| |
| |||||||
Log-Analyse und Auswertung: SaveByClick, Spyhunter 4, PC stürzt abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
10.02.2013, 12:10
| #1 |
 |  SaveByClick, Spyhunter 4, PC stürzt ab Hallo, ich stolper von einem "Problem" zum anderen. Mein Windows Defender findet immer Folgendes: Kategorie: Adware Beschreibung: Dieses Programm zeigt potenziell unerwünschte Werbefenster und Popupwerbungen auf dem Computer an. Empfehlung: Lassen Sie dieses entdeckte Element nur zu, wenn Sie dem Programm oder dem Softwareherausgeber vertrauen. Ressourcen: file: C:\ProgramData\SaveByclick\uninstall.exe file: C:\ProgramData\SaveByclick\onpopldpijhkiccpoejcfhnopoknpame.crx->manifest.json file: C:\ProgramData\SaveByclick\onpopldpijhkiccpoejcfhnopoknpame.crx file: C:\ProgramData\SaveByclick\50ce0374327d4.js file: C:\ProgramData\SaveByclick\50ce03743279b.html containerfile: C:\ProgramData\SaveByclick\onpopldpijhkiccpoejcfhnopoknpame.crx folder: C:\ProgramData\SaveByclick\ Um diesem Problem auf den Grund zu gehen, habe ich im Internet danach gesucht, wie ich SaveByclick entfernen kann. Dabei habe ich Spyhunter 4 heruntergeladen, von dem ich jedoch -noch während des laufenden Scans- gelesen habe, dass er selbst Unerwünschtes mitbringt. Ich habe den Scan abgebrochen und Spyhunter 4 also wieder deinstalliert. Ich weiß noch immer nicht, wie ich SaveByClick loswerde. Bei Mozilla Firefox hab ich es als Add-On deinstalliert, die Einstellungen von WindowsExplorer (den ich eh nie benutze) zurück gesetzt, allerdings kann ich es nicht von meinem Computer entfernen, unter Systemsteuerung > Programme deinstallieren taucht das Programm nicht auf. Außerdem habe ich ein weiteres Problem, dass mein PC häufig abstürzt, wenn ich World of Warcraft spiele. Ich habe die ersten Hilfe-Schritte von Trojaner-board.de befolgt und folgende Log-Dateien sind das Ergebnis: OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2013 10:29:24 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\niels\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19393) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 65,78% Memory free 6,72 Gb Paging File | 5,55 Gb Available in Paging File | 82,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 404,18 Gb Free Space | 86,78% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 272,78 Gb Free Space | 58,57% Space Free | Partition Type: NTFS Computer Name: DRAGON | User Name: niels | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.10 10:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\niels\Desktop\OTL.exe PRC - [2012.12.19 20:56:24 | 000,482,304 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.12.19 20:55:48 | 000,219,136 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe PRC - [2012.08.08 16:14:07 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.18 15:20:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.18 15:20:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.18 15:20:06 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- C:\Tools\VirtualCloneDrive\VCDDaemon.exe PRC - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) -- C:\Tools\PCSUITE INSPECTOR\PCSuite Inspector\inspectorsvc.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Tools\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Tools\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe PRC - [2008.01.21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007.05.17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2007.04.10 22:46:48 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe ========== Modules (No Company Name) ========== MOD - [2012.12.19 20:30:26 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Tools\rar\RarExt.dll MOD - [2009.07.10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\System32\APOMngr.DLL MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\System32\CmdRtr.DLL ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Tools\Spybot -- (SBSDWSCService) SRV - [2013.02.06 11:00:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.19 20:55:48 | 000,219,136 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.18 15:20:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.18 15:20:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.07 21:18:00 | 003,979,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010.11.23 16:08:20 | 005,108,624 | ---- | M] (Markement) [Auto | Running] -- C:\Tools\PCSUITE INSPECTOR\PCSuite Inspector\inspectorsvc.exe -- (PCSUITEINSPECTORSVC) SRV - [2010.02.06 08:47:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2010.02.05 17:53:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.05.17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.12.19 21:47:46 | 009,647,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.12.19 20:32:06 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.05.18 15:20:06 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.18 15:20:06 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.02.23 13:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.06 10:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.10.16 02:11:56 | 001,168,896 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2007.04.10 22:46:48 | 001,966,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000) DRV - [2006.11.02 08:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\MTictwl.sys -- (NCPro) DRV - [2006.08.28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MTictwl.sys -- (MagicTune) DRV - [2004.08.13 03:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2004.04.01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.taz.