| |
| |||||||
Log-Analyse und Auswertung: Trojaner Oder Virus MyDuirtyHobbyWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.04.2013, 15:47
| #16 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojaner Oder Virus MyDuirtyHobby Bitte lies doch mal die Anleitungen und Hinweise vollständig  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.04.2013, 16:29
| #17 |
 | Trojaner Oder Virus MyDuirtyHobby So ich habe nochmals mehrmals versucht das Programm funktioniert nicht unter win8 es bricht immer ab habe auch die ANLEITUNG richtig gelesen es ist nicht machbar leider den Scan durchzuführen was soll ich nun tun ? bedeutet das es ist was auf dem pc oder liegt es an win 8 ? wie sind denn die anderen Scans von den Ergebnissen her gewesen alles ok so mit denen ?
__________________gruss Chris So weit komme ich dann stürzt er ab: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 17:38:56
-----------------------------
17:38:56.555 OS Version: Windows x64 6.2.9200
17:38:56.555 Number of processors: 2 586 0x100
17:38:56.555 ComputerName: CHRISTIAN-PC UserName: christian
17:39:02.530 Initialize success
17:39:23.310 AVAST engine defs: 13041100
17:39:24.495 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 17:38:56
-----------------------------
17:38:56.555 OS Version: Windows x64 6.2.9200
17:38:56.555 Number of processors: 2 586 0x100
17:38:56.555 ComputerName: CHRISTIAN-PC UserName: christian
17:39:02.530 Initialize success
17:39:23.310 AVAST engine defs: 13041100
17:39:24.495 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
17:39:34.782 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
17:39:34.798 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
17:39:34.907 Disk 0 MBR read successfully
17:39:34.922 Disk 0 MBR scan
17:39:34.938 Disk 0 Windows 7 default MBR code
17:39:34.954 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:39:34.985 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149899 MB offset 206848
17:39:35.000 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 326938 MB offset 307200000
17:39:35.078 Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:42.754 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:39:42.754 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 17:38:56
-----------------------------
17:38:56.555 OS Version: Windows x64 6.2.9200
17:38:56.555 Number of processors: 2 586 0x100
17:38:56.555 ComputerName: CHRISTIAN-PC UserName: christian
17:39:02.530 Initialize success
17:39:23.310 AVAST engine defs: 13041100
17:39:24.495 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
17:39:34.782 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
17:39:34.798 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
17:39:34.907 Disk 0 MBR read successfully
17:39:34.922 Disk 0 MBR scan
17:39:34.938 Disk 0 Windows 7 default MBR code
17:39:34.954 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:39:34.985 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149899 MB offset 206848
17:39:35.000 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 326938 MB offset 307200000
17:39:35.078 Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:42.754 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:39:42.754 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
17:39:52.673 Service scanning
17:40:02.408 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:40:02.439 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 17:38:56
-----------------------------
17:38:56.555 OS Version: Windows x64 6.2.9200
17:38:56.555 Number of processors: 2 586 0x100
17:38:56.555 ComputerName: CHRISTIAN-PC UserName: christian
17:39:02.530 Initialize success
17:39:23.310 AVAST engine defs: 13041100
17:39:24.495 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
17:39:34.782 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
17:39:34.798 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
17:39:34.907 Disk 0 MBR read successfully
17:39:34.922 Disk 0 MBR scan
17:39:34.938 Disk 0 Windows 7 default MBR code
17:39:34.954 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:39:34.985 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149899 MB offset 206848
17:39:35.000 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 326938 MB offset 307200000
17:39:35.078 Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:42.754 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:39:42.754 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
17:39:52.673 Service scanning
17:40:02.408 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:40:11.178 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:40:11.193 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 17:38:56
-----------------------------
17:38:56.555 OS Version: Windows x64 6.2.9200
17:38:56.555 Number of processors: 2 586 0x100
17:38:56.555 ComputerName: CHRISTIAN-PC UserName: christian
17:39:02.530 Initialize success
17:39:23.310 AVAST engine defs: 13041100
17:39:24.495 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
17:39:34.782 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
17:39:34.798 Disk 0 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 11
17:39:34.907 Disk 0 MBR read successfully
17:39:34.922 Disk 0 MBR scan
17:39:34.938 Disk 0 Windows 7 default MBR code
17:39:34.954 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:39:34.985 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149899 MB offset 206848
