![]() |
Nach Polizeivirus install_0_msi.exe nicht mehr da Kann mir jemand helfen? Meldung nach dem Windows start, Beispiel Bild: http://www.trojaner-board.de/attachm...lermeldung.jpg --------------------------------------------------------------------- Logfiles: ----------- OTL Extras logfile created on: 31.08.2012 00:25:18 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sera\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,90% Memory free 8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 49,64 Gb Free Space | 49,64% Space Free | Partition Type: NTFS Drive D: | 132,88 Gb Total Space | 89,95 Gb Free Space | 67,69% Space Free | Partition Type: NTFS Drive E: | 232,76 Gb Total Space | 152,46 Gb Free Space | 65,50% Space Free | Partition Type: NTFS Drive F: | 111,79 Gb Total Space | 111,69 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Drive J: | 13,70 Gb Total Space | 11,12 Gb Free Space | 81,16% Space Free | Partition Type: FAT32 Computer Name: SERA-PC | User Name: Sera | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01777F13-E926-4339-9667-C81F47AC85A0}" = lport=2869 | protocol=6 | dir=in | app=system | "{148FA0FA-F235-40D6-88CE-2D90CCF79D89}" = rport=10243 | protocol=6 | dir=out | app=system | "{1DB0FADF-2FAF-4CCA-AE6E-FB7E3C34FA42}" = lport=139 | protocol=6 | dir=in | app=system | "{2313DCC9-5F14-451A-8A77-9C7F436FF452}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{28A6C5AE-1A3B-4126-AAA2-BDE2CE404F21}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2C2E1446-E845-4AAC-A3A7-C9C914BE4EFE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2E71F88C-4056-4E66-A4B6-D34AEDA57E33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{35A75FBF-7E4A-4849-A1D9-37E41E18B91D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3ABC03C1-5DB4-4810-983D-C33E89A61B5C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4B542C8D-3DC0-43D1-B4E0-D4589895F792}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{509FB9B3-B295-4064-8A60-FD47AF16D715}" = lport=10243 | protocol=6 | dir=in | app=system | "{5E35F46A-2328-4425-A9F1-C7AA08374E25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{70FC866B-3C90-4869-B474-0B97D5FC0B90}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{79C06308-4CE9-407A-A7AD-65BB1B7AF7B5}" = lport=445 | protocol=6 | dir=in | app=system | "{79EDE12F-6121-4898-83E9-1CF536334850}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7D4CFEF2-B232-43A2-BB64-6C081746C217}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{81CDC13C-9718-43A3-8DC0-C9A304CE092B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{896DE469-1894-4BE2-9AB7-4489E78BCA63}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{8C16EB70-B775-4959-B20F-A201C79367E4}" = lport=137 | protocol=17 | dir=in | app=system | "{8E7A31C6-F7DC-4F54-91E0-E8EC9D01CCBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A93759F7-3129-4D21-85B7-578E7045628F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AF5E93F7-3E6F-4921-B09E-7EAC944FA84B}" = rport=139 | protocol=6 | dir=out | app=system | "{B8F0A850-6E0F-495F-AE01-5C69E28F5B03}" = lport=138 | protocol=17 | dir=in | app=system | "{B91369B1-10BB-4957-AE5D-2801A2254FC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CA14CF7B-38E3-44F3-8011-24D438D2BB27}" = rport=445 | protocol=6 | dir=out | app=system | "{E1CB5742-529F-4C27-B12E-AD0A36AE07D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E817E0B4-FD9C-454A-AFFE-72318BD59FE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EFAC5209-697B-4093-9C4E-0BECCD300BFE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F50B0B51-32F7-44BA-BC1A-A93502B8A632}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F96EF972-50B9-4488-8C06-0D40223238F0}" = rport=137 | protocol=17 | dir=out | app=system | "{FB72F048-C8BC-4C85-8C8E-843F424E0D03}" = rport=138 | protocol=17 | dir=out | app=system | "{FE8FA8D9-2E55-40EF-9157-314ED5004506}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{045A2A76-4793-4F54-9B66-497F3454D2AE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{05CCC652-780A-41C4-879C-07908762A5A9}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{071BBA47-5642-4B29-B98B-BE99CF563779}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{17601E87-9B15-4CC6-8818-7EBBD0DF6CE6}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{26768E2A-5D11-45D7-8382-CD5EAAA231E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2E5571DD-2156-4B12-8089-556A74744ECD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{3132CCB9-6824-4E73-B070-4985E9CDADC1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{3543EA0B-B8B0-4CC2-BECC-A2044B4B643F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4BCFB9B8-CE75-458B-87BB-9D20B120D4B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4CEFC374-C6DA-4428-A539-1C9738745622}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{52FB7F96-BC45-4ED6-B89F-6E2D616F5F63}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{5703EAF1-9637-4C9D-9356-AC93DF95D0E1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{605BE609-D050-4C50-8847-E3A09C539074}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{771D8954-0C78-4F65-BF5C-694BEBA52B3A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7CF7719F-2EA3-4DBB-9172-FCE015BD282C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7D51E62F-B983-40F1-A9A4-9F1CA9935B46}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{7F825652-DA34-4797-85CF-C6976C116F96}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{7FC36DB3-B402-416B-B28A-1230FC82DED2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{81CC1AB3-745E-4B25-8A6E-564363A75D1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8D4F716A-6F2B-4B9C-AEF2-520F9E69B2FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A05645A1-ABA3-4A5A-8077-5FD5F8271F68}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A542382A-2C3A-4507-8044-FF48A1EF2026}" = protocol=6 | dir=in | app=e:\mamas ordner\proggs\azureus\azureus.exe | "{B0A2C2E6-9614-4CD3-AA24-E396F8F44959}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{B88C5F97-992C-42D9-B14D-24EAE704EDEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BD9E11C4-9B76-4B24-922D-26F8FAC6FA22}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C2454C06-43DC-4FE1-B0CD-57CD4B37880C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{C3552995-2591-4B02-90E5-5CD02E54422C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C5A370EC-BF4D-4774-9494-EEC33D9BC68F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C5A3BB71-9ECD-4026-852E-CB6554CCD37E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C6FAF979-DEE1-4CF3-AF8A-2AB022AF4AD7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C7793B7D-B577-4462-8A49-34AFBECA0664}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C8D5041F-E123-4DAD-81F4-F25C82F24842}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{C9CC4CBF-C68B-415C-A754-F2403118C0E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{CE3CEB59-C063-4705-AA59-B8F598A895C5}" = protocol=6 | dir=out | app=system | "{DB0CACBC-F8A0-48DA-9EA4-2F3D02FF5E28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E68930CD-86E6-4972-A090-B8FADC993420}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E73402E0-C642-4DFF-8438-B4B3DD82F83C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{F442C8DB-2583-4DA3-8F88-18A7789747D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FBC9AF47-FE53-4406-A73C-8AF87A5E45FA}" = protocol=17 | dir=in | app=e:\mamas ordner\proggs\azureus\azureus.exe | "TCP Query User{6A1EA4CE-A865-465D-9B4E-E40C112991A5}C:\users\sera\appdata\roaming\uvyben\axqua.exe" = protocol=6 | dir=in | app=c:\users\sera\appdata\roaming\uvyben\axqua.exe | "TCP Query User{CF815926-1AF2-4D37-9AA8-11CD932D6747}C:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe | "UDP Query User{987B222B-6EEE-4A97-BDFA-1576A83D8B0E}C:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox 4.0 beta 6\plugin-container.exe | "UDP Query User{BBBA4C27-6368-4BE5-B8D8-672617B46D97}C:\users\sera\appdata\roaming\uvyben\axqua.exe" = protocol=17 | dir=in | app=c:\users\sera\appdata\roaming\uvyben\axqua.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4C47DA93-303F-4165-918B-BCBAD9099DB8}" = Russisch für Deutsche - empfohlen "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64 "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "CCleaner" = CCleaner "Defraggler" = Defraggler "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F827F147-D65E-43C9-B73F-7401CA93FDB3}" = Russisch (deutschе Tastatur) "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1&1 Upload-Manager" = 1&1 Upload-Manager "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Free 3D Video Maker_is1" = Free 3D Video Maker version 1.1.5.508 "Free Audio Converter_is1" = Free Audio Converter version 5.0.11.508 "Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.12.804 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228 "Google Chrome" = Google Chrome "Internet Download Manager" = Internet Download Manager "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "ST6UNST #1" = BEWERBUNGSMASTER "TeamViewer 6" = TeamViewer 6 "VLC media player" = VLC media player 1.1.11 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 19.10.2011 00:55:29 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9079 Error - 19.10.2011 00:55:29 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9079 Error - 19.10.2011 00:55:30 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 19.10.2011 00:55:30 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 10077 Error - 19.10.2011 00:55:30 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 10077 Error - 19.10.2011 04:50:24 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 19.10.2011 04:50:24 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1060 Error - 19.10.2011 04:50:24 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1060 Error - 19.10.2011 04:50:25 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 19.10.2011 04:50:25 | Computer Name = SERA-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2059 [ Media Center Events ] Error - 07.12.2011 09:47:52 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = Error - 07.12.2011 09:50:52 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = Error - 07.12.2011 09:57:10 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = Error - 07.12.2011 10:01:19 | Computer Name = Sera-PC | Source = Microsoft-Windows-Media Center Extender | ID = 536 Description = [ System Events ] Error - 30.08.2012 05:40:09 | Computer Name = Sera-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error - 30.08.2012 07:14:28 | Computer Name = Sera-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error - 30.08.2012 07:14:30 | Computer Name = Sera-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error - 30.08.2012 08:59:16 | Computer Name = Sera-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error - 30.08.2012 08:59:18 | Computer Name = Sera-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error - 30.08.2012 09:37:43 | Computer Name = Sera-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error - 30.08.2012 09:37:45 | Computer Name = Sera-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error - 30.08.2012 11:15:33 | Computer Name = Sera-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error - 30.08.2012 11:15:35 | Computer Name = Sera-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden. Error - 30.08.2012 15:33:28 | Computer Name = Sera-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. < End of report > ----------------------------------------------------------------------- OTL logfile created on: 31.08.2012 00:25:18 - Run 2 OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Sera\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,90% Memory free 8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,00 Gb Total Space | 49,64 Gb Free Space | 49,64% Space Free | Partition Type: NTFS Drive D: | 132,88 Gb Total Space | 89,95 Gb Free Space | 67,69% Space Free | Partition Type: NTFS Drive E: | 232,76 Gb Total Space | 152,46 Gb Free Space | 65,50% Space Free | Partition Type: NTFS Drive F: | 111,79 Gb Total Space | 111,69 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Drive J: | 13,70 Gb Total Space | 11,12 Gb Free Space | 81,16% Space Free | Partition Type: FAT32 Computer Name: SERA-PC | User Name: Sera | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sera\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avutil-51.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avformat-54.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ui11rdr) -- C:\Windows\SysNative\drivers\ui11rdr.SYS (1&1 Internet AG) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=a4ea60ff000000000000001fd055267c IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 E8 A3 BD 2C 78 CB 01 [binary data] IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\URLSearchHook: {dfabc5b5-039b-4865-979a-de31cdf3e351} - No CLSID value found IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes,DefaultScope = {0590B797-28CC-4B24-BC3E-6BC6BF9627C3} IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{0590B797-28CC-4B24-BC3E-6BC6BF9627C3}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100789&babsrc=SP_ss&mntrId=a4ea60ff000000000000001fd055267c IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-357678653-1223163808-252771922-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 11:20:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sera\AppData\Roaming\IDM\idmmzcc3 [2011.05.23 22:29:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Sera\AppData\Roaming\IDM\idmmzcc3 [2011.05.23 22:29:10 | 000,000,000 | ---D | M] [2010.10.24 20:31:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions [2010.08.26 22:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2010.05.05 20:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.10.22 12:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions [2011.09.28 21:45:07 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.03.26 23:32:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\fv7cfqo8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.30 23:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions [2012.07.25 23:17:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.08.21 10:38:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.03.26 23:32:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.22 11:32:11 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Users\Sera\AppData\Roaming\mozilla\Firefox\Profiles\x7fkwl5g.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Sera\AppData\Roaming\Mozilla\Firefox\Profiles\fv7cfqo8.default\searchplugins\icqplugin.xml [2012.01.09 23:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.09 23:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 6\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM [2012.07.20 11:20:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.09 23:04:24 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sou rceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - Extension: YouTube = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Billabong Surf Theme = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnjghdbnnficankmjeocglncagiippoc\1.0_0\ CHR - Extension: Google Mail = C:\Users\Sera\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3:64bit: - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-357678653-1223163808-252771922-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [audiohddrive] C:\Users\Sera\AppData\Roaming\audiohddrive\audiohddrive.exe File not found O4:64bit: - HKLM..