| |
| |||||||
Log-Analyse und Auswertung: Laptop infiziert mit ihavenet.comWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
24.05.2013, 16:15
| #1 |
 |  Laptop infiziert mit ihavenet.com Hallo liebe Forumsmitglieder! Auf meinem Laptop hat sich dieser fiese ihavenet.com-Trojaner eingenistet  . Das Windows-Sicherheitscenter ist deaktiviert und lässt sich nicht mehr aktivieren und beim Surfen werde ich ständig auf andere Seiten umgeleitet. Meistens ist es ihavenet.com, aber nicht immer. Weil ich einen Werbeblocker installiert hab, kann ich nicht sehen, was dort angezeigt wird. Das ist das erste Mal, dass ich mit so einem Schädlingsbefall zu tun hab und ich hab keine Ahnung, wie ich den wieder loswerden kann  . Ich hoffe, ihr könnt mir helfen, bitte?Hier ist die OTL.txt (Ich habe "Scanne alle Benutzer" aktiviert): OTL logfile created on: 24.05.2013 16:10:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 70,47% Memory free 7,99 Gb Paging File | 6,58 Gb Available in Paging File | 82,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 117,09 Gb Total Space | 85,61 Gb Free Space | 73,12% Space Free | Partition Type: NTFS Drive D: | 348,57 Gb Total Space | 338,71 Gb Free Space | 97,17% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.24 15:55:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.05.07 20:22:20 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.05.07 20:22:17 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2013.03.27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2013.03.27 11:54:05 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.27 11:53:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.20 22:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.28 12:53:44 | 001,194,504 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 12:53:44 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV - [2013.05.15 19:25:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.07 20:22:20 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.04.12 22:29:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2013.03.27 11:54:05 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.27 11:53:39 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.22 16:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.11 15:20:54 | 000,335,288 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2013.03.27 11:54:16 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.27 11:54:16 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.27 11:54:16 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.12.13 11:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2012.11.28 13:08:44 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.11.28 12:50:32 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.11.28 12:31:32 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2012.11.28 12:30:04 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.11.22 16:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/german IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 AF B9 40 AB CD CD 01 [binary data] IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\SearchScopes\{84B882D9-66EF-41A2-9AD5-A754D168469E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=0a38c308-1d12-4dcb-b48d-669a227fd36f&apn_sauid=CAEC86B4-5E44-45A6-BDD4-8E9BA7843FD2 IE - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.05.04 21:33:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.05.04 21:33:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:29:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.07 20:09:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 22:29:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.07 20:09:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.11.28 22:23:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.12.02 15:09:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\extensions [2012.12.02 16:27:48 | 000,000,000 | ---D | M] (IncrediMail MediaBar Deutsch 2) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\extensions\{990af1c2-5a27-4460-8149-ecc6bc122af3} [2012.12.02 15:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ccc7q0f.default\extensions [2012.12.02 16:27:46 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ccc7q0f.default\extensions\toolbar@ask.com [2013.05.09 11:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tqnbumyk.default\extensions [2013.05.04 21:33:29 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tqnbumyk.default\extensions\ffxtlbr@zonealarm.com [2013.01.16 22:13:04 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\tqnbumyk.default\extensions\toolbar@ask.com [2012.11.28 22:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yijgufzc.default\extensions [2013.02.09 19:38:48 | 000,004,270 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\addon@gutscheine-live.de.xpi [2013.02.09 19:38:48 | 000,018,981 