17:39:35.000 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 326938 MB offset 307200000
17:39:35.078 Disk 0 scanning C:\WINDOWS\system32\drivers
17:39:42.754 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:39:42.754 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
17:39:52.673 Service scanning
17:40:02.408 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:40:11.178 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:40:11.193 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
17:40:22.183 Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:40:22.183 The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
Gruß Christian |
|
12.04.2013, 12:21
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Oder Virus MyDuirtyHobby Was hast du denn, das Log sieht doch jetzt von der FOrm her schon richtig aus und der MBR wird als default bewertet
__________________JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ |
|
12.04.2013, 15:20
| #19 |
| | Trojaner Oder Virus MyDuirtyHobby Junkware Removal Tool Scan : Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 8 Pro x64
Ran by christian on 12.04.2013 at 15:06:31,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Failed to delete: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3240727
Failed to delete: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Failed to delete: [Registry Key] hkey_classes_root\wow6432node\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\christian\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\christian\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\pricegong"
Failed to delete: [Folder] "C:\Program Files (x86)\conduit"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.04.2013 at 15:22:04,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 12/04/2013 um 16:26:17 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 8 Pro (64 bits)
# Benutzer : christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\christian\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3240727
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16519
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [813 octets] - [12/04/2013 16:26:17]
########## EOF - C:\AdwCleaner[S1].txt - [872 octets] ##########
Code:
ATTFilter OTL logfile created on: 12.04.2013 16:36:18 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,62 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 83,19% Memory free 8,75 Gb Paging File | 7,47 Gb Available in Paging File | 85,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 94,30 Gb Free Space | 64,42% Space Free | Partition Type: NTFS Drive D: | 319,28 Gb Total Space | 231,42 Gb Free Space | 72,48% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) PRC - C:\Users\christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.3.0.36\wincfi39.dll () ========== Services (SafeList) ========== SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symelam.sys (Symantec Corporation) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130411.032\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130411.032\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130411.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\..\SearchScopes\{5DC0A4BF-1C4C-4860-88BE-EA8BEE81807B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3240727&CUI=UN17145204502017115 IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3222981501-673947319-3682308242-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar-Player: C:\Program Files (x86)\phonostar-Player\npphonostarDetectNP.dll File not found FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.03.29 10:04:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.10 15:18:21 | 000,000,000 | ---D | M] [2013.03.10 20:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions [2013.03.10 20:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions\home2@tomtom.com O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [SkyDrive] C:\Users\christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-3222981501-673947319-3682308242-1001..\RunOnce: [Uninstall C:\Users\christian\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\christian\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AF3FD91-1B42-43AF-B4FF-23091C79B936}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 16:23:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2013.04.12 15:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.04.12 15:06:16 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.12 15:05:53 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe [2013.04.12 10:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2013.04.12 10:42:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ztvcabinet.dll [2013.04.12 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Simply Super Software [2013.04.12 10:02:29 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe [2013.04.12 10:00:26 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2013.04.12 10:00:15 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll [2013.04.12 10:00:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll [2013.04.12 10:00:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll [2013.04.12 10:00:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2013.04.12 