|
Verschicke Spam-Emails Hallo liebe Trojaner-Boardler, Von vornherein: Ich benutze Outlook 2010 mit einer E-Mail Adresse bei GMX. Gestern Abend (09.06.2012) um 22:18:32 wurden von meinem E-Mail Account Spammails gesendet (Es sah danