| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mystar incredybar löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.12.2012, 21:49
| #16 |
 |  Mystar incredybar löschen Logdatei CombiFix:Combofix Logfile: Code:
ATTFilter ComboFix 12-12-04.01 - Jan 05.12.2012 21:01:03.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4094.2873 [GMT 1:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jan\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_2b873024ebb78030\shsvcs.dll --> c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-05 bis 2012-12-05 ))))))))))))))))))))))))))))))
.
.
2012-12-05 20:08 . 2012-12-05 20:17 -------- d-----w- c:\users\Jan\AppData\Local\temp
2012-12-05 20:08 . 2012-12-05 20:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-05 20:08 . 2012-12-05 20:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-05 15:43 . 2012-12-05 15:43 -------- d-----w- c:\program files (x86)\avmwlanstick
2012-12-05 15:35 . 2009-03-20 00:03 480560 ------w- c:\windows\instwcli.dex
2012-12-04 21:39 . 2012-12-04 21:39 -------- d-----w- c:\users\Jan\AppData\Local\APN
2012-12-04 21:39 . 2012-12-04 22:27 -------- d-----w- c:\programdata\Avira
2012-12-04 21:26 . 2012-12-04 21:26 -------- d-----w- c:\windows\ERUNT
2012-12-04 21:26 . 2012-12-04 21:26 -------- d-----w- C:\JRT
2012-12-04 18:54 . 2012-12-04 18:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-04 18:54 . 2012-12-04 18:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-04 18:53 . 2012-12-04 18:53 -------- d-----w- c:\program files (x86)\Java
2012-12-04 17:30 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C421986F-EC7C-49D3-AAFA-22A2613930B8}\mpengine.dll
2012-12-03 20:42 . 2012-12-03 20:42 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-03 20:42 . 2012-12-03 20:42 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-12-02 13:31 . 2012-12-02 14:39 -------- d-----w- c:\program files (x86)\Google
2012-12-02 09:01 . 2012-12-02 09:01 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes
2012-12-02 09:01 . 2012-12-02 09:01 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 09:01 . 2012-12-02 09:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-02 09:01 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-02 02:53 . 2012-12-02 02:53 -------- d-----w- c:\users\Jan\AppData\Roaming\TuneUp Software
2012-12-02 02:53 . 2012-12-02 02:53 -------- d-----w- c:\programdata\TuneUp Software
2012-12-02 02:53 . 2012-12-02 02:53 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-02 02:53 . 2012-12-02 02:53 -------- d--h--w- c:\programdata\Common Files
2012-12-02 02:52 . 2012-12-02 02:52 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-12-02 02:52 . 2012-12-02 02:52 -------- d-----w- c:\windows\SysWow64\Extensions
2012-12-02 02:52 . 2012-12-02 02:52 -------- d-----w- c:\program files\CodeGazer
2012-12-02 02:08 . 2012-12-02 02:17 -------- d-----w- c:\users\Jan\AppData\Roaming\EvJOWallpaper
2012-12-02 02:08 . 2012-12-02 02:08 -------- d-----w- c:\program files (x86)\EvJOSoft
2012-12-02 02:04 . 2012-12-02 02:04 -------- d-----w- c:\windows\Downloaded Installations
2012-12-02 01:58 . 2012-12-02 01:58 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-12-01 23:20 . 2003-05-14 20:07 389120 ------w- c:\windows\SysWow64\actskn43.ocx
2012-12-01 23:19 . 2012-12-02 01:58 -------- d-----w- c:\program files (x86)\Wallpaper Juggler
2012-12-01 23:19 . 2001-03-13 13:49 140288 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-12-01 23:19 . 1998-04-23 23:00 368912 ----a-w- c:\windows\SysWow64\vbar332.dll
2012-11-28 19:04 . 2012-11-28 19:04 -------- d-----w- c:\users\Jan\AppData\Local\fontconfig
2012-11-28 19:04 . 2012-12-02 21:47 -------- d-----w- c:\users\Jan\.gimp-2.8
2012-11-28 19:04 . 2012-11-28 19:04 -------- d-----w- c:\users\Jan\AppData\Local\gegl-0.2
2012-11-26 20:27 . 2012-11-26 20:27 -------- d-----w- c:\programdata\AVS4YOU
2012-11-26 20:27 . 2012-11-26 20:27 -------- d-----w- c:\users\Jan\AppData\Roaming\AVS4YOU
2012-11-26 20:26 . 2012-11-26 20:29 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-11-26 20:26 . 2010-07-08 11:25 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2012-11-26 20:26 . 2010-07-08 11:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-11-26 20:26 . 2012-11-26 20:29 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-11-16 14:26 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 14:26 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 14:23 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 13:59 . 2012-11-09 13:59 -------- d-----w- c:\programdata\Tages
2012-11-07 16:22 . 2012-12-02 08:41 -------- d-----w- c:\users\Jan\AppData\Roaming\FileZilla
2012-11-07 16:22 . 2012-11-17 16:46 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 18:53 . 2012-05-12 15:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-04 18:53 . 2012-05-12 15:40 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-02 02:53 . 2012-05-17 13:21 688640 ----a-w- c:\windows\system32\themeui.dll
2012-12-02 02:53 . 2008-01-21 02:50 317440 ----a-w- c:\windows\system32\uxtheme.dll
2012-11-16 20:30 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-10-10 19:23 . 2012-10-10 19:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 19:23 . 2012-10-10 19:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 19:23 . 2012-10-10 19:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 19:23 . 2012-10-10 19:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 19:23 . 2012-10-10 19:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 19:23 . 2012-10-10 19:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 19:23 . 2012-10-10 19:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 19:23 . 2012-10-10 19:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 19:23 . 2012-10-10 19:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 19:23 . 2012-10-10 19:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 19:23 . 2012-10-10 19:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 19:23 . 2012-10-10 19:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 19:23 . 2012-10-10 19:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 19:22 . 2012-10-10 19:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 19:22 . 2012-10-10 19:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 19:22 . 2012-02-09 20:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 19:22 . 2012-02-09 20:43 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 19:22 . 2012-10-10 19:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 19:22 . 2012-10-10 19:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 19:22 . 2012-10-10 19:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 19:22 . 2012-10-10 19:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-09 15:14 . 2012-10-09 15:14 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-08 17:52 . 2012-10-08 17:52 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-10-08 17:52 . 2012-10-08 17:52 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-10-02 19:51 . 2012-10-18 12:52 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2012-10-18 12:52 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2012-10-18 12:52 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2012-10-18 12:52 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2012-10-18 12:52 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2012-10-18 12:52 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 11:15 . 2012-10-02 11:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-28 01:10 . 2012-09-28 01:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-28 01:10 . 2012-09-28 01:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-28 01:10 . 2012-09-28 01:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-28 01:10 . 2012-09-28 01:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-09-28 01:10 . 2012-09-28 01:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-28 01:10 . 2012-09-28 01:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-28 01:10 . 2012-09-28 01:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-28 01:10 . 2012-09-28 01:10 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-28 01:10 . 2012-09-28 01:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-28 01:10 . 2012-09-28 01:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-28 01:10 . 2012-09-28 01:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-28 01:10 . 2012-09-28 01:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-28 01:10 . 2012-09-28 01:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-28 01:10 . 2012-09-28 01:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-28 01:10 . 2012-09-28 01:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-28 01:10 . 2012-09-28 01:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-28 01:10 . 2012-09-28 01:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-09-28 01:10 . 2012-09-28 01:10 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-28 01:10 . 2012-09-28 01:10 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-28 01:10 . 2012-09-28 01:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-28 01:10 . 2012-09-28 01:10 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-28 01:10 . 2012-09-28 01:10 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-28 01:10 . 2012-09-28 01:10 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-28 01:10 . 2012-09-28 01:10 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-28 01:10 . 2012-09-28 01:10 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-28 01:10 . 2012-09-28 01:10 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-28 01:10 . 2012-09-28 01:10 136192 ----a-w- c:\windows\system32\advpack.dll
2012-09-28 01:10 . 2012-09-28 01:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-28 01:10 . 2012-09-28 01:10 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-28 01:10 . 2012-09-28 01:10 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-28 01:10 . 2012-09-28 01:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-28 01:10 . 2012-09-28 01:10 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-28 01:10 . 2012-09-28 01:10 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-28 01:10 . 2012-09-28 01:10 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-28 01:10 . 2012-09-28 01:10 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-28 01:10 . 2012-09-28 01:10 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-28 01:10 . 2012-09-28 01:10 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-28 01:10 . 2012-09-28 01:10 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-28 01:10 . 2012-09-28 01:10 448512 ----a-w- c:\windows\system32\html.iec
2012-09-28 01:10 . 2012-09-28 01:10 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-28 01:10 . 2012-09-28 01:10 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-28 01:10 . 2012-09-28 01:10 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-28 01:10 . 2012-09-28 01:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-28 01:10 . 2012-09-28 01:10 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-28 01:10 . 2012-09-28 01:10 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-28 01:10 . 2012-09-28 01:10 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-28 01:10 . 2012-09-28 01:10 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-28 01:10 . 2012-09-28 01:10 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-28 01:10 . 2012-09-28 01:10 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-28 01:10 . 2012-09-28 01:10 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-26 18:57 . 2012-10-07 09:24 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-09-26 18:57 . 2012-09-26 18:57 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-09-26 18:57 . 2012-09-26 18:57 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-09-26 18:57 . 2012-09-26 18:57 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-09-26 18:57 . 2012-10-07 09:23 319456 ----a-w- c:\windows\SysWow64\DIFxAPI.dll
2012-09-26 18:57 . 2012-09-26 18:57 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-09-26 18:57 . 2012-09-26 18:57 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-09-26 18:57 . 2012-09-26 18:57 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-09-26 18:57 . 2012-09-26 18:57 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-09-26 18:57 . 2012-09-26 18:57 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-09-26 18:57 . 2012-09-26 18:57 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-09-26 18:57 . 2012-09-26 18:57 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-09-26 18:57 . 2012-09-26 18:57 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-09-26 18:57 . 2012-09-26 18:57 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-12-04 1354736]
"Akamai NetSession Interface"="c:\users\Jan\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-04-23 1904640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]
.
2012-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02 14:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-870192084-3636044139-2260596-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,5b,27,40,9b,f1,90,b3,fd,37,90,8d,e4,66,29,ee,35,44,05,5e,32,
49,e2,cc,61,68,84,d5,44,11,1d,3e,37,f6,6d,bb,f8,34,66,c1,5e,b4,42,06,7e,a3,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-05 21:20:02 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-05 20:20
ComboFix2.txt 2012-12-05 19:27
ComboFix3.txt 2012-12-04 22:12
.
Vor Suchlauf: 14 Verzeichnis(se), 314.587.115.520 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 314.422.857.728 Bytes frei
.
- - End Of File - - 0F4595E55AA982A81BADA0C4EFEBF302
Wegen dem Internet es geht immer noch nicht da steht"Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden" hab leider keine Ahnung was das bedeutet vielleicht kannst du damit ja was anfangen. |
|
06.12.2012, 19:14
| #17 |
| /// TB-Ausbilder   | Mystar incredybar löschen Servus,
__________________Führe den folgenden OTL-Fix aus und berichte, ob du nun wieder Internetzugriff hast. Fixen mit OTL
Code:
ATTFilter :files
netsh winsock reset /C
:Commands
[reboot]
|
|
06.12.2012, 19:56
| #18 |
| | Mystar incredybar löschen Was meinst du mit unkenntlich gemachten stellen??
__________________ |
|
06.12.2012, 20:27
| #19 |
| /// TB-Ausbilder | Mystar incredybar löschen Servus, damit meine ich Benutzernamen, an die gerne mal durch ***** ersetzt werden. Das betrifft dich aber nicht.  |
|
06.12.2012, 20:39
| #20 |
| | Mystar incredybar löschen ========== FILES ========== < netsh winsock reset /C > Die Initialisierungsfunktion InitHelperDll in NSHHTTP.DLL konnte nicht gestartet werden. Fehlercode 10107 Der Winsock-Katalog wurde zurückgesetzt. Sie müssen den Computer neu starten, um den Vorgang abzuschließen. C:\Users\Jan\Desktop\cmd.bat deleted successfully. C:\Users\Jan\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 12062012_202959 |
|
06.12.2012, 20:40
| #21 |
| /// TB-Ausbilder | Mystar incredybar löschen Servus, wie sieht es mit dem Internet aus? |
|
06.12.2012, 20:40
| #22 |
| | Mystar incredybar löschen Das Internet geht immer noch nicht allerdings Steam klappt im offline Modus wieder hast du irdentwie ein Chat wo wir schreiben können? Hab grade den Laptop von meinem Bruder da. |
|
06.12.2012, 20:51
| #23 |
| /// TB-Ausbilder | Mystar incredybar löschen Servus, Schritt 1 Drücke Start. Gib in den Suchleiste CMD ein. Bei den Ergebnissen rechtsklick auf die cmd.exe -> Als Administrator starten Gib im Fenster folgendes ein: netsh winsock reset Bestätige mit Enter. Starte deinen Rechner im Abschluss neu auf. Schritt 2 Downloade dir bitte Farbar's Service Scanner auf deinen Desktop.
Bitte poste mit deiner nächsten Antwort
|
|
06.12.2012, 21:29
| #24 |
| | Mystar incredybar löschen JUHUUU Internet geht Wieder ;D Dafür Schonmal VIEELEN Danke Hier die Datei: Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcsvc.dll [2012-05-17 14:22] - [2009-04-11 08:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7 C:\Windows\System32\drivers\afd.sys [2012-09-25 15:42] - [2012-01-03 15:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943 C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-09-25 15:45] - [2012-03-30 13:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E C:\Windows\System32\dnsrslvr.dll [2012-05-13 11:38] - [2011-03-02 17:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0 C:\Windows\System32\mpssvc.dll [2012-05-17 14:22] - [2009-04-11 08:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C C:\Windows\System32\bfe.dll [2012-05-17 14:21] - [2009-04-11 08:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29 C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe [2012-05-17 14:22] - [2009-04-11 08:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1 C:\Windows\System32\wscsvc.dll [2012-05-17 14:21] - [2009-04-11 08:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A C:\Windows\System32\wbem\WMIsvc.dll [2012-05-17 14:22] - [2009-04-11 08:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02 C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll [2012-05-17 14:22] - [2009-04-11 08:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C C:\Windows\System32\es.dll [2012-05-17 14:22] - [2009-04-11 08:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF C:\Windows\System32\cryptsvc.dll [2012-10-10 21:26] - [2012-06-02 01:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452 C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\ipnathlp.dll => MD5 is legit C:\Windows\System32\iphlpsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2012-05-17 14:22] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF **** End of log **** P.s. Die Mystart Incredibar ist auch weg ;D Noch eine frage Wie kann ich (bei Vista ) Die Fensterfarbe und Darstellung "Editieren" bzw neue hinzufügen da der alte Vista style nicht mehr geht nun muss ich mit dem Standard Windows aussehen klar kommen was mir aber auf dauer so nicht gefällt kann ich da irgend was machen das das wieder geht? |
|
07.12.2012, 17:45
| #25 | ||
| /// TB-Ausbilder | Mystar incredybar löschen Servus, Zitat:
 Zitat:
Dort solltest du diverse Einstellungen zur Darstellung finden.  Es gibt noch was zu tun, also halten wir uns ran. Schritt 1 Fixen mit OTL
Code:
ATTFilter :reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]
"Start"=dword:00000002
:Commands
[reboot]
Schritt 2
Schritt 3 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste mit deiner nächsten Antwort
|
|
07.12.2012, 18:29
| #26 |
| | Mystar incredybar löschen Schritt 1: ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\\"Start"|dword:00000002 /E : value set successfully! ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 12072012_182301 Schritt2: Farbar Service Scanner Version: 04-12-2012 Ran by Jan (administrator) on 07-12-2012 at 18:37:17 Running from "C:\Users\Jan\Desktop" Windows Vista (TM) Home Premium Service Pack 2 (X64) Boot Mode: Normal **************************************************************** Windows Defender: ============== Other Services: ============== File Check: ======== C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2012-05-17 14:22] - [2009-04-11 08:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF **** End of log **** Geändert von Nirobe (07.12.2012 um 18:54 Uhr) |
|
07.12.2012, 18:49
| #27 |
| | Mystar incredybar löschen Schritt 3: OTL Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.12.2012 18:38:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free 8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 690,82 Gb Total Space | 291,49 Gb Free Space | 42,19% Space Free | Partition Type: NTFS Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe PRC - [2012.11.28 04:43:18 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.16 16:02:52 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.11 01:33:54 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.10.11 01:33:52 | 000,966,072 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe PRC - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe PRC - [2012.02.28 16:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2009.03.20 01:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 04:43:17 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll MOD - [2012.11.28 04:43:15 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll MOD - [2012.11.28 04:42:30 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll MOD - [2012.11.28 04:42:29 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll MOD - [2012.11.28 04:42:22 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll MOD - [2012.11.28 04:42:21 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll MOD - [2012.11.28 04:42:21 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll MOD - [2012.11.16 22:34:43 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll MOD - [2012.11.16 22:17:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll MOD - [2012.11.16 21:44:07 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll MOD - [2012.11.16 21:43:54 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll MOD - [2012.11.16 21:43:45 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll MOD - [2012.11.16 21:38:25 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll MOD - [2012.11.16 21:38:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll MOD - [2012.11.16 21:38:18 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll MOD - [2012.11.16 21:38:16 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll MOD - [2012.11.16 21:38:11 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll MOD - [2012.11.10 20:57:08 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ========== Services (SafeList) ========== SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.12.07 18:09:36 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.11.19 15:38:29 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.19 15:37:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.16 16:03:43 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.11.12 19:44:43 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.10 20:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.31 15:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.08.15 14:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012.08.15 14:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012.08.15 12:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2012.08.01 16:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2012.07.15 15:54:00 | 004,340,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012.06.29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql) SRV - [2012.05.11 08:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZillaServer) SRV - [2012.02.28 16:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.20 01:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.16 20:17:15 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.16 20:17:15 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.10.09 16:14:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.10.08 18:52:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2012.10.08 18:52:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.08.15 14:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2012.08.15 14:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2012.08.15 14:18:00 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport) DRV:64bit: - [2012.08.15 14:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2012.08.15 14:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2012.08.15 14:16:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012.08.01 16:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2012.07.06 11:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vmci.sys -- (vmci) DRV:64bit: - [2012.07.06 11:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.03.20 01:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2009.03.20 01:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi) DRV:64bit: - [2006.10.03 03:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=b1bc278b-ece7-4b10-9fc2-92b816bef6e7&apn_sauid=2A277287-BD34-477E-9E77-80F55EA59D10 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.25 01:11:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.25 01:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions [2012.08.23 21:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: https://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: https://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll CHR - plugin: Free Studio (Enabled) = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Drive = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Auto Replay for YouTube = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.20_0\ CHR - Extension: The Matrix = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kldmnkfegbdiloemiolicnddbokfdcfl\1.3_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: Google Mail = C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.12.05 21:17:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jan\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976F410C-DC31-4B36-BE01-9D4DC3D49C2C}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Jan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.06 23:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.12.06 23:18:17 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.12.06 23:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.12.06 21:17:44 | 000,696,153 | ---- | C] (Farbar) -- C:\Users\Jan\Desktop\FSS.exe [2012.12.06 20:29:59 | 000,000,000 | ---D | C] -- C:\_OTL [2012.12.05 23:03:40 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Avira [2012.12.05 23:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.05 22:59:38 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.12.05 22:59:38 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.12.05 22:59:38 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.12.05 22:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.12.05 21:20:04 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\temp [2012.12.05 21:17:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.12.05 20:55:39 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.12.05 19:49:08 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Jan\Desktop\ComboFix.exe [2012.12.05 16:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN [2012.12.05 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick [2012.12.05 16:35:14 | 000,480,560 | ---- | C] (AVM Berlin) -- C:\Windows\instwcli.dex [2012.12.04 22:45:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.04 22:45:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.04 22:45:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.04 22:44:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.04 22:44:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.04 22:39:37 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\APN [2012.12.04 22:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.04 22:26:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2012.12.04 22:26:07 | 000,000,000 | ---D | C] -- C:\JRT [2012.12.04 22:22:20 | 000,907,917 | ---- | C] (Chilkat Software, Inc.) -- C:\Users\Jan\Desktop\JRT.exe [2012.12.04 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.04 19:54:23 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.04 19:54:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.04 19:54:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.04 19:54:13 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.04 19:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.03 21:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.12.03 21:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.12.03 20:25:00 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe [2012.12.03 17:34:55 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jan\Desktop\aswMBR.exe [2012.12.03 16:55:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2012.12.02 22:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AppData [2012.12.02 15:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.12.02 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.12.02 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\Malwarebytes [2012.12.02 10:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.02 03:53:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\TuneUp Software [2012.12.02 03:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.02 03:53:44 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.02 03:53:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012.12.02 03:52:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeGazer [2012.12.02 03:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer [2012.12.02 03:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\EvJOWallpaper [2012.12.02 03:08:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EvJOSoft [2012.12.02 03:04:56 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012.12.02 00:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wallpaper Juggler [2012.12.02 00:19:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll [2012.12.02 00:19:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX [2012.12.02 00:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wallpaper Juggler [2012.12.01 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.11.28 20:04:54 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\fontconfig [2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Local\gegl-0.2 [2012.11.28 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Jan\.gimp-2.8 [2012.11.26 21:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012.11.26 21:27:38 | 000,000,000 | ---D | C] -- C:\Users\Jan\AppData\Roaming\AVS4YOU [2012.11.26 21:26:41 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2012.11.26 21:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2012.11.26 21:26:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2012.11.26 21:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2012.11.18 20:55:01 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\Bewerbung [2012.11.16 21:29:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.16 21:29:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.16 21:29:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.16 21:29:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.16 21:29:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.16 21:29:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.16 21:29:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.16 21:29:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.16 21:29:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.16 21:29:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.16 21:29:43 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.16 21:29:43 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.16 21:29:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.16 21:29:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.16 21:29:42 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.16 15:26:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.16 15:26:48 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.10 16:51:10 | 000,000,000 | ---D | C] -- C:\Users\Jan\Desktop\grafiken [2012.11.09 14:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages [5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.07 18:31:53 | 000,631,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.07 18:31:53 | 000,598,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.07 18:31:53 | 000,105,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.07 18:31:52 | 001,453,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.07 18:31:52 | 000,127,458 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.07 18:24:29 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.07 18:24:19 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 18:24:19 | 000,004,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.07 18:24:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.07 17:43:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.06 21:17:56 | 000,696,153 | ---- | M] (Farbar) -- C:\Users\Jan\Desktop\FSS.exe [2012.12.05 21:17:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.12.05 19:46:10 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Jan\Desktop\ComboFix.exe [2012.12.05 19:20:28 | 000,091,542 | ---- | M] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf [2012.12.04 22:23:39 | 000,907,917 | ---- | M] (Chilkat Software, Inc.) -- C:\Users\Jan\Desktop\JRT.exe [2012.12.04 22:01:40 | 000,540,743 | ---- | M] () -- C:\Users\Jan\Desktop\adwcleaner.exe [2012.12.04 19:54:01 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.04 19:53:59 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.04 19:53:59 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.04 19:53:59 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.04 19:53:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.04 19:53:59 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.03 20:25:06 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jan\Desktop\tdsskiller.exe [2012.12.03 20:22:58 | 000,000,512 | ---- | M] () -- C:\Users\Jan\Desktop\MBR.dat [2012.12.03 17:35:37 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jan\Desktop\aswMBR.exe [2012.12.03 17:25:36 | 000,000,168 | ---- | M] () -- C:\Users\Jan\defogger_reenable [2012.12.03 17:25:18 | 000,050,477 | ---- | M] () -- C:\Users\Jan\Desktop\Defogger.exe [2012.12.03 16:55:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2012.12.02 03:53:10 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll [2012.12.02 03:53:10 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2012.12.02 02:58:59 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE [2012.12.02 00:26:31 | 000,054,906 | ---- | M] () -- C:\Users\Jan\AppData\Local\recently-used.xbel [2012.11.27 22:25:41 | 000,279,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.27 21:48:29 | 000,534,297 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf [2012.11.27 21:46:21 | 000,489,607 | ---- | M] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf [2012.11.27 21:45:05 | 000,585,329 | ---- | M] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf [2012.11.27 21:42:59 | 000,018,220 | ---- | M] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf [2012.11.27 21:41:57 | 000,005,777 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf [2012.11.27 21:41:47 | 000,005,778 | ---- | M] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf [2012.11.24 21:12:22 | 000,000,432 | -HS- | M] () -- C:\Users\Jan\Desktop\desktop (2).ini [2012.11.16 20:17:15 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.16 20:17:15 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.11.13 17:50:05 | 000,034,816 | ---- | M] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [5 C:\Users\Jan\AppData\Local\*.tmp files -> C:\Users\Jan\AppData\Local\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.05 21:36:55 | 000,013,099 | R--- | C] () -- C:\Windows\instwcli.inf [2012.12.05 19:16:33 | 000,091,542 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Vertrag_2012.pdf [2012.12.04 22:45:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.04 22:45:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.04 22:45:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.04 22:45:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.04 22:45:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.04 22:01:34 | 000,540,743 | ---- | C] () -- C:\Users\Jan\Desktop\adwcleaner.exe [2012.12.03 20:22:58 | 000,000,512 | ---- | C] () -- C:\Users\Jan\Desktop\MBR.dat [2012.12.03 17:25:36 | 000,000,168 | ---- | C] () -- C:\Users\Jan\defogger_reenable [2012.12.03 17:25:16 | 000,050,477 | ---- | C] () -- C:\Users\Jan\Desktop\Defogger.exe [2012.12.02 15:38:42 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.02 15:38:41 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.02 02:58:58 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2012.12.02 00:26:31 | 000,054,906 | ---- | C] () -- C:\Users\Jan\AppData\Local\recently-used.xbel [2012.12.02 00:20:00 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx [2012.11.28 20:04:27 | 000,000,796 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.11.27 21:48:28 | 000,534,297 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_1+2.pdf [2012.11.27 21:46:20 | 000,489,607 | ---- | C] () -- C:\Users\Jan\Desktop\Zeugnis_Halbjahr1.pdf [2012.11.27 21:45:04 | 000,585,329 | ---- | C] () -- C:\Users\Jan\Desktop\Praktikumsbescheinigung.pdf [2012.11.27 21:41:57 | 000,005,777 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_PamConsult.pdf [2012.11.27 21:41:47 | 000,005,778 | ---- | C] () -- C:\Users\Jan\Desktop\Bewerbung_Exabyters.pdf [2012.11.27 21:37:56 | 000,018,220 | ---- | C] () -- C:\Users\Jan\Desktop\Lebenslauf.pdf [2012.11.27 21:17:34 | 000,052,775 | ---- | C] () -- C:\Users\Jan\Desktop\Betriebspraktikum_Laufzettel_V2012.pdf [2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.09.07 22:14:36 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.11 15:12:31 | 000,034,816 | ---- | C] () -- C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.17 14:22:39 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.05.17 14:22:18 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.05.17 14:21:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.05.17 00:31:29 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.05.12 13:02:47 | 000,000,732 | ---- | C] () -- C:\Users\Jan\AppData\Local\d3d9caps64.dat ========== ZeroAccess Check ========== [2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll < End of report > Schritt3: EXTRAS DATEI:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.12.2012 18:38:16 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,17% Memory free
8,21 Gb Paging File | 6,60 Gb Available in Paging File | 80,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,82 Gb Total Space | 291,49 Gb Free Space | 42,19% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 2,57 Gb Free Space | 32,90% Space Free | Partition Type: NTFS
Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 21 ED 00 C1 1A 9A CD 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C00E5FE-F986-40AB-86E0-4818A5A791CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C42CBF4-D37B-423F-B7D0-73548591CAFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27836FFE-3E2B-40BA-8B07-824F5668CC05}" = lport=139 | protocol=6 | dir=in | app=system |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4B0FD562-3FC3-4940-9072-5959BDB5B932}" = lport=138 | protocol=17 | dir=in | app=system |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D63F81D-A5D9-4946-AD3D-7AD7AF1B6902}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B2D7AFF-3CB8-4749-8887-2A74157ECCB1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B186C461-6ED7-450E-AF21-7BE8836E5A73}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BE97D4B3-E61B-4876-BD5E-7E17144B9336}" = lport=445 | protocol=6 | dir=in | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9F968A6-5B72-48CB-9DAF-3D16B52000EF}" = rport=138 | protocol=17 | dir=out | app=system |
"{E5BC9E55-7343-4C4C-9443-571C99B273AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C1F8059-A442-4EAA-A898-8E1B7184DB73}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{136918B9-BD20-4E25-B6B0-B14E97E3D332}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F8AD80B-E818-435D-BE3F-D0FA9E4CCC8B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{2D75E5F2-8195-4808-9F38-E68E980C3344}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{361CC462-1DDF-486F-BAFD-20C57936612D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3CBB30D7-F3A6-4AF2-BA94-BE36E889BE88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{41B1BDF8-590E-461B-8522-8A266DC1D9CC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47DDA791-6F23-4CC3-8818-E19D0AC1442D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{52704BD5-52B7-4D6D-86CB-9B9BC04CFBEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5399A88D-9864-41F0-BB36-40A4D6A54AAF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{54971BF3-7EEC-4946-A445-FB53226F1D18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{565D92B6-F108-4200-A048-662A1C805700}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63425C82-3BC3-435C-815C-2225FF284242}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6FA8E28E-E3BB-4DCC-A9B9-D12EDE9D0DDE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{72083ACC-FC53-4E37-855C-587FFAAD15A7}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{750520CE-63F4-4460-BFFF-1D647FF02565}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{75BE7EE3-2C4B-4148-8E0F-72537EF723E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87ABEF09-058B-40BA-B84B-F55ECD111B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{89F2D9C5-AF1B-4581-951C-C6ED5CA89825}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{8B751D7E-FBC0-41F4-A880-986B03211ADB}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{8B772FBB-856B-4B99-9D56-672189090FF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{8D27D700-9B13-4F8A-AD29-C05FA259B8F6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8F7712CB-3D96-41FF-A8E9-17C6E4320619}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{927227B4-EBE5-4B28-A91A-4C43DCB372AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{9A3989D4-2919-43C5-B03E-F08CC2DDB163}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{A2897128-B51D-4882-AB43-7588F138365B}" = protocol=6 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8D0F588-05CC-4730-BD72-DF72E02C561B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BC7C0105-A5C9-41A5-B57E-02F963472753}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{CA156975-0847-43EC-A1A7-7890AF10639B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CDA7FCEF-E038-4C8D-8C13-FF5C247FDDE6}" = protocol=17 | dir=in | app=c:\users\jan\appdata\local\akamai\netsession_win.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB6DF9FB-B12C-4FD4-9007-7DC2FBD59B47}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{DF542D2D-122A-4D1F-90B1-E249398408F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E9D884C2-E997-4324-B721-DEDDD3EDDB53}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\brink\brink.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{024D2D44-73A8-4ACF-9B7E-891F7DC423BD}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe |
"TCP Query User{1ED244D9-4229-4957-9541-D312BBF9564E}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{3D536110-EC31-4564-966C-F5966D231613}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{7A9888C9-407A-4E38-9A87-D66D73100634}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe |
"TCP Query User{7EBB10CB-FFE3-4410-B071-22190E2B96EC}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe |
"TCP Query User{80CA4EA4-4ECC-4F56-A501-82C4549ADCDB}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{8A3D5B66-5BA3-4EEB-9B28-3525592F1CC7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{99A9C40A-B453-4394-9FA8-2C04C2250FAF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C3A75814-7FA0-4108-8409-AB11C0640EBF}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{C4601CC2-1197-43C5-8EAB-EDF9E3B97752}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{344BB24F-A0C6-4157-A464-0AB2FCC2BA47}E:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\hoppys\left4dead2\left 4 dead 2\left4dead2.exe |
"UDP Query User{4E699C3C-A433-405B-BE82-B3AF008BCA53}C:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:0\cod\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{60B1AD6F-1E6F-4543-9BB2-83C9A6EDEBC8}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6E5CF0FE-FB88-48BC-8D97-EAEA06434F2B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{795ED364-8348-4F94-ABE2-670086827E80}C:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\half-life 2 deathmatch\hl2.exe |
"UDP Query User{AE66EDA7-4EF5-4921-8446-BA746D306004}C:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\baras752\team fortress 2\hl2.exe |
"UDP Query User{C974A00B-BA80-4BF3-BE7B-7BC11D68ABAE}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{E72B96A9-D1C3-4040-A2B6-270E8DB44241}C:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\jan\desktop\anwendungen\backsave\cod\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{E734B016-1C0B-4F91-B8DD-639F9B6350F8}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{EA80E8B1-6398-4E59-8145-4AD371429F1E}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMwarePlayer_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VistaGlazz_is1" = VistaGlazz 2.4
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201201
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC58860-75E1-4622-99B3-694903175A12}" = S4 League_EU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7646-A00000000001}" = Adobe Reader 6.0.1 - Deutsch
"{C2F438B6-7010-453B-93EC-B2FC053AA97B}" = LibreOffice 3.6
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 200210" = Realm of the Mad God
"Steam App 202480" = Creation Kit
"Steam App 22350" = BRINK
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 55230" = Saints Row: The Third
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8190" = Just Cause 2
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.3
"VMware_Player" = VMware Player
"xampp" = XAMPP 1.8.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FileZilla Client" = FileZilla Client 3.6.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.12.2012 17:37:02 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.12.2012 16:20:02 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.12.2012 12:14:30 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.12.2012 12:54:54 | Computer Name = Jan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Steam.exe, Version 1.0.1595.686, Zeitstempel
0x50b7ef0d, fehlerhaftes Modul tier0_s.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x5085e8e8, Ausnahmecode 0xc0000005, Fehleroffset 0x6b977d08, Prozess-ID 0x52c,
Anwendungsstartzeit 01cdd498e289e574.
Error - 07.12.2012 13:25:51 | Computer Name = Jan-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 05.12.2012 15:10:49 | Computer Name = Jan-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002
Description =
Error - 05.12.2012 15:12:12 | Computer Name = Jan-PC | Source = HTTP | ID = 15016
Description =
Error - 05.12.2012 15:12:12 | Computer Name = Jan-PC | Source = HTTP | ID = 15016
Description =
Error - 06.12.2012 16:20:03 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 06.12.2012 16:21:01 | Computer Name = Jan-PC | Source = bowser | ID = 8003
Description =
Error - 06.12.2012 18:24:03 | Computer Name = Jan-PC | Source = bowser | ID = 8003
Description =
Error - 07.12.2012 12:14:30 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 07.12.2012 13:09:50 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 07.12.2012 13:09:50 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 07.12.2012 13:25:52 | Computer Name = Jan-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
07.12.2012, 20:02
| #28 |
| /// TB-Ausbilder | Mystar incredybar löschen Servus, Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=b1bc278b-ece7-4b10-9fc2-92b816bef6e7&apn_sauid=2A277287-BD34-477E-9E77-80F55EA59D10
:Commands
[emptytemp]
Schritt 2
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
07.12.2012, 20:11
| #29 |
| | Mystar incredybar löschen Schritt 1: All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{030EFB1C-0746-4EE4-A447-B6BE73D9C672}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jan ->Temp folder emptied: 95352 bytes ->Temporary Internet Files folder emptied: 7066157 bytes ->Java cache emptied: 1838026 bytes ->Google Chrome cache emptied: 88113899 bytes ->Flash cache emptied: 158309 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 200704 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 24362 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35868135 bytes RecycleBin emptied: 4724261 bytes Total Files Cleaned = 132,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12072012_200710 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot. C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3240.log moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Schritt 2: Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.12.07.09 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Jan :: JAN-PC [Administrator] 07.12.2012 20:17:37 mbam-log-2012-12-07 (20-17-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225672 Laufzeit: 2 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Schritt 3: Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.12.07.09 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Jan :: JAN-PC [Administrator] 07.12.2012 20:17:37 mbam-log-2012-12-07 (20-17-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225672 Laufzeit: 2 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Sry der Letzte schritt 3 war falsch hier ist die richtige Datei  ESET: ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=6aba469cf5ee424c84e00df52650490a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-07 09:49:05 # local_time=2012-12-07 10:49:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 96 23415 220340235 16199 0 # compatibility_mode=5892 16776573 100 100 23123 192440851 0 0 # scanned=281104 # found=2 # cleaned=0 # scan_time=7027 C:\Users\Jan\Desktop\Krimskram\Themespack\Themespack\Themespack\Win Xp Pro.exe multiple threats (unable to clean) 6132216F9E5E76DEA273CE255C726440E781F887 I C:\Users\Jan\Downloads\Themespack.zip multiple threats (unable to clean) B8DE1732EC78300989D6D453E2A4C6BE04C1085B I Schritt 4: Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 JavaFX 2.1.1 Java 7 Update 9 Adobe Reader 6 Adobe Reader out of Date! Mozilla Thunderbird 14.0. Thunderbird out of Date! Google Chrome 23.0.1271.95 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Noch mal zu den Darstellung und Anpassungen da gibt es Windows Vista und Windows Aero als style diese beiden sind noch vorhanden aber nicht mehr auswählbar hast du ne ahnung wie ich das ändern kann? |
|
08.12.2012, 11:00
| #30 | |
| /// TB-Ausbilder | Mystar incredybar löschen Servus, Zitat:
Du könntest dein Problem aber hier schildern: Alles rund um Windows Bitte lösche die folgenden Dateien per Hand: C:\Users\Jan\Desktop\Krimskram\Themespack\Themespack\Themespack\Win Xp Pro.exe C:\Users\Jan\Downloads\Themespack.zip Wenn du keine Probleme mehr hast, die auf Malware hindeuten, dann sind wir hier fertig. Deine Logdateien sind sauber. Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 2 Starte bitte Thunderbird --> Extras --> Einstellungen ---> Erweitert. Wechsle in den Reiter Update und gehe sicher das Thunderbird nach Updates sucht und installiere diese auch. Schritt 3 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 4 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
Schritt 6 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
| Themen zu Mystar incredybar löschen |
| administrator, anleitung, anti-malware, autostart, bösartige, dateien, einfach, explorer, google, infiziert, leute, löschen, minute, neu, nichts, problem, registrierung, relativ, scan, seite, service, service pack 2, speicher, version, vista |
Textbox. 
Linear-Darstellung