10:00:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll [2013.04.12 10:00:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll [2013.04.12 10:00:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2013.04.12 10:00:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll [2013.04.12 10:00:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll [2013.04.11 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Diagnostics [2013.04.11 16:27:30 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\CrashDumps [2013.04.11 11:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.11 11:54:16 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\mbar-1.01.0.1022 [2013.04.11 11:52:10 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe [2013.04.11 09:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2013.04.10 15:22:40 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll [2013.04.10 15:22:40 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll [2013.04.10 15:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.04.10 15:06:28 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Simply Super Software [2013.04.10 15:06:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover [2013.04.10 15:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2013.04.10 15:05:49 | 010,488,608 | ---- | C] (Simply Super Software ) -- C:\Users\christian\Desktop\trjsetup682.exe [2013.04.02 08:34:51 | 001,139,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symefa64.sys [2013.04.02 08:34:51 | 000,796,248 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtsp64.sys [2013.04.02 08:34:51 | 000,493,656 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symds64.sys [2013.04.02 08:34:51 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symnets.sys [2013.04.02 08:34:51 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ironx64.sys [2013.04.02 08:34:51 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys [2013.04.02 08:34:51 | 000,036,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtspx64.sys [2013.04.02 08:34:51 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symelam.sys [2013.04.02 08:34:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024 [2013.04.01 07:52:16 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\DidgeridooMedita [2013.03.29 10:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013.03.29 10:06:18 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Symantec [2013.03.29 10:04:46 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS [2013.03.29 10:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.03.29 10:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.03.29 10:03:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\drivers\NISx64 [2013.03.29 10:03:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security CBE [2013.03.29 10:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security CBE [2013.03.29 10:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.03.29 10:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.03.29 09:37:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.03.26 11:31:42 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Amazon MP3 [2013.03.26 11:31:42 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Amazon [2013.03.26 11:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2013.03.26 11:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.03.21 09:37:45 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys [2013.03.19 09:29:46 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys [2013.03.19 09:29:44 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys [2013.03.13 16:58:23 | 000,692,576 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2013.03.13 16:58:23 | 000,078,176 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl ========== Files - Modified Within 30 Days ========== [2013.04.12 16:37:10 | 000,000,624 | ---- | M] () -- C:\Users\christian\Desktop\Trojaner. MyDirtyHobby.de Spam Abrechnung Mydirtyhobby.de GmbH - Trojaner-Board.website [2013.04.12 16:32:26 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013.04.12 16:32:26 | 000,751,892 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2013.04.12 16:32:26 | 000,710,046 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013.04.12 16:32:26 | 000,155,620 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2013.04.12 16:32:26 | 000,132,416 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013.04.12 16:30:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.12 16:29:54 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.12 16:27:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.12 16:27:47 | 2252,799,999 | -HS- | M] () -- C:\hiberfil.sys [2013.04.12 16:23:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe [2013.04.12 16:21:15 | 000,613,083 | ---- | M] () -- C:\Users\christian\Desktop\adwcleaner.exe [2013.04.12 15:05:54 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe [2013.04.12 10:44:28 | 002,203,135 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\Cat.DB [2013.04.12 10:42:29 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2013.04.11 16:35:17 | 000,421,792 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.04.11 11:52:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe [2013.04.11 11:48:24 | 012,894,739 | ---- | M] () -- C:\Users\christian\Desktop\mbar-1.01.0.1022.zip [2013.04.11 09:44:37 | 000,000,000 | ---- | M] () -- C:\Users\christian\defogger_reenable [2013.04.11 09:25:18 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2013.04.11 09:12:30 | 000,002,763 | ---- | M] () -- C:\Users\christian\Desktop\Microsoft Outlook 2010.lnk [2013.04.11 09:12:30 | 000,002,671 | ---- | M] () -- C:\Users\christian\Desktop\Microsoft Excel 2010.lnk [2013.04.11 09:12:30 | 000,002,665 | ---- | M] () -- C:\Users\christian\Desktop\Microsoft Word 2010.lnk [2013.04.10 15:05:59 | 010,488,608 | ---- | M] (Simply Super Software ) -- C:\Users\christian\Desktop\trjsetup682.exe [2013.04.10 11:14:15 | 000,000,575 | ---- | M] () -- C:\Users\christian\Desktop\China Wholesale Electronics - Tablet pc Wholesale - Cell phone wholesale - Dropship From China - ahappydeal.com.website [2013.04.09 15:41:12 | 000,002,545 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security CBE.lnk [2013.04.09 15:40:14 | 000,014,818 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\VT20130115.021 [2013.04.08 10:05:23 | 000,000,207 | ---- | M] () -- C:\Users\christian\Desktop\Youngcars24 UG (haftungsbeschränkt).url [2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2013.04.01 08:42:26 | 008,534,090 | ---- | M] () -- C:\Users\christian\Desktop\1-07 Bilder im Kopf.m4a [2013.03.29 10:04:45 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS [2013.03.29 10:04:45 | 000,007,466 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT [2013.03.29 10:04:45 | 000,000,855 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF [2013.03.22 18:41:30 | 000,000,535 | ---- | M] () -- C:\Users\christian\Desktop\TomTom Reparatur Service, Navi Reparatur Service Sachsen, Becker, Falk, Garmin, TomTom, Navigon, keine grauen Haare, graue Haar.website ========== Files Created - No Company Name ========== [2013.04.12 16:21:15 | 000,613,083 | ---- | C] () -- C:\Users\christian\Desktop\adwcleaner.exe [2013.04.12 10:42:28 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2013.04.12 10:42:24 | 000,162,304 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunrar36.dll [2013.04.12 10:42:24 | 000,153,088 | ---- | C] () -- C:\WINDOWS\SysWow64\UNRAR3.dll [2013.04.12 10:42:24 | 000,075,264 | ---- | C] () -- C:\WINDOWS\SysWow64\unacev2.dll [2013.04.11 16:35:04 | 000,421,792 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2013.04.11 11:48:21 | 012,894,739 | ---- | C] () -- C:\Users\christian\Desktop\mbar-1.01.0.1022.zip [2013.04.11 10:09:22 | 000,000,624 | ---- | C] () -- C:\Users\christian\Desktop\Trojaner. MyDirtyHobby.de Spam Abrechnung Mydirtyhobby.de GmbH - Trojaner-Board.website [2013.04.11 09:44:37 | 000,000,000 | ---- | C] () -- C:\Users\christian\defogger_reenable [2013.04.11 09:25:18 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2013.04.11 09:25:18 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2013.04.10 15:06:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\ztvunace26.dll [2013.04.09 15:40:14 | 002,203,135 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\Cat.DB [2013.04.09 15:40:14 | 000,014,818 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\VT20130115.021 [2013.04.08 10:05:18 | 000,000,207 | ---- | C] () -- C:\Users\christian\Desktop\Youngcars24 UG (haftungsbeschränkt).url [2013.04.06 09:21:14 | 008,534,090 | ---- | C] () -- C:\Users\christian\Desktop\1-07 Bilder im Kopf.m4a [2013.04.02 08:34:51 | 000,009,670 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symelam64.cat [2013.04.02 08:34:51 | 000,007,611 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat [2013.04.02 08:34:51 | 000,007,601 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symnet64.cat [2013.04.02 08:34:51 | 000,007,593 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\iron.cat [2013.04.02 08:34:51 | 000,007,589 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtspx64.cat [2013.04.02 08:34:51 | 000,007,587 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symefa64.cat [2013.04.02 08:34:51 | 000,007,585 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtsp64.cat [2013.04.02 08:34:51 | 000,007,581 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symds64.cat [2013.04.02 08:34:51 | 000,003,434 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symefa.inf [2013.04.02 08:34:51 | 000,002,852 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symds.inf [2013.04.02 08:34:51 | 000,001,440 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symnet.inf [2013.04.02 08:34:51 | 000,001,438 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtsp64.inf [2013.04.02 08:34:51 | 000,001,420 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\srtspx64.inf [2013.04.02 08:34:51 | 000,000,996 | R--- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symelam.inf [2013.04.02 08:34:51 | 000,000,853 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\ccsetx64.inf [2013.04.02 08:34:51 | 000,000,767 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\iron.inf [2013.04.02 08:34:30 | 000,014,818 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\symvtcer.dat [2013.04.02 08:34:30 | 000,000,172 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\NISx64\1403000.024\isolate.ini [2013.03.29 10:04:46 | 000,007,466 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.CAT [2013.03.29 10:04:46 | 000,000,855 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.INF [2013.03.29 10:04:43 | 000,002,545 