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Tools\abspielgeraete\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Tools\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.24 21:27:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.16 18:21:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 11:00:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 11:00:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.06 11:00:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.06 11:00:20 | 000,000,000 | ---D | M] [2008.09.05 00:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\niels\AppData\Roaming\Mozilla\Extensions [2013.02.09 10:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\niels\AppData\Roaming\Mozilla\Firefox\Profiles\0uw5zs8s.default\extensions [2013.02.01 19:29:17 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\niels\AppData\Roaming\Mozilla\Firefox\Profiles\0uw5zs8s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.06 11:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.02.06 11:00:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.04.22 00:58:20 | 001,632,208 | ---- | M] (cedelia) -- C:\Program Files\mozilla firefox\plugins\NPStreamPlug.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.13 14:14:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.03.31 16:41:05 | 000,303,846 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10468 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SaveByclick Class) - {7E3684A3-2B9A-9786-397D-14B84480DE3C} - C:\ProgramData\SaveByclick\50ce037432762.ocx File not found O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Tools\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F562D192-CEFB-4A16-9FE5-FE4E851863DC}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\niels\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\niels\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{210cadf7-8114-11df-bb9c-0022150a0b15}\Shell\AutoRun\command - "" = G:\SamsungSoftware\APPInst.exe O33 - MountPoints2\{48a6b50e-7be9-11dd-8cd8-0022150a0b15}\Shell - "" = AutoRun O33 - MountPoints2\{48a6b50e-7be9-11dd-8cd8-0022150a0b15}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{55a556ed-5361-11e2-9267-0022150a0b15}\Shell - "" = AutoRun O33 - MountPoints2\{55a556ed-5361-11e2-9267-0022150a0b15}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{fba2a978-008e-11e0-95e2-0022150a0b15}\Shell - "" = AutoRun O33 - MountPoints2\{fba2a978-008e-11e0-95e2-0022150a0b15}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{fe3e718e-f24c-11e0-9df7-0022150a0b15}\Shell - "" = AutoRun O33 - MountPoints2\{fe3e718e-f24c-11e0-9df7-0022150a0b15}\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.10 10:27:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\niels\Desktop\OTL.exe [2013.02.09 20:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2013.02.09 20:26:53 | 000,000,000 | ---D | C] -- C:\AMD [2013.02.09 11:02:30 | 000,000,000 | ---D | C] -- C:\Users\niels\AppData\Roaming\Malwarebytes [2013.02.09 11:02:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.09 11:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.09 10:38:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.02.09 10:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.02.07 14:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MARKEMENT [2013.02.07 13:41:44 | 000,000,000 | ---D | C] -- C:\Users\niels\AppData\Local\RapidSolution [2013.02.06 11:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.10 10:27:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\niels\Desktop\OTL.exe [2013.02.10 10:26:29 | 000,000,000 | ---- | M] () -- C:\Users\niels\defogger_reenable [2013.02.10 10:23:21 | 000,050,477 | ---- | M] () -- C:\Users\niels\Desktop\Defogger.exe [2013.02.10 10:12:14 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{548F210B-F567-4799-BBD7-43CD1B6916F1}.job [2013.02.10 09:42:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 09:42:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 09:42:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.09 10:20:13 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2013.02.08 21:38:07 | 000,030,720 | ---- | M] () -- C:\Users\niels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.07 13:27:14 | 000,642,720 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.07 13:27:14 | 000,607,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.07 13:27:14 | 000,132,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.07 13:27:14 | 000,108,980 | ---- | M] () -- C:\Windows\System32\perfc009.