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\alarm@gutscheinsammler.de.xpi [2013.02.09 19:31:50 | 000,087,753 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\ciuvo-extension@billiger.de.xpi [2013.02.09 19:34:02 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\extension@ciuvo.com.xpi [2013.02.09 19:38:48 | 000,011,951 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\info@gutscheinheld.de.xpi [2013.02.09 19:38:48 | 000,016,460 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\shopclever@extension.xpi [2013.02.09 19:38:48 | 000,149,831 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\{239cc760-75a9-4276-b1fc-c0ceb963f373}.xpi [2013.02.09 22:42:04 | 000,328,332 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2013.05.09 11:35:55 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.08 18:17:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.01.23 12:46:58 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\ffxtlbr@zonealarm.com\content\Abine\chrome\content\ff\view_expiry.js [2012.08.06 16:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\toolbar@ask.com\chrome\content\view_expiry.js [2012.08.07 01:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\tqnbumyk.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.j s [2012.12.02 15:26:52 | 000,002,413 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\4ccc7q0f.default\searchplugins\askcom.xml [2013.04.12 22:29:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 22:29:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.20 09:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 09:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.20 09:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 09:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 09:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 09:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll (Montera Technologeis LTD) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found. O3 - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKU\S-1-5-21-3177629839-3943153019-229376302-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3177629839-3943153019-229376302-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_SEF23.tmp" /EF "HKCU" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{753AB398-11AF-4DE0-83BD-DC9645EC3859}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.24 15:55:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.11 16:49:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.05.11 15:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer [2013.05.11 15:20:54 | 000,335,288 | ---- | C] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv11.sys [2013.05.11 15:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B-Alive [2013.05.11 14:34:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.05.11 10:28:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Der Bauernhof [2013.05.11 10:28:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Der Bauernhof [2013.05.11 09:17:03 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\Windows\SysWow64\dxtmeta2.dll [2013.05.10 17:06:14 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.07 20:22:59 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 22:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner ========== Files - Modified Within 30 Days ========== [2013.05.24 16:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.24 15:55:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.24 15:53:46 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.05.24 15:22:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.24 15:15:49 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 15:15:49 | 000,015,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.24 15:08:21 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\XOQTMSAFP.job [2013.05.24 15:07:58 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys [2013.05.19 19:18:41 | 000,348,160 | RHS- | M] () -- C:\Windows\SysWow64\msdartw.dll [2013.05.18 11:50:28 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000D53.LCS [2013.05.18 11:48:13 | 000,302,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 20:35:19 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.15 20:35:19 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.15 20:35:19 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.15 20:35:19 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.15 20:35:19 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.11 15:20:54 | 000,335,288 | ---- | M] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv11.sys [2013.05.11 10:28:15 | 000,001,597 | ---- | M] () -- C:\Users\***\Desktop\Der Bauernhof.lnk [2013.05.11 10:28:15 | 000,000,881 | ---- | M] () -- C:\Users\***\Desktop\Der Bauernhof Anleitung.lnk [2013.05.10 22:13:07 | 003,119,840 | ---- | M] () -- C:\Users\***\Desktop\Vorgarten.ods [2013.05.07 20:22:35 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 22:19:46 | 000,008,452 | ---- | M] () -- C:\Users\Public\Documents\cc_20130505_221942.reg [2013.05.04 21:35:31 | 000,417,563 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013.05.02 22:48:50 | 000,085,757 | ---- | M] () -- C:\Users\***\Desktop\Garten.ods ========== Files Created - No Company Name ========== [2013.05.24 15:53:46 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.05.19 19:18:41 | 000,348,160 | RHS- | C] () -- C:\Windows\SysWow64\msdartw.dll [2013.05.19 19:18:41 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\XOQTMSAFP.job [2013.05.11 15:20:55 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000D53.LCS [2013.05.11 10:28:15 | 000,001,597 | ---- | C] () -- C:\Users\***\Desktop\Der Bauernhof.lnk [2013.05.11 10:28:15 | 000,000,881 | ---- | C] () -- C:\Users\***\Desktop\Der Bauernhof Anleitung.lnk [2013.05.05 22:19:44 | 000,008,452 | ---- | C] () -- C:\Users\Public\Documents\cc_20130505_221942.reg [2012.12.09 15:20:22 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.12.09 15:20:22 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.12.09 15:20:22 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.12.09 15:20:22 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.12.09 15:20:22 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.12.09 15:20:22 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.12.09 15:20:22 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.12.09 15:20:22 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.12.09 15:20:22 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.12.09 15:20:22 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.12.09 15:20:22 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.12.09 15:20:22 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.12.09 15:20:22 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.12.09 15:20:22 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.12.09 15:20:22 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.12.09 15:20:22 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.12.09 15:20:22 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.12.09 15:20:22 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.12.09 15:20:22 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012.12.09 15:01:13 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.17 20:50:14 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\CheckPoint [2013.04.25 17:51:45 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\elsterformular [2013.02.03 19:58:14 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\MAGIX [2013.01.13 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\OpenOffice.org [2013.05.11 15:20:48 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\ProtectDisc [2013.02.08 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\Thunderbird [2013.02.09 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.11.28 21:07:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2013.03.26 15:13:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular [2013.01.20 16:15:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2012.12.16 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hulubulu [2012.12.16 14:37:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2012.12.02 17:15:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.12.26 18:28:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softland [2012.12.02 17:50:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Hier die Extra.txt: OTL Extras logfile created on: 24.05.2013 16:10:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,82 Gb Available Physical Memory | 70,47% Memory free 7,99 Gb Paging File | 6,58 Gb Available in Paging File | 82,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 117,09 Gb Total Space | 85,61 Gb Free Space | 73,12% Space Free | Partition Type: NTFS Drive D: | 348,57 Gb Total Space | 338,71 Gb Free Space | 97,17% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01CF8A7A-533B-41AB-B80E-23917157D5A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D8F24ED-AD7F-46D1-AEFB-D8E368F68F4C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2322C12B-31D5-4860-90CF-188F16B6AE3C}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | "{290E052E-7B1E-4396-A0F6-F9A91F8513F9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{33C14F4A-83FD-4EB5-86CA-BEA41E5B8A72}" = rport=139 | protocol=6 | dir=out | app=system | "{359AFA63-8F7F-4094-B166-CEEF15E6F7FE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{383ACCEB-4AC6-48DA-9BE2-357D9EFB2D42}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{424AD1CE-B832-4854-8301-205F2E2EADCE}" = rport=10243 | protocol=6 | dir=out | app=system | "{47F1F386-82CE-45EE-A6C1-82E1E18DD512}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{59012EEB-06D7-49F4-8F33-F0F042CB7999}" = lport=10243 | protocol=6 | dir=in | app=system | "{5D2B84B8-E06C-4466-AF8B-BC6B746E246C}" = lport=2869 | protocol=6 | dir=in | app=system | "{5D34E524-628E-4735-BF81-C2C2FF7F51A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{79BA4395-CC14-4954-B3A3-B97C8DEE023A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{81217A61-546B-415B-99F7-0F9AB64978A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{891B04DF-9337-4F7C-8162-4B080A424393}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | "{91DF5940-3B7F-437D-B36D-BE45DA31F568}" = rport=445 | protocol=6 | dir=out | app=system | "{94FB11D1-0795-4462-90DA-8206F222F571}" = lport=137 | protocol=17 | dir=in | app=system | "{9B050023-5C4F-4CDB-9DCD-C503F6C00F3D}" = lport=445 | protocol=6 | dir=in | app=system | "{A09F5266-2DD7-4200-B431-D624BBB03C15}" = lport=138 | protocol=17 | dir=in | app=system | "{A0DF2DAD-A8CA-43B2-A536-3F07E512A5D6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A6126126-5B4E-4396-8649-48294ACE7517}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B4AA0382-E437-470C-A62A-F0FD78F41948}" = rport=138 | protocol=17 | dir=out | app=system | "{B833A075-0F08-4C9C-AE8F-0CCB6E8B1753}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D578B1E8-92C1-46B6-8EDF-BEDA9525A26E}" = lport=16741 | protocol=6 | dir=in | name=windows core service | "{EF653B50-0D2D-4BE8-89BD-DCC4A4830564}" = rport=137 | protocol=17 | dir=out | app=system | "{F3C3C6DD-A6AF-4711-80C1-A4A601F7D017}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01BD915E-9D1E-4E76-82EC-B38C2327F5E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1B49B865-2716-4C06-AA4B-D2A40920301B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{24645E7F-5E4D-4C17-904C-FCD609BCB50D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{29EACCF2-9442-40FD-A21C-3F6A0436E307}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3A2AA1B5-5F8C-4BFC-A702-592691B8256B}" = protocol=6 | dir=out | app=system | "{3B9F739E-8E66-4FA2-9D5F-9EDDB947CAE5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5DD2F2D5-3531-4BBD-9BCB-E139025F159B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6BC04B72-0AF9-40C9-BC44-E7CAF1C6D8CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7577D4F8-C271-414B-AE3B-97E86EAE143B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{807F1D4F-2656-46C8-B685-FF8A85CF1242}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9AD97E32-549F-49FD-928C-0C94691EC008}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9F5A9C1B-F886-4357-97E7-6AE86330BDD7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B2393DE6-4DFE-468B-8EC4-21B7DA8291C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D3717F39-49BE-4BF5-B9CE-F69F4F95BEED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DA598FF3-AE3C-4C52-A961-33D3ECC2E66C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E1DA5EC0-6357-4C02-85E3-22A28DE322CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EE8EDE4F-DF11-46E2-B24C-926C913AABB4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F541D1FD-D036-4476-9AE6-E9612626E68D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F9E75919-6B04-4D91-8F6B-768F4FF15AE2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "doPDF 7 printer_is1" = doPDF 7.3 printer "EPSON Printer and Utilities" = EPSON-Drucker-Software "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver "ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{10D4BC5F-F73E-4CD1-A7C2-DF215307A811}" = ZoneAlarm Firewall "{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera "{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2756F572-C383-4A2E-B1F6-7315E6DA308A}" = ZoneAlarm Security "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7 "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager "{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security "{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Advanced Renamer_is1" = Advanced Renamer "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17 "Apassionata_is1" = Apassionata v1.0 "Avira AntiVir Desktop" = Avira Free Antivirus "Bauernhof" = Bauernhof "CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch "ElsterFormular" = ElsterFormular "EPSON Scanner" = EPSON Scan "fotokasten comfort_is1" = fotokasten comfort 5.0 "Gardenscapes_is1" = Gardenscapes "Horse Life_is1" = Horse Life "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "LManager" = Launch Manager "MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7 "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "Mozilla Thunderbird 17.0.6 (x86 de)" = Mozilla Thunderbird 17.0.6 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3177629839-3943153019-229376302-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.05.2013 14:18:03 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3029 Description = Error - 07.05.2013 14:18:04 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3029 Description = Error - 07.05.2013 14:18:04 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3028 Description = Error - 07.05.2013 14:18:04 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3058 Description = Error - 07.05.2013 14:18:04 | Computer Name = ***-PC | Source = Windows Search Service | ID = 7010 Description = Error - 11.05.2013 03:17:31 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: cdstart.exe, Version: 1.0.0.0, Zeitstempel: 0x0bfc3047 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020140 ID des fehlerhaften Prozesses: 0x1028 Startzeit der fehlerhaften Anwendung: 0x01ce4e1784c8e2f8 Pfad der fehlerhaften Anwendung: E:\cdstart.