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security CBE.lnk [2013.03.22 18:41:14 | 000,000,535 | ---- | C] () -- C:\Users\christian\Desktop\TomTom Reparatur Service, Navi Reparatur Service Sachsen, Becker, Falk, Garmin, TomTom, Navigon, keine grauen Haare, graue Haar.website [2013.03.18 14:14:17 | 000,000,575 | ---- | C] () -- C:\Users\christian\Desktop\China Wholesale Electronics - Tablet pc Wholesale - Cell phone wholesale - Dropship From China - ahappydeal.com.website [2013.02.09 10:50:43 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2013.02.07 20:06:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 16:36:18 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\christian\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,62 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 83,19% Memory free
8,75 Gb Paging File | 7,47 Gb Available in Paging File | 85,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 94,30 Gb Free Space | 64,42% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 231,42 Gb Free Space | 72,48% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052AFFEB-69F6-4F89-AD9F-E49A01F15B2A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12441445-0282-4A86-A2FC-F07205B7E578}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{178F28FA-182C-4DEF-858A-2DEC7C709CA8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{19411098-8FBA-4796-A40E-38931E1A1D3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1E7E3276-04DA-42EF-B999-3B27294AEEE8}" = lport=139 | protocol=6 | dir=in | app=system |
"{23AFE9A1-45F5-423C-81D8-F55E5116C5FC}" = rport=138 | protocol=17 | dir=out | app=system |
"{26FBA3B2-77AE-4E7F-B4F2-4E1BCAAF9899}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B4226C0-981B-4DC3-A13F-C0AFEA1AF6EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4622C1A0-EB9B-42E1-869C-CB7E4A2673A4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A8EC2CA-11CD-414F-8CD8-3E9DFB18AD24}" = rport=139 | protocol=6 | dir=out | app=system |
"{71C19FE9-2684-4657-A9A8-947EA427A063}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84D4CEA5-93EF-46A9-8FD7-DADE81E8479C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8C29147E-81CA-41A9-B96D-3ECB06D44E89}" = lport=445 | protocol=6 | dir=in | app=system |
"{8D1287BD-A66D-4D2B-BC3C-4A2D9E1ED1DE}" = lport=138 | protocol=17 | dir=in | app=system |
"{8EB934F8-1E39-4064-B003-5F42DA5F4796}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A49B00B6-1C0F-475F-9869-83736FACE7EF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C6D4C8B7-E524-4B05-8C9A-689481850E72}" = rport=445 | protocol=6 | dir=out | app=system |
"{C76695F6-947B-466A-B369-C0907AE7B6E1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC71709F-A185-447B-B51F-974A779A676C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E4D98E74-1914-4551-8C80-ADC7457E00D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{F1B7F296-71C2-420B-8C6D-7532F0930648}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F1D36DB2-3361-4EB2-896C-D818F54AE85D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F65709E3-8392-4637-B43E-9DF1B3E6C61D}" = lport=137 | protocol=17 | dir=in | app=system |
"{F7075AD7-B43B-4FF1-95B8-425C4DD379EE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09224A6C-DCCB-4CF1-AECF-6196F2453F9B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{093664DF-7147-445F-B20B-69B47B5E0271}" = dir=in | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{13EE0C73-1A37-4771-B780-4955846A7AEB}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{178B1F19-A2F3-4462-84CB-9520311E9380}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1C1F5CB5-35DA-423B-A2ED-1515F61EB9C8}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{1C823472-F260-4D5C-B942-76BC12289431}" = protocol=6 | dir=out | app=system |
"{1F4D494D-AF4C-4339-BDD2-6E72019E0070}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{20F2B2C1-B791-4C7F-BFF6-018EF68817D6}" = dir=in | app=c:\users\christian\appdata\local\microsoft\skydrive\skydrive.exe |
"{22467476-FBFB-4A33-951D-53E305E2BCA8}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{275C95F5-C310-403E-AF88-B24CB62E18DB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2F4F5257-BBA9-4EB2-9EF9-F492D4A60F98}" = dir=in | name=hp printer control |
"{34F09BB7-16AB-4397-B4A1-47FDACCAB8E5}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{38FDDD2B-26F3-453B-BD9F-3443CA604CCD}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{3916CAC3-1585-4F9D-BA5A-E9BF0AA98CB4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E7E87DC-D49D-4D3E-927A-789608840F8E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{4F8B0571-A295-42E4-8A5C-A1D267D03419}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{55DB5882-3E39-42D1-A391-D491997839B1}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{5F4BAAB3-D081-44BD-9C7D-210627BE8BCD}" = dir=out | name=tv movie |
"{602D674C-CA8E-4203-A274-FCD69895B16B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{666B9F57-4CA4-4F88-98A0-C82F9A70D70C}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{6A16D818-ABFB-4A97-86D6-17D268151D10}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{6B75A029-1704-4C6C-8B17-B7F091CF3D90}" = dir=out | name=kicker |
