoftIEHelpers [2013.03.24 16:45:04 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\GraphPad Software [2010.12.25 12:20:13 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\GrassGames [2012.08.07 20:22:24 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\gtk-2.0 [2012.10.12 14:18:30 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\HandBrake [2011.04.10 19:58:08 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org [2011.02.26 00:53:52 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Philips [2010.11.08 20:26:17 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Philips-Songbird [2011.06.28 15:20:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Samsung [2012.12.02 15:00:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Spyware Terminator [2012.03.26 20:41:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Thunderbird [2012.01.05 19:08:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\XSManager ========== Purity Check ========== < End of report > |
|
28.06.2013, 12:23
| #2 |
| | TrojanDownloader:Win32/Adload.DA-Virus gefunden Extras:OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 28.06.2013 10:53:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,89% Memory free
7,99 Gb Paging File | 4,94 Gb Available in Paging File | 61,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287,71 Gb Total Space | 136,52 Gb Free Space | 47,45% Space Free | Partition Type: NTFS
Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0740D3B9-1AB6-4332-92E1-406331E184D1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EE9116F-508D-4ED8-AEAA-5C95670D3731}" = lport=445 | protocol=6 | dir=in | app=system |
"{1D6EE6F0-B4A7-4C5E-8DC7-11E146980D22}" = rport=137 | protocol=17 | dir=out | app=system |
"{346372AD-B327-48B3-B7EB-CAA05306491F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{38439898-9EA1-4F92-9878-848766423E04}" = rport=138 | protocol=17 | dir=out | app=system |
"{4543316E-8208-490E-9558-49B08E413AEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56077F25-D4E6-44D9-8DCD-8A6E63AFECD4}" = lport=138 | protocol=17 | dir=in | app=system |
"{58AAF305-1885-4BC7-AFE7-8DF3A6097B8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{5D1062E9-74A3-4C44-A033-9703DCD9EE42}" = lport=137 | protocol=17 | dir=in | app=system |
"{5ECFB0DC-5D94-498B-953A-59A1C218B866}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{64895795-53AC-41AC-A80C-26931E3948D8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EB62CE5-0861-4F43-8B8D-73CE08931FFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{95CAEF92-90ED-4BDA-8092-9FBF25F85855}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A1619CFC-FF82-4D0F-8BFE-73E7CB69D841}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A78C64F7-6621-4524-8111-78792FF6CD77}" = lport=139 | protocol=6 | dir=in | app=system |
"{AB391B5F-844F-418E-81E6-F32407D5CADA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3AA1B49-E1F5-4FF0-9700-68CD93D5E153}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB952B4C-4D1D-4257-82E6-C194C10889A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5366AFA-CDAD-42D6-B82C-52124602CA04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DA86A2EE-39B9-46B9-8DD9-14713E2FE61F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E77B0216-3B6D-480D-AB7E-A48F4576F40C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EEF998B1-F1CF-4B0F-91C1-CA4BFC02DD98}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFBDFF64-D168-4228-99BB-0BDA0470A3CB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F12B9763-9125-4A3B-9F4C-FE84D23947F1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F600C170-F3A9-4B3C-8BFE-0F36B4ACFF2D}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C397B0-2B87-40FA-98C5-43C849F77C35}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{115B85CD-9A08-40C1-8D0F-F58A19673771}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1617E2A2-03A1-43E3-88A8-03D9F5F2568D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A5E3096-F6E6-41BB-9EE0-9818E96070CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BD13A80-B661-4017-8BD4-C44759798FAA}" = protocol=6 | dir=in | app=c:\users\carina\appdata\roaming\dropbox\bin\dropbox.exe |
"{1E0D09F8-D3EF-48E0-9107-8BAAE25581C4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{28DB0E08-63A5-446C-817F-9E51B63860FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{29574F1A-17F1-4F77-A018-B65DCFF3DED3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{35C663D7-57C8-4579-BBD2-4922A99DBF6A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{53C98981-1771-4218-A84B-60E7C4BBCA5D}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{54BBEAB4-1EA3-47CA-AAE9-61091AA85B82}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5A92FCAE-9AD6-40D8-89B5-66E9B0B5B770}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C4DC0B0-49E6-4FD2-B26B-3E7C19895F3D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6EA07EB3-21A0-4875-9CE5-6A73422F5D09}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{70DAAE72-478C-4562-B53B-9465A1E950B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72AEF92D-289C-4708-8784-D071085AD66A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{904CC6CD-14D6-4B37-BEB9-E85D1EA6B4CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90A02696-20E4-47DC-B1A1-5180B32FC016