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.10 10:26:29 | 000,000,000 | ---- | C] () -- C:\Users\niels\defogger_reenable [2013.02.10 10:23:21 | 000,050,477 | ---- | C] () -- C:\Users\niels\Desktop\Defogger.exe [2012.12.19 15:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.11.29 16:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.11.11 16:56:43 | 000,184,392 | ---- | C] () -- C:\Users\niels\cc_20121111_165606.reg [2012.09.19 20:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2012.09.04 16:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat [2012.09.04 16:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2012.07.20 11:31:26 | 000,032,768 | ---- | C] () -- C:\Windows\System32\snape20.bin [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.06.19 18:22:13 | 000,000,093 | ---- | C] () -- C:\Users\niels\AppData\Local\fusioncache.dat [2011.04.18 13:33:24 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.04.18 13:33:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.04.18 13:33:23 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.04.18 13:33:23 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.04.18 13:33:23 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.09.02 12:39:05 | 000,001,356 | ---- | C] () -- C:\Users\niels\AppData\Local\d3d9caps.dat [2009.02.21 21:34:48 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2008.09.14 22:35:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.09.06 09:01:13 | 000,030,720 | ---- | C] () -- C:\Users\niels\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.22 15:11:37 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\.minecraft [2011.03.25 12:04:01 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\Ableton [2012.12.16 18:22:35 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\APP_NAME_NON_STRING [2008.10.08 20:48:07 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\Ashampoo [2011.12.04 17:12:49 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\EndNote [2012.07.23 09:34:08 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\GetRightToGo [2009.04.27 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\OpenOffice.org [2012.12.16 18:31:11 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\PDF Architect [2012.12.16 18:21:21 | 000,000,000 | ---D | M] -- C:\Users\niels\AppData\Roaming\pdfforge ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:86A37543B0DA7444 < End of report > EXTRAS.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.02.2013 10:29:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\niels\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 65,78% Memory free
6,72 Gb Paging File | 5,55 Gb Available in Paging File | 82,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 404,18 Gb Free Space | 86,78% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 272,78 Gb Free Space | 58,57% Space Free | Partition Type: NTFS
Computer Name: DRAGON | User Name: niels | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8DB44E-2968-4FF7-A92A-14873795B16C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0D5C825D-07EC-4F07-852B-A1230B64BE6C}" = rport=137 | protocol=17 | dir=out | app=system |
"{0EFDCB79-1E36-4C90-8D0B-3392083EB791}" = lport=137 | protocol=17 | dir=in | app=system |
"{27B5F8AB-C17F-4694-BC9E-4E12756C0DD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A9DFDC1-F63F-4E9D-9583-4FEC090669A3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3B521877-D39E-4CB7-B787-0C8085174444}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4CE3CC94-0203-4EFC-9952-FB0C7F83D31C}" = lport=138 | protocol=17 | dir=in | app=system |
"{5077C489-8769-4CFA-906F-4304D4140179}" = rport=139 | protocol=6 | dir=out | app=system |
"{5CF97DDD-EBE5-4E8B-B55D-A350CC9023E5}" = rport=445 | protocol=6 | dir=out | app=system |
"{60542269-15E0-453B-B8FA-EE89C0D40FCE}" = lport=139 | protocol=6 | dir=in | app=system |
"{6E3AE516-ACD2-4E80-B107-98C1EFEAAC37}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{845506D1-0FCD-4BB9-B1C8-34576A9096E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{940E8B78-2B6B-4994-B010-68DE306A81D0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A25032EC-57C7-42C0-94C4-4F86068FBED1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A82B0C87-A2F4-40B8-8248-447DBBE53943}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADD631B0-F4B9-4D28-9F11-B3B9B983353F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C1AA521D-4ACB-4CCD-8DE9-2516A4675973}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C310524F-3B1C-4282-B4D4-0632F0F9ADC7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBD21CF3-8B29-4BA2-9B8F-B361D1CECC03}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CE3D5B68-A777-43FB-ADCF-8BDF2A9EB1EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CEF9A7BC-8BE4-430F-BAB0-D53DC8A14E3F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CF8541E8-BE0E-430F-9CC3-6B0241173B7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0639192-DB7F-4458-9CBD-E9E4FA28F197}" = lport=445 | protocol=6 | dir=in | app=system |