"{6E957344-3B56-4A16-83FF-6116FA40A81D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73BB71B6-94A9-4BD3-A15A-8AF862626E44}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{7599921D-139F-4856-A061-B19383D64A40}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{771D2365-8C56-4094-BB9F-06A9C2D7FA08}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{7F606725-605F-4A90-82FC-08F68CBF3B19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{81941C1E-D726-464D-B026-0238D1E4FEB3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{827D0665-9A85-458A-9F84-E1B56EED03D2}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{8735E5F9-60F2-4C44-951F-AE6513BD7758}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BF823E5-3B24-4AC9-97BF-E202378495E7}" = dir=out | name=hp printer control |
"{8CEBE975-CC4B-4C9A-B852-43986A2DBE22}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{90E8179F-2505-4501-80B4-F77412240224}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{91BC75DC-87F5-4885-916F-586798265A4E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{92A004BB-61B2-4CCD-ACE7-CE559984DD26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98AB24FE-3C91-4805-8434-4C87CCC78359}" = dir=out | name=pinball fx2 |
"{A228BED2-11A9-4B79-A0E2-A1FCAC196657}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6727DCB-1CA5-48C9-B88E-0E111232D5D5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ACA551E3-06FF-4794-948A-31F3D2520EB8}" = dir=in | name=pinball fx2 |
"{BA58C242-1E44-4236-B23B-BBDF731A9D08}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BC692AF3-8336-4239-A622-3F804D6BDAD4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD804870-E5EB-4251-8B0F-F22F2B54A81C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C1851F36-B254-4131-9923-62E9B8597F1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEB1E28D-AC3B-410C-AE6D-7092B100F8C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CEE4F5E2-71EE-4C72-8C66-E337D897AD11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2197747-7505-4336-99CF-F491CD8A424C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D6874B98-2AF2-420D-9F3D-0CC8CC0F503E}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D704C5FB-F42C-47D5-A4ED-27FC93ED5860}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E0AD3F8A-8263-4949-B283-ECDE4AE640AA}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E4AF300F-C459-46C3-A5ED-ABD770DF7020}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{ED64B491-6CBF-4DA4-A343-57EC7A5245C8}" = dir=out | name=bild tablet |
"{EFE1555B-DAD6-477D-8D44-A97A2113DECD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F015CF47-967C-4106-9647-5D3804159439}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F3411C6A-E104-4D47-AFF1-12125586A327}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F3C9790D-D530-4FA6-A2EB-389D8C3E21FB}" = dir=out | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{F59BB980-7B83-4F4F-B479-2358718F97D1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F6613A01-436D-4ABD-A0AF-288567415B5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{E5793A4B-8D89-4347-A07A-72FEBFFEB398}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B7C1DE25-E31C-48A1-AD1C-F08455FC1526}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{605540BB-36B3-49F0-96D8-B760CBD6E0E8}_is1" = 3M Products Update version 2012-05 for Microsoft Office 2010
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{EC5F4C1B-F838-4CB7-8561-8F809296428B}" = TomTom HOME
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Free Audio Converter_is1" = Free Audio Converter version 5.0.22.128
"KigoVideoConverter_is1" = KigoVideoConverter 1.1.0
"NIS" = Norton Internet Security CBE
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Trojan Remover_is1" = Trojan Remover 6.8.5
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3222981501-673947319-3682308242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2013 11:40:26 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x105c Startzeit der fehlerhaften Anwendung: 0x01ce36caada0db72 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 20da441d-a2be-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 03:54:24 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x175c Startzeit der fehlerhaften Anwendung: 0x01ce3752c5ec277d Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 30a19beb-a346-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 03:55:55 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xa64 Startzeit der fehlerhaften Anwendung: 0x01ce3752fb2a57ae Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 66d303ca-a346-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 03:58:40 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x16c8 Startzeit der fehlerhaften Anwendung: 0x01ce375353dc6b39 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: c93a6158-a346-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:01:03 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x84c Startzeit der fehlerhaften Anwendung: 0x01ce3753ad2668a3 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 1e8bc140-a347-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:02:39 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xdd8 Startzeit der fehlerhaften Anwendung: 0x01ce3753eafc62c0 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 5806bf8c-a347-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:04:27 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xc74 Startzeit der fehlerhaften Anwendung: 0x01ce37542c50dac7 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 97fbcd8a-a347-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:09:56 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0x1794 Startzeit der fehlerhaften Anwendung: 0x01ce3754eb5451ba Pfad der