}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{93CA8D77-0E8B-4F16-97C4-1167EBE530FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98DFCDD8-21DF-4334-AC89-AA261C72F5B6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9C014A47-6377-469E-AA06-0B12668F8468}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A8018EC9-1840-4AE8-BE73-E27DF4F8BB2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9E4CE8A-DF92-432A-A0B5-A662E98ADAAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF235C0A-0941-4B22-88A6-8934A5E54021}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{B4ECEBFD-1366-4977-9C80-F186C1B42430}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BB23E9C9-EFEF-40BA-A41E-55E7415EB593}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BBBD2921-38F7-498E-A6EA-9060F87047A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC6C1B5C-ED4E-4488-9E6F-6F83A85F62B8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BEF8B92F-4D77-44FF-B1E5-5C0FE1DCA0B0}" = protocol=6 | dir=out | app=system |
"{CD87EFF2-F8D8-45E2-9D12-0858D8A679C9}" = dir=in | app=c:\users\carina\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{D3EF9936-F213-47A2-BB58-E7993AFF67C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBA8BC17-8CA9-49A5-91AD-F465F6724DEE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E24FB347-EEC6-41B0-B818-8856CAB9DCDB}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe |
"{EE69224A-55C0-4F9F-BF08-5CB41FED2A09}" = protocol=17 | dir=in | app=c:\users\carina\appdata\roaming\dropbox\bin\dropbox.exe |
"{EF10BAEA-CC09-4BCF-A83B-4D158ECF9931}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F3953AAB-AAA6-46FB-BA6E-B55EE850F248}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"{FFD9C03D-2113-4073-A274-DCE741576F7B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{3C375190-E281-4815-841C-A1BBF80BD624}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{547D14C9-9C4A-4AC8-A7F4-FBDDC0187A74}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{8BC301C0-BF93-49F0-A6F6-ADFE86BCEA48}C:\users\carina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\carina\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{208D18BA-B87C-4B49-9006-57A21B9DBB9A}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{9DE02429-D6A5-41B2-A124-F958592D98A2}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{A6720665-7993-49DE-90C7-EE76A60E9D38}C:\users\carina\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\carina\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0681606A-13CD-4365-9B19-684B577FA9E9}_is1" = TreeView 1.6.6
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}" = GraphPad Prism 6 (Trial)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudibleManager" = AudibleManager
"AUREMOL" = AUREMOL (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup" = DivX-Setup
"Free Solitaire 3D_is1" = Free Solitaire 3D 3.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Google Chrome" = Google Chrome
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Montris_is1" = Montris 1.1.0
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 11.0 (x86 de)" = Mozilla Thunderbird 11.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Philips Songbird" = Philips Songbird
"PyMOL" = PyMOL
"S4Uninst" = Die Siedler IV
"Sweet Home 3D_is1" = Sweet Home 3D version 3.6
"TreeView X_is1" = TreeView X 0.5.0
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"XSManager" = XSManager
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.06.2013 07:19:36 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5897
Error - 27.06.2013 07:19:37 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.06.2013 07:19:37 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6911
Error - 27.06.2013 07:19:37 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6911
Error - 27.06.2013 07:19:38 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.06.2013 07:19:38 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7941
Error - 27.06.2013 07:19:38 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7941
Error - 27.06.2013 07:19:39 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 27.06.2013 07:19:39 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8970
Error - 27.06.2013 07:19:39 | Computer Name = Carina-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8970
[ System Events ]
Error - 27.06.2013 09:33:09 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.
Error - 27.06.2013 09:33:09 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.
Error - 27.06.2013 09:33:12 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus.
Error - 27.06.2013 09:33:12 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus.
Error - 27.06.2013 09:46:00 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy4" den Befehl "chkdsk" aus.
Error - 27.06.2013 09:46:00 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy4" den Befehl "chkdsk" aus.
Error - 27.06.2013 09:46:00 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.
Error - 27.06.2013 09:46:00 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy2" den Befehl "chkdsk" aus.
Error - 27.06.2013 09:46:00 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus.
Error - 27.06.2013 09:46:00 | Computer Name = Carina-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy1" den Befehl "chkdsk" aus.