"{D39EF3B3-385A-43A8-8E3C-252517604603}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E14EFFF8-89F5-4A51-ACBA-4877BE3AC6A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E755FF11-A68F-48B4-8DFA-0B33E27EC5EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3FDEF7E-30AE-434E-97B1-7B7100AD4BDB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF720FF7-F09C-4588-AAF6-CF2CE977F99F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0449F86F-B314-4BCE-A651-04FB46D4596F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{067E1032-E6A1-435B-84DA-E08E20694405}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E656825-C3E1-4A75-8B49-738E1B66E303}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0F04BB41-980A-4333-B388-FA12BC982DEE}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{11569D09-A62B-4AA2-93F9-65503F4DF6A1}" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{128BDD70-8EF2-4A36-8B84-8A1A17FEC44D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{163D832D-9C1C-4120-ACE6-1A7555DBA46F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{17BA9149-C3CE-440A-859F-EBBB015CBF44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{17FC1FF3-1BF4-4D94-8DFF-E8DB89F81CBC}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{1DC83303-02B5-4F49-8632-8222B8C62958}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{207DB8CC-3822-4AB0-8963-26072E0790F3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{26B01D11-7044-4FA4-9748-CB0A2EE85C00}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{28AFDAC2-D86C-4B61-B5A7-64FFC2B290AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D75A254-07CC-4EF2-B46F-A4F89E9211C0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{39695F9A-C882-4C64-90B2-3E928EC4256A}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{3DABE497-60E6-4E94-B7DE-AC0987D1E099}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F005FDF-4840-492C-AFB8-4FC87A32DBF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44439C34-E897-47FC-8EE6-80E1CF53885F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{4C700256-BDFE-42A7-8764-69D7EC326F81}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{568D03DB-EA8B-4A80-80E5-26893D234B76}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C240CC7-61DD-437F-9FBA-6247F98EF714}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{64C741A4-C63A-4205-B515-2A3A0DABC1A8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{667FCC54-44AE-4160-A767-C8B820FB3FB8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6CCFE8B5-33D5-466D-AC8E-90C0015E6C47}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{742F88D8-625F-4665-B14C-F457AB59ED09}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{7916CFD2-BB76-4CDC-BF15-C4E63AFB2A07}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{802A96E8-6F9A-42A2-8298-208F4F6D23F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8282CD91-87E4-4016-8F38-5E3C733954A3}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{864F548B-171B-48C3-B3BD-7CAE88A7376E}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe |
"{A3409199-406B-4E89-8162-DA38B8D85478}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{A5B2B905-9306-4021-AD84-8085B5456630}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{A6E9F0AD-35F0-4B5C-BEA0-04DBA3E89F56}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{AA910C75-1FD8-41F6-A4A0-E63C56D9AC27}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{AC99D706-BF14-45C1-BC9F-59273EE889EE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B5B41BDD-24BC-4A2B-847F-F0F163815D40}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BB44B6A9-EE41-4327-A039-1E3A15EC587E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{C14F9FC1-79B6-47B1-9370-E8F0B24F8856}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{CED18780-1C62-4EA3-AE4D-38C72ADC16FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D465E139-23B8-4FEA-B247-46974824052C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4CB83F3-E129-47EE-9860-4E46C8C189DC}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{D73CA775-CD10-40AE-82D9-1A26C4ED6B68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA6AB1C5-65FA-4DE0-BB3D-7E4FEEE5BD27}" = protocol=6 | dir=out | app=system |
"{DDD7BC3A-26FD-4819-9475-58124B03AA2C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{DF6FEEBB-C6FF-47ED-B33B-88715E7D520A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DF8FFF6B-EF3E-42C9-899E-4B7BEA696EDA}" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{E17119E6-7C18-44F5-8F8E-2484B5AF2D1B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1FD5035-2D2A-40AD-B25A-FF73CC74C1EF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{E4E14825-0D76-470B-87A4-E3D6225E7C5C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{E9E6557E-7729-4848-B16F-0402F3851E32}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{EB3B2486-0487-4679-AD11-8A4D11C59C34}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{F7B2475B-D2B8-48D6-BE8F-4DE5F3244107}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{FA280448-8A59-47BD-84E8-C4A3AD2D59D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FECFB474-3559-4889-BAA1-7A0B2E5B1D42}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEF4EA95-6DE7-4B11-80D7-E5662D0B36AC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"TCP Query User{4566C168-7C8F-449C-84E3-271D5BEA9A8B}D:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"TCP Query User{52704DC0-0D7D-4EF9-BA7A-D042C022957A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{593974A2-F240-41D6-AE2E-2B34798CA5CC}C:\tools\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\tools\vlc\vlc.exe |