fehlerhaften Anwendung: C:\Users\christian\Downloads\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 5c3cc4ed-a348-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 04:16:10 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771,
Zeitstempel: 0x5147644e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16420,
Zeitstempel: 0x505aaa82 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0004f44d ID des fehlerhaften
Prozesses: 0xe4c Startzeit der fehlerhaften Anwendung: 0x01ce3755c9b7c4e2 Pfad der
fehlerhaften Anwendung: C:\Users\christian\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll Berichtskennung: 3ae267a1-a349-11e2-be8e-bc5ff47a39d1
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 10:30:07 | Computer Name = Christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LiveComm.exe, Version: 16.4.4406.1205,
Zeitstempel: 0x50bfdb8c Name des fehlerhaften Moduls: Windows.Networking.dll, Version:
6.2.9200.16496, Zeitstempel: 0x50eccd72 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000028df8
ID
des fehlerhaften Prozesses: 0x994 Startzeit der fehlerhaften Anwendung: 0x01ce3789fb92115d
Pfad
der fehlerhaften Anwendung: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
Pfad
des fehlerhaften Moduls: C:\Windows\System32\Windows.Networking.dll Berichtskennung:
78bbf11a-a37d-11e2-be90-bc5ff47a39d1 Vollständiger Name des fehlerhaften Pakets:
microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe Anwendungs-ID,
die relativ zum fehlerhaften Paket ist: Microsoft.WindowsLive.Mail
[ System Events ]
Error - 29.03.2013 06:06:44 | Computer Name = Christian-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 29.03.2013 07:11:18 | Computer Name = Christian-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 02.04.2013 05:07:21 | Computer Name = Christian-PC | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
Error - 02.04.2013 06:04:51 | Computer Name = Christian-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"H:" können nicht gelesen werden.
Error - 03.04.2013 08:10:21 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 09.04.2013 09:40:52 | Computer Name = Christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?04.?2013 um 15:07:53 unerwartet heruntergefahren.
Error - 11.04.2013 04:32:22 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 11.04.2013 04:36:09 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 11.04.2013 04:38:55 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
Error - 11.04.2013 04:45:59 | Computer Name = Christian-PC | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
12.04.2013, 16:14
| #20 |
| | Trojaner Oder Virus MyDuirtyHobby So das waren alle ich danke dir schon mal für deine Auswertungen gruß Christian |
|
13.04.2013, 12:41
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Oder Virus MyDuirtyHobby Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ --> Trojaner Oder Virus MyDuirtyHobby |
|
13.04.2013, 14:01
| #22 |
| | Trojaner Oder Virus MyDuirtyHobby Malwarebytes Anti-Malware Ergebnis Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.13.02 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16540 christian :: CHRISTIAN-PC [Administrator] 13.04.2013 13:54:30 mbam-log-2013-04-13 (13-54-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 430525 Laufzeit: 1 Stunde(n), 4 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e13ab6cd83eaa24999586c8a4ee22bae
# engine=13611
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-13 02:17:34
# local_time=2013-04-13 04:17:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=3591 16777213 100 91 85771 128459239 0 0
# compatibility_mode=5893 16776574 100 94 1408156 6451753 0 0
# scanned=234319
# found=0
# cleaned=0
# scan_time=4334
|
|
13.04.2013, 15:35
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Oder Virus MyDuirtyHobby Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2013, 16:51
| #24 |
| | Trojaner Oder Virus MyDuirtyHobby Alles Bestens in Ordnung deinen Rat habe ich sofort angenommen und so eingestellt das nach dem beenden des Browsers immer alles wieder gelöscht wird. vielen vielen dank für diese schnelle und kompetente Hilfe Wahnsinn was das hier für eine Service ist kann man irgendwie etwas spenden oder so das würde ich gerne tun. danke Gruß Christian |
|
13.04.2013, 16:57
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Oder Virus MyDuirtyHobby Dann wären wir durch!  Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2013, 17:02
| #26 |
| | Trojaner Oder Virus MyDuirtyHobby Ich danke von ganzem Herzen und habe als Dankeschön eine spende getätigt Gruß Christian |
|
14.04.2013, 15:14
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Oder Virus MyDuirtyHobby für deine Spende!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner Oder Virus MyDuirtyHobby |
| adobe, adobe flash player, autorun, becker, bho, bonjour, c:\windows\system32\cmd.exe, explorer, firefox, flash player, format, harddisk, home, logfile, microsoft, programme, realtek, registry, scan, security, senden, super, symantec, system, tablet, temp, trojaner, virus, wmp |
Linear-Darstellung