\Run: [audiohddrivewin] C:\Users\Sera\AppData\Roaming\audiohddrivewin\audiohddrivewin.exe File not found O4:64bit: - HKLM..\Run: [AudioTreiber_x64] C:\Users\Sera\AppData\Roaming\AudioTreiber_x64\AudioTreiber_x64.exe File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-357678653-1223163808-252771922-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found O4 - HKU\S-1-5-21-357678653-1223163808-252771922-1001..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-357678653-1223163808-252771922-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm () O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94382F93-BB1E-4413-B941-CFB4EA52BDE8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\audiohddrive\audiohddrive.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\audiohddrivewin\audiohddrivewin.exe) - File not found O20:64bit: - HKLM Winlogon: UserInit - (C:\Users\Sera\AppData\Roaming\drivehdwin\drivehdwin.exeC:\Users\Sera\AppData\Roaming\AudioTreiber_x64\AudioTreiber_x64.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{02b5c2ce-e006-11df-ac38-001167b61e81}\Shell - "" = AutoRun O33 - MountPoints2\{02b5c2ce-e006-11df-ac38-001167b61e81}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk /p \?HINE BootExecute sett) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.30 23:40:20 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Sera\Desktop\OTL.exe [2012.08.30 22:11:25 | 000,000,000 | ---D | C] -- C:\Users\Sera\AppData\Roaming\Avira [2012.08.30 21:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.30 21:59:47 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.08.30 21:59:47 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.08.30 21:59:47 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.08.30 21:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.08.30 21:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.08.30 21:52:12 | 000,000,000 | ---D | C] -- C:\Users\Sera\AppData\Roaming\NetSpeedMonitor [2012.01.04 09:59:25 | 000,060,416 | ---- | C] (gdsfgsdf) -- C:\Users\Sera\AppData\Roaming\408938.exe [4 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.31 00:24:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.31 00:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.30 23:40:22 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Sera\Desktop\OTL.exe [2012.08.30 23:32:15 | 002,213,358 | ---- | M] () -- C:\Users\Sera\Desktop\Unbenannt.png [2012.08.30 23:30:35 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.30 23:26:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 23:26:15 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.30 23:18:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.30 23:18:14 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.08.30 21:42:58 | 083,023,306 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.29 11:26:34 | 000,001,889 | ---- | M] () -- C:\Users\Sera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.27 13:27:03 | 000,000,162 | -H-- | M] () -- C:\Users\Sera\Documents\~$rita l.rtf [2012.08.15 10:08:11 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.15 10:08:11 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [4 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.30 23:32:14 | 002,213,358 | ---- | C] () -- C:\Users\Sera\Desktop\Unbenannt.png [2012.08.29 11:26:34 | 000,001,889 | ---- | C] () -- C:\Users\Sera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.29 11:26:32 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad [2012.08.27 13:27:03 | 000,000,162 | -H-- | C] () -- C:\Users\Sera\Documents\~$rita l.rtf [2012.02.18 21:03:32 | 000,000,562 | ---- | C] () -- C:\Windows\wiso.ini [2011.11.21 19:39:04 | 000,000,217 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2011.11.21 19:39:04 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2011.07.06 18:12:20 | 000,005,981 | ---- | C] () -- C:\Users\Sera\ESt2009_Buchmüller_Sergej_und_Margarethe.elfo [2011.07.03 02:56:25 | 000,007,603 | ---- | C] () -- C:\Users\Sera\AppData\Local\Resmon.ResmonCfg [2011.05.20 20:57:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.03.25 11:10:03 | 000,033,134 | ---- | C] () -- C:\Users\Sera\AppData\Roaming\UserTile.png [2010.10.25 08:58:22 | 000,037,467 | ---- | C] () -- C:\Users\Sera\russisch tastatur.exe [2010.10.24 20:30:09 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.24 13:18:58 | 012,666,128 | ---- | C] () -- C:\Users\Sera\objectdock_1_9_536.exe ========== LOP Check ========== [2012.06.09 10:44:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\redsn0w [2012.01.09 14:27:16 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\1&1 [2010.11.08 14:10:54 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\ACD Systems [2012.01.23 23:37:02 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\audiohddrive [2011.11.04 17:15:08 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\audiohddrivewin [2012.01.23 23:37:02 | 000,000,000 | RHSD | M] -- C:\Users\Sera\AppData\Roaming\AudioTreiber_x64 [2012.08.30 23:12:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Azureus [2012.01.09 23:04:23 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Babylon [2012.02.18 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Buhl Data Service [2011.10.09 16:03:26 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DAEMON Tools Lite [2012.08.30 22:25:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DMCache [2011.07.05 20:36:47 | 000,000,000 | -H-D | M] -- C:\Users\Sera\AppData\Roaming\drivehdwin [2012.06.02 14:06:14 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DVDVideoSoft [2011.08.15 16:18:15 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.27 17:29:02 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Fisher-Price [2011.05.27 15:05:14 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Fuov [2012.01.09 12:59:43 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\ICQ [2012.08.30 22:23:51 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\IDM [2011.05.20 21:19:22 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Leadertech [2012.08.31 00:29:26 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\NetSpeedMonitor [2011.12.19 00:20:53 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Paloma Networks, Inc [2012.06.11 14:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\redsn0w [2010.11.07 04:17:40 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\streamripper [2011.10.28 01:40:35 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\TeamViewer [2012.06.18 21:45:17 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\TomTom [2010.11.07 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Ubisoft [2011.06.24 01:30:30 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\updaterz [2011.06.24 01:30:25 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Uvyben [2011.07.10 21:05:54 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\whitepixel [2012.01.23 23:37:02 | 000,000,000 | -HSD | M] -- C:\Users\Sera\AppData\Roaming\winsvchost [2012.02.29 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\Sera\AppData\Roaming\Xilisoft [2012.05.31 23:13:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > ------------------------------------------------------------------------ Danke in voraus! MfG. Sera |
Hallo und Herzlich Willkommen! :) Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. erneut einen Systemscan mit OTL
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira |
also das kam dabei raus Code: Malwarebytes Anti-Malware 1.62.0.1300 Code: OTL logfile created on: 01.09.2012 14:34:54 - Run 3 Code: 1&1 Upload-Manager 1&1 Internet AG 03.03.2012 2.0.676 |
Habe leider schlechte Nachricht für Dich, da hast Du Dir ein grausliches Tierchen eingefangenhttp://www.world-of-smilies.com/wos_sonstige/crying.gif: Zitat:
- einen Backdoor mit Rootkitfunktionalität http://www.world-of-smilies.com/wos_sonstige/crying.gif diese Malware verwendet Rootkit-Technologie und Backdoor-Routine *was sind Backdoors und Rootkits* Verhaltensweise: "speicherresident" Zweites Problem ist: Code: 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation für Win7 das Service Pack 1 (SP1) fehlt: das SP1 umfasst die neuesten Aktualisierungen, wie z.B wichtige Sicherheits-, Stabilitäts- und Leistungsverbesserungen. - Der Internet Explorer auch veraltet, aktuell ist IE 9! Allerdings in diesem Zustand (der Rechner aktuell durch Malware befallen ist), der alten Version eine Aufrüstung auf die nächste NICHT erfolgen darf, sonst schadet es mehr als es nutzt! Soll nun die Festplatte erst formatiert werden, also absolut malwarefrei sein! Tipps & Rat: wenn Du deine Daten sichern möchtest: - für eine reibungslose Abwicklung im Bereich Datensicherung, führe das folgende script mit OTL aus, außerdem das Tool TDSSKiller von Kaspersky laufen lassen: 1. Zitat:
Code: :OTL
Zitat:
TDSSKiller von Kaspersky
3. Datensicherung: ► NUR Daten sichern, die nicht ausführbaren Dateien enthalten - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. - Vorsicht mit den schon vorhandenen Dateien auf die extern gespeicherten Daten und auch jetzt mit dem Virus infizierte Dateien eine Datensicherung anzufertigen - Am besten alles was dir sehr wichtig, separat (extern) sichern - nicht mischen eventuell früher geschicherten Daten, also vor dem Befall! - Eventuell gecrackte Software nicht sichern und dann auf neu aufgesetztem System wieder drauf installieren! 4. -> Anleitung: Neuaufsetzen des Systems + Absicherung -> Anleitung zum Neuaufsetzen - Windows XP, Vista und Win7 5. - Vor zurückspielen - bevor du mit deinem PC direkt ins Netz gehst...: - die Autoplay-Funktion für alle Laufwerke deaktivieren/ausschalten -> Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten Die auf eine externe Festplatte gesicherten Daten, gründlich zu scannen von einem suaberen System aus, am besten mit mehreren Scannern-> Kostenlose Online Scanner - Anleitung Absolut empfehlenswerter Scanner: Zitat:
6. Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern z.B. Login-, Mail- oder Website-Passwörter Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) gruß kira |
Alle Zeitangaben in WEZ +1. Es ist jetzt 11:16 Uhr. |
Copyright ©2000-2025, Trojaner-Board