"TCP Query User{7E43A264-0236-4AA0-9EE7-EE0E88BCD169}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{80CEBE26-B74F-4D4C-9C38-BEDB99CB759E}D:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
"TCP Query User{B508C607-387E-441A-9890-4BFA9CCEA811}D:\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"TCP Query User{C1AA3B20-BE16-4652-A13F-A673CAC10929}D:\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"TCP Query User{C789B84F-694A-426E-8403-4D4F5513E8B7}D:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=d:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{14A15741-250D-40AC-8588-C7A9C6C516E8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{397B9B3D-9748-4AB9-B12C-BAFEBE8B5E67}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3D4DF0AD-0463-426B-AEEF-082D9768F596}D:\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe |
"UDP Query User{5D746F37-46EB-415D-B55A-9F0EDCFC24C2}D:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"UDP Query User{7DB54113-0291-45D4-B3AA-143E244B24CB}C:\tools\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\tools\vlc\vlc.exe |
"UDP Query User{9D0756C8-AD49-4C7C-8781-8E1EF17A188B}D:\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe |
"UDP Query User{9D8B91A8-2680-46D2-8626-7A46788EC4EB}D:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe |
"UDP Query User{CC046D46-10AA-46F5-9B0B-7395FEEAB651}D:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=d:\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E6B88D-32B1-4848-9AC7-7E2CB093EF04}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3825F8BD-F784-6FBB-A5CD-857559148007}" = AMD Catalyst Install Manager
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}" = Marketsplash Schnellzugriffe
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agfa ScanWise 2.00" = Agfa ScanWise 2.00
"ALchemy" = Creative ALchemy
"Ashampoo Burning Studio 6 Advanced_is1" = Ashampoo Burning Studio 6 Advanced
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DivX Setup" = DivX-Setup
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Live 7.0.3" = Live 7.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mario Forever v 2.16 !" = Mario Forever v 2.16 !
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PCSUITE_INSPECTOR_PRO_is1" = PCSUITE INSPECTOR
"PROHYBRIDR" = 2007 Microsoft Office system
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.4
"WaveStudio 7" = Creative WaveStudio 7
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"StreamPlug Player 2.3.0" = StreamPlug Player 2.3.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.02.2013 17:42:14 | Computer Name = dragon | Source = WinMgmt | ID = 10
Description =
Error - 09.02.2013 17:43:31 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description =
Error - 09.02.2013 17:43:32 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description =
Error - 09.02.2013 17:43:34 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description =
Error - 09.02.2013 19:46:42 | Computer Name = dragon | Source = WinMgmt | ID = 10
Description =
Error - 09.02.2013 19:47:48 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description =
Error - 09.02.2013 19:47:48 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description =
Error - 09.02.2013 19:47:49 | Computer Name = dragon | Source = Windows Search Service | ID = 3013
Description =
Error - 09.02.2013 19:52:13 | Computer Name = dragon | Source = WinMgmt | ID = 10
Description =
Error - 10.02.2013 04:42:13 | Computer Name = dragon | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 31.12.2012 12:20:10 | Computer Name = dragon | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 09.02.2013 21:13:23 | Computer Name = dragon | Source = amdkmdag | ID = 6145
Description = System shutdown due to graphics card overheating
Error - 10.02.2013 04:42:02 | Computer Name = dragon | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 10.02.2013 um 02:12:53 unerwartet heruntergefahren.
< End of report >
Gmer.txtGMER Logfile: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-10 11:21:20
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000054 Hitachi_ rev.GM4O 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\niels\AppData\Local\Temp\ugddapod.sys
---- System - GMER 2.0 ----
SSDT 8D678466 ZwCreateSection
SSDT 8D678470 ZwRequestWaitReplyPort
SSDT 8D67846B ZwSetContextThread
SSDT 8D678475 ZwSetSecurityObject
SSDT 8D67847A ZwSystemDebugControl
SSDT 8D678407 ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828F58D8 4 Bytes [66, 84, 67, 8D] {TEST [EDI-0x73], AH}