< End of report >
GMER GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-06-28 12:59:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3255GSX rev.FG010A 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Carina\AppData\Local\Temp\awdirpod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002fab000 13 bytes [D2, 48, 8B, CB, E8, DF, C2, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002fab00e 3 bytes [00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076491465 2 bytes [49, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2676] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764914bb 2 bytes [49, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076491465 2 bytes [49, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764914bb 2 bytes [49, 76]
.text ... * 2
.text C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076491465 2 bytes [49, 76]
.text C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe[2804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764914bb 2 bytes [49, 76]
.text ... * 2
.text C:\USERS\CARINA\APPDATA\ROAMING\DROPBOX\BIN\DROPBOX.EXE[2068] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076491465 2 bytes [49, 76]
.text C:\USERS\CARINA\APPDATA\ROAMING\DROPBOX\BIN\DROPBOX.EXE[2068] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000764914bb 2 bytes [49, 76]
.text ... * 2
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076491465 2 bytes [49, 76]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[1164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764914bb 2 bytes [49, 76]
.text ... * 2
.text C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\NVIDIA UPDATE CORE\DAEMONU.EXE[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076491465 2 bytes [49, 76]
.text C:\PROGRAM FILES (X86)\NVIDIA CORPORATION\NVIDIA UPDATE CORE\DAEMONU.EXE[3640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000764914bb 2 bytes [49, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024338aef45
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024338aef45@001e453635e7 0x64 0x66 0xF9 0xED ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024338aef45@34c3acb3192b 0xB4 0xAF 0x87 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024338aef45@001dfd2c3888 0x32 0x86 0x65 0x1D ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024338aef45 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024338aef45@001e453635e7 0x64 0x66 0xF9 0xED ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024338aef45@34c3acb3192b 0xB4 0xAF 0x87 0x9E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024338aef45@001dfd2c3888 0x32 0x86 0x65 0x1D ...
---- EOF - GMER 2.1 ----
|
|
28.06.2013, 12:31
| #3 | |
| /// TB-Ausbilder   | TrojanDownloader:Win32/Adload.DA-Virus gefunden Hallo Carina,
__________________Zitat:
Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
29.06.2013, 09:52
| #4 |
| | TrojanDownloader:Win32/Adload.DA-Virus gefunden AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 29/06/2013 um 10:01:44 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Carina - CARINA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Carina\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Carina\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.hiergehtslos.de --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\9k5w0qbx.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1135 octets] - [29/06/2013 10:01:44]
########## EOF - C:\AdwCleaner[S1].txt - [1195 octets] ##########
OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.06.2013 10:11:50 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carina\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 34,85% Memory free 7,99 Gb Paging File | 4,76 Gb Available in Paging File | 59,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 287,71 Gb Total Space | 136,44 Gb Free Space | 47,42% Space Free | Partition Type: NTFS Computer Name: CARINA-PC | User Name: Carina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.28 10:49:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Desktop\OTL.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Carina\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.04.21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2013.04.05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2013.04.05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2013.04.05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2013.04.03 03:16:02 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.11.09 05:21:14 | 002,777,296 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012.08.08 20:19:16 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.27 17:52:22 | 000,375,296 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe PRC - [2009.09.25 16:38:16 | 000,312,784 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2009.09.17 18:37:48 | 000,157,968 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2009.07.01 18:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe ========== Modules (No Company Name) ========== MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.04.10 19:57:24 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.05.27 17:52:22 | 000,375,296 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.25 22:10:55 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.13 18:20:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.09 05:21:34 | 001,148,664 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.09.25 16:38:16 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2009.09.17 18:37:04 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.02 15:00:30 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.18 21:35:55 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.08.23 18:33:07 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2011.08.23 18:33:05 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2011.08.23 18:33:05 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2011.08.23 18:33:05 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2010.01.27 04:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2007.08.03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV - [2010.05.10 02:18:40 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2008.10.31 17:19:36 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys -- (cmnsusbser) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E F6 AD F1 1E 3F CB 01 [binary data] IE - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1252215016-2014628191-3784178226-1003\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Carina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.05.25 18:01:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.25 22:10:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.03.26 20:41:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.05.25 18:01:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.25 22:10:48 | 000,000,000 | ---D | M] [2010.11.08 20:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions [2010.11.08 20:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2013.05.09 11:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\9k5w0qbx.default\extensions [2010.10.05 10:52:30 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\Carina\AppData\Roaming\mozilla\Firefox\Profiles\9k5w0qbx.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0} [2012.12.12 17:01:03 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\9k5w0qbx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.09 11:58:36 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Carina\AppData\Roaming\mozilla\firefox\profiles\9k5w0qbx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.25 22:10:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.06.25 22:10:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.07.08 21:08:24 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gears.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Carina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000..\Run: [Facebook Update] C:\Users\Carina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1252215016-2014628191-3784178226-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-1252215016-2014628191-3784178226-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1252215016-2014628191-3784178226-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Carina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Carina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Carina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FC563E3-18F3-4997-94CA-0C1A28C0DD5E}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{46addbfa-29a4-11e1-bd96-0024338aef45}\Shell - "" = AutoRun O33 - MountPoints2\{46addbfa-29a4-11e1-bd96-0024338aef45}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.28 10:49:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carina\Desktop\OTL.exe [2013.06.25 22:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.21 13:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.21 13:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.21 13:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.21 13:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.21 13:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.06.20 18:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.06.20 18:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.06.20 18:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2013.06.29 10:16:04 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.29 10:16:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.29 10:13:24 | 000,016,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.29 10:13:24 | 000,016,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.29 10:04:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.29 10:04:12 | 3218,845,696 | -HS- | M] () -- C:\hiberfil.sys [2013.06.29 10:01:01 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1252215016-2014628191-3784178226-1000UA.job [2013.06.29 10:01:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1252215016-2014628191-3784178226-1000Core.job [2013.06.29 10:00:57 | 000,648,201 | ---- | M] () -- C:\Users\Carina\Desktop\adwcleaner.exe [2013.06.28 13:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.28 11:12:31 | 000,377,856 | ---- | M] () -- C:\Users\Carina\Desktop\gmer_2.1.19163.exe [2013.06.28 10:49:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carina\Desktop\OTL.exe [2013.06.28 10:48:51 | 000,000,000 | ---- | M] () -- C:\Users\Carina\defogger_reenable [2013.06.28 10:47:06 | 000,050,477 | ---- | M] () -- C:\Users\Carina\Desktop\Defogger.exe [2013.06.26 11:07:32 | 000,271,175 | ---- | M] () -- C:\Users\Carina\Documents\HSV Leverkusen.png [2013.06.21 13:44:28 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.20 18:21:09 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.06.10 13:47:06 | 006,042,922 | ---- | M] () -- C:\Users\Carina\Desktop\Arteriosklerose.pdf [2013.06.08 13:15:23 | 000,001,051 | ---- | M] () -- C:\Users\Carina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.08 13:14:52 | 000,001,021 | ---- | M] () -- C:\Users\Carina\Desktop\Dropbox.lnk [2013.06.05 15:54:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.05 15:54:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.03 10:13:00 | 410,635,002 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.02 11:22:58 | 000,010,848 | ---- | M] () -- C:\Users\Carina\Desktop\images.jpg ========== Files Created - No Company Name ========== [2013.06.29 10:00:56 | 000,648,201 | ---- | C] () -- C:\Users\Carina\Desktop\adwcleaner.exe [2013.06.28 11:12:31 | 000,377,856 | ---- | C] () -- C:\Users\Carina\Desktop\gmer_2.1.19163.exe [2013.06.28 10:48:51 | 000,000,000 | ---- | C] () -- C:\Users\Carina\defogger_reenable [2013.06.28 10:47:05 | 000,050,477 | ---- | C] () -- C:\Users\Carina\Desktop\Defogger.exe [2013.06.26 11:07:30 | 000,271,175 | ---- | C] () -- C:\Users\Carina\Documents\HSV Leverkusen.png [2013.06.21 13:44:28 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.10 13:46:54 | 006,042,922 | ---- | C] () -- C:\Users\Carina\Desktop\Arteriosklerose.pdf [2013.06.05 15:54:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.05 15:54:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.02 11:22:58 | 000,010,848 | ---- | C] () -- C:\Users\Carina\Desktop\images.jpg [2012.11.27 18:06:25 | 000,004,608 | ---- | C] () -- C:\Users\Carina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.07 20:22:24 | 000,002,134 | ---- | C] () -- C:\Users\Carina\.recently-used.xbel [2011.08.10 14:40:07 | 000,000,132 | ---- | C] () -- C:\Users\Carina\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.08.04 23:47:08 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{BF4BACC3-B56C-43EB-B67E-D67CB9C8508C} [2011.07.14 23:10:08 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{BDD53448-FF9D-4A06-A81F-BBBD1BABD976} [2011.06.08 01:08:34 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{F2B717BF-F1EA-4D2A-BF4B-D8A5A2A941CF} [2011.05.31 01:22:57 | 000,000,000 | ---- | C] () -- C:\Users\Carina\AppData\Local\{A356016A-A4D5-4590-9391-15058EF08F00} ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.11.09 20:54:45 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Amazon [2011.08.10 13:58:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.10 11:37:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.06.29 10:07:20 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Dropbox [2013.04.19 12:48:02 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\DVDVideoSoft [2013.03.24 16:45:04 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\GraphPad Software [2010.12.25 12:20:13 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\GrassGames [2012.08.07 20:22:24 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\gtk-2.0 [2012.10.12 14:18:30 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\HandBrake [2011.04.10 19:58:08 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\OpenOffice.org [2011.02.26 00:53:52 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Philips [2010.11.08 20:26:17 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Philips-Songbird [2011.06.28 15:20:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Samsung [2012.12.02 15:00:28 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Spyware Terminator [2012.03.26 20:41:59 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\Thunderbird [2012.01.05 19:08:25 | 000,000,000 | ---D | M] -- C:\Users\Carina\AppData\Roaming\XSManager ========== Purity Check ========== < End of report > |
|
29.06.2013, 09:58
| #5 |
| /// TB-Ausbilder | TrojanDownloader:Win32/Adload.DA-Virus gefunden Hallo, sieht gut aus. Nur noch eine Kontrolle: Schritt 1 Fixen mit OTL
Code:
ATTFilter :commands
[emptytemp]
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
29.06.2013, 17:25
| #6 |
| | TrojanDownloader:Win32/Adload.DA-Virus gefunden OTL: All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Carina ->Temp folder emptied: 1690437426 bytes ->Temporary Internet Files folder emptied: 417122629 bytes ->Java cache emptied: 100899239 bytes ->FireFox cache emptied: 82694000 bytes ->Google Chrome cache emptied: 16158942 bytes ->Flash cache emptied: 116988 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56468 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 458810095 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2210049 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 761 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42286783 bytes RecycleBin emptied: 2919030650 bytes Total Files Cleaned = 5.465,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06292013_110828 Files\Folders moved on Reboot... C:\Users\Carina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Carina\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... ESET: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=6973de2ddb18e64098d51b73e597e305 # engine=14197 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-06-29 04:16:06 # local_time=2013-06-29 06:16:06 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 98 29516 237945856 22605 0 # compatibility_mode=5893 16776574 100 94 8672732 124152416 0 0 # compatibility_mode=7937 16777214 28 75 6735618 20094892 0 0 # scanned=556209 # found=0 # cleaned=0 # scan_time=24559 SecurityCheck: Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Spyware Terminator 2012 JavaFX 2.1.1 Java(TM) 6 Update 22 Java(TM) 6 Update 31 Java 7 Update 7 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (22.0) Mozilla Thunderbird 11.0. Thunderbird out of Date! Google Chrome 27.0.1453.110 Google Chrome 27.0.1453.116 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
29.06.2013, 17:43
| #7 |
| /// TB-Ausbilder | TrojanDownloader:Win32/Adload.DA-Virus gefunden Hi, auch hier nichts Neues mehr. Dann bring noch alle Software auf den neusten Stand und wir räumen auf. Schritt 1 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 25.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 2 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
30.06.2013, 10:23
| #8 |
| | TrojanDownloader:Win32/Adload.DA-Virus gefunden Super!! Vielen lieben Dank, alleine wäre ich auf jeden Fall gescheitert Und war ja doch gar nicht so kompliziert, wie ich dachte! Hab auch keine Fragen oder so mehr!  |
|
30.06.2013, 14:50
| #9 |
| /// TB-Ausbilder | TrojanDownloader:Win32/Adload.DA-Virus gefunden Danke für die Rückmeldung. Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu TrojanDownloader:Win32/Adload.DA-Virus gefunden |
| antivir, antivirus, application/pdf:, autorun, avira, bonjour, converter, desktop, downloader, error, flash player, format, internet, internet explorer, microsoft office 2003, mozilla, mp3, plug-in, registry, secur, software, spyware, stick, tracker, trojandownloader:win32/adload.da-virus, trojaner, updates, win32/adload.da, win32/adload.da-virus |
Textbox. 
Linear-Darstellung