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d7d345bc-ba0a-11e2-a1e9-00262d5b93f5 Error - 11.05.2013 04:22:39 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: cdstart.exe, Version: 1.0.0.0, Zeitstempel: 0x0bfc3047 Name des fehlerhaften Moduls: cdstart.exe, Version: 1.0.0.0, Zeitstempel: 0x0bfc3047 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00087c57 ID des fehlerhaften Prozesses: 0x1748 Startzeit der fehlerhaften Anwendung: 0x01ce4e206f6aecb8 Pfad der fehlerhaften Anwendung: E:\cdstart.exe Pfad des fehlerhaften Moduls: E:\cdstart.exe Berichtskennung: f109f544-ba13-11e2-91e0-00262d5b93f5 Error - 11.05.2013 04:22:43 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: cdstart.exe, Version: 1.0.0.0, Zeitstempel: 0x0bfc3047 Name des fehlerhaften Moduls: cdstart.exe, Version: 1.0.0.0, Zeitstempel: 0x0bfc3047 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00087c57 ID des fehlerhaften Prozesses: 0x1748 Startzeit der fehlerhaften Anwendung: 0x01ce4e206f6aecb8 Pfad der fehlerhaften Anwendung: E:\cdstart.exe Pfad des fehlerhaften Moduls: E:\cdstart.exe Berichtskennung: f3a14a15-ba13-11e2-91e0-00262d5b93f5 Error - 13.05.2013 06:18:22 | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Apassionata.exe, Version: 0.0.0.0, Zeitstempel: 0x48f60f6e Name des fehlerhaften Moduls: Apassionata.exe, Version: 0.0.0.0, Zeitstempel: 0x48f60f6e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00279b19 ID des fehlerhaften Prozesses: 0x13d0 Startzeit der fehlerhaften Anwendung: 0x01ce4fc315a660ec Pfad der fehlerhaften Anwendung: C:\Spiele\Apassionata\Apassionata.exe Pfad des fehlerhaften Moduls: C:\Spiele\Apassionata\Apassionata.exe Berichtskennung: 70248d94-bbb6-11e2-81cd-00262d5b93f5 Error - 18.05.2013 14:59:10 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm soffice.bin, Version 3.4.9593.500 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 78c Startzeit: 01ce53f74bff9cda Endzeit: 30 Anwendungspfad: C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin Berichts-ID: [ Media Center Events ] Error - 26.03.2013 21:59:09 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 02:59:09 - Fehler beim Herstellen der Internetverbindung. 02:59:09 - Serververbindung konnte nicht hergestellt werden.. Error - 27.03.2013 05:51:05 | Computer Name = ***-PC | Source = MCUpdate | ID = 0 Description = 10:49:33 - Fehler beim Herstellen der Internetverbindung. 10:49:33 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 19.05.2013 06:18:30 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > Und hier die Gmer-Datei (Der Aivra Echtzeit-Scanner und Browser-Schutz ließen sich nicht deaktivieren): GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-24 16:37:23 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HN-M500MBB rev.2AR10001 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uxlyrkob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b51465 2 bytes [B5, 75] .text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b514bb 2 bytes [B5, 75] .text ... * 2 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075b51465 2 bytes [B5, 75] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075b514bb 2 bytes [B5, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\rundll32.exe [1756:1448] 000000000024feb0 Thread C:\Windows\SysWOW64\rundll32.exe [1756:1452] 00000000001b3a80 Thread C:\Windows\SysWOW64\rundll32.exe [1756:992] 00000000001b3a10 Thread C:\Windows\SysWOW64\rundll32.exe [1756:3220] 0000000000de80a3 Thread C:\Windows\SysWOW64\rundll32.exe [1756:3228] 0000000000de5235 Thread C:\Windows\SysWOW64\rundll32.exe [1756:3232] 0000000000de5755 Thread C:\Windows\SysWOW64\rundll32.exe [1756:3236] 00000000002738ea ---- EOF - GMER 2.1 ---- Ich hoffe, ich hab alles richtig gemacht. |
| Themen zu Laptop infiziert mit ihavenet.com |
| .com, adobe reader xi, antivir, autorun, avira, avira searchfree toolbar, bho, error, firefox, flash player, format, helper, home, homepage, iexplore.exe, ihavenet.com, install.exe, launch, logfile, loswerden, mozilla, ntdll.dll, object, plug-in, realtek, registry, rundll, scan, security, software, svchost.exe, udp |
Baum-Darstellung