.text ntkrnlpa.exe!KeSetEvent + 539 828F5BFC 4 Bytes [70, 84, 67, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 828F5C30 4 Bytes [6B, 84, 67, 8D]
.text ntkrnlpa.exe!KeSetEvent + 5D1 828F5C94 4 Bytes [75, 84, 67, 8D]
.text ntkrnlpa.exe!KeSetEvent + 619 828F5CDC 4 Bytes [7A, 84, 67, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F608000, 0x136CEC, 0xE8000020]
---- EOF - GMER 2.0 ----
Ich hoffe, ich habe alles korrekt ausgeführt, verständlich beschrieben und mir kann jemand weiterhelfen. Vielen Dank schon mal. Schöne Grüße Theresa |
|
10.02.2013, 21:01
| #2 |
| /// Helfer-Team  | SaveByClick, Spyhunter 4, PC stürzt ab Bitte das Malwarebytes-Logfile posten (das du schon gemacht hast)! (Reiter Logdateien) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O2 - BHO: (SaveByclick Class) - {7E3684A3-2B9A-9786-397D-14B84480DE3C} - C:\ProgramData\SaveByclick\50ce037432762.ocx File not found
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\niels\*.tmp
C:\Users\niels\AppData\Local\Temp\*.exe
C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
11.02.2013, 18:23
| #3 |
| | SaveByClick, Spyhunter 4, PC stürzt ab Hallo,
__________________danke erstmal. Hier jetzt die Logdateien von Malwarebyte: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.09.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19393 niels :: DRAGON [limitiert] 09.02.2013 11:05:25 mbam-log-2013-02-09 (11-05-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355343 Laufzeit: 1 Stunde(n), 12 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 D:\data\PropellerHeadReason4.0\KEYGEN.EXE (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Und: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.09.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19393 niels :: DRAGON [Administrator] 10.02.2013 10:02:36 mbam-log-2013-02-10 (10-02-36).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf (C:\ProgramData\SaveByclick\uninstall.exe|) Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 1 Laufzeit: 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) OTL: All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E3684A3-2B9A-9786-397D-14B84480DE3C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E3684A3-2B9A-9786-397D-14B84480DE3C}\ deleted successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\niels\*.tmp not found. C:\Users\niels\AppData\Local\Temp\SHSetup.exe moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\14e5d595-182b1c50-n folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\niels\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\niels\Desktop\cmd.bat deleted successfully. C:\Users\niels\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: niels ->Temp folder emptied: 605217 bytes ->Temporary Internet Files folder emptied: 4648766 bytes ->FireFox cache emptied: 60364228 bytes ->Flash cache emptied: 3444 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1640748 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 51102635 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 113,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02112013_175319 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Rootkit: Malwarebytes Anti-Rootkit BETA 1.01.0.1020 www.malwarebytes.org Database version: v2013.02.11.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19393 niels :: DRAGON [administrator] 11.02.2013 18:10:22 mbar-log-2013-02-11 (18-10-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 28952 Time elapsed: 8 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) AdwCleanerAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 11/02/2013 um 18:15:08 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Benutzer : niels - DRAGON
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\niels\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick
Ordner Gelöscht : C:\ProgramData\SaveByclick
Ordner Gelöscht : C:\Users\niels\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\niels\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19393
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\niels\AppData\Roaming\Mozilla\Firefox\Profiles\0uw5zs8s.default\prefs.js
Gelöscht : user_pref("extensions.50ce03743267e.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
*************************
AdwCleaner[S1].txt - [1347 octets] - [11/02/2013 18:15:08]
########## EOF - C:\AdwCleaner[S1].txt - [1407 octets] ##########
MfG Theresa Geändert von Quaila (11.02.2013 um 18:31 Uhr) |
|
11.02.2013, 19:12
| #4 |
| /// Helfer-Team | SaveByClick, Spyhunter 4, PC stürzt ab Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
12.02.2013, 10:47
| #5 |
| | SaveByClick, Spyhunter 4, PC stürzt ab Guten Morgen, folgend die Ergebnisse: AswMBR.exe aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-11 22:18:46 ----------------------------- 22:18:46.378 OS Version: Windows 6.0.6002 Service Pack 2 22:18:46.378 Number of processors: 2 586 0x1706 22:18:46.378 ComputerName: DRAGON UserName: niels 22:18:47.351 Initialize success 22:19:56.392 AVAST engine defs: 13021100 22:20:11.606 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054 22:20:11.607 Disk 0 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 8 22:20:11.608 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000055 22:20:11.610 Disk 1 Vendor: Hitachi_ GM4O Size: 476940MB BusType: 8 22:20:11.618 Disk 0 MBR read successfully 22:20:11.620 Disk 0 MBR scan 22:20:11.644 Disk 0 Windows VISTA default MBR code 22:20:11.671 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048 22:20:11.674 Disk 0 scanning sectors +976771120 22:20:11.749 Disk 0 scanning C:\Windows\system32\drivers 22:20:17.789 Service scanning 22:20:33.502 Modules scanning 22:20:37.487 Disk 0 trace - called modules: 22:20:37.498 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys 22:20:37.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8690f948] 22:20:37.503 3 CLASSPNP.SYS[8b7aa8b3] -> nt!IofCallDriver -> [0x855514f0] 22:20:37.505 5 acpi.sys[806a26bc] -> nt!IofCallDriver -> \Device\00000054[0x85551030] 22:20:38.427 AVAST engine scan C:\Windows 22:20:40.335 AVAST engine scan C:\Windows\system32 22:22:57.649 AVAST engine scan C:\Windows\system32\drivers 22:23:06.041 AVAST engine scan C:\Users\niels 22:30:15.474 AVAST engine scan C:\ProgramData 22:32:02.215 Scan finished successfully 22:32:50.760 Disk 0 MBR has been saved successfully to "C:\Users\niels\Desktop\MBR.dat" 22:32:50.763 The log file has been saved successfully to "C:\Users\niels\Desktop\aswMBR.txt" Eset OnlineScanner ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=04cf403734fd964891f22f5e08b3cc34 # engine=13093 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-11 10:54:13 # local_time=2013-02-11 11:54:13 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 100 18605 226046543 11375 0 # compatibility_mode=5892 16776638 100 100 0 198156025 0 0 # scanned=161784 # found=0 # cleaned=0 # scan_time=4308 SecurityCheck Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.70.0.1100 HijackThis 2.0.2 CCleaner Java(TM) 6 Update 32 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.5 Adobe Reader out of Date! Mozilla Firefox (18.0.2) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSASCui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Windows Defender MSASCui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Kannst Du mir auch sagen, wie ich SavebyClick deinstallieren kann? Ich hatte ja oben beschrieben, dass es bei der Systemsteuerung > Programme deinstallieren nicht auftaucht, aber bei C einen Ordner hat und der WindwosDefender das immer meldet. MfG Theresa |
|
13.02.2013, 14:37
| #6 |
| /// Helfer-Team | SaveByClick, Spyhunter 4, PC stürzt ab Wie heisst der Ordner? Aktualisiere: Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools) Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________ --> SaveByClick, Spyhunter 4, PC stürzt ab |
|
13.02.2013, 19:31
| #7 |
| | SaveByClick, Spyhunter 4, PC stürzt ab Hallo, ich hab meinen Windows Defender nochmal durchlaufen lassen und er hat nichts mehr gefunden. Ich kann die Datei auch nicht mehr finden, vorher war sie unter C:/Programme/Savebyclick. Bei der Adobe Aktualisierung bin ich leider auf Probleme gestoßen. Wenn ich den Installer runterlade, initialisiert er und meldet dann, dass die Version bereits installiert ist. Mit dem PlugInCheck war ich leider zu schnell und hab den ersten nicht extra abgespeichert bevor ich das Java PlugIn deinstalliert habe. Jetzt meldet er selbstverständlich etwas anderes beim dritten Punkt: Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 10,1,5,33 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 |
|
14.02.2013, 05:14
| #8 |
| /// Helfer-Team | SaveByClick, Spyhunter 4, PC stürzt ab Versuche mit Revo Uninstaller - Download - Filepony zuerst alle Adobe Reader Installationen zu entfernen! Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
14.02.2013, 15:57
| #9 |
| | SaveByClick, Spyhunter 4, PC stürzt ab Hallo, vielen Dank für alles. Leider klappt das mit Adobe immer noch nicht. Ich hab den Reader mit dem empfohlenen Programm deinstalliert und neu runterladen (von Filepony). Der PlugIn Check meldet aber immernoch folgendes: PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 10,1,4,38 ist veraltet! Aktualisieren Sie bitte auf die neueste Version: 11.0 Ich weiß nicht, woran das liegen könnte. Schöne Grüße Theresa |
|
15.02.2013, 12:25
| #10 |
| /// Helfer-Team | SaveByClick, Spyhunter 4, PC stürzt ab Hast du den neuen Reader auch installiert oder nur runtergeladen? Downloade Dir bitte SecurityCheck und:
|
|
13.04.2013, 18:57
| #11 |
| /// Helfer-Team | SaveByClick, Spyhunter 4, PC stürzt ab Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu SaveByClick, Spyhunter 4, PC stürzt ab |
| ad-aware, antivir, avira, battle.net, bho, computer, converter, enigma, entfernen, error, excel, firefox, flash player, hijack, hijackthis, home, iexplore.exe, logfile, office 2007, officejet, plug-in, problem, programm, realtek, registry, safer networking, savebyclick, savebyclick entfernen, security, svchost.exe, vista, werbefenster, windows |
Linear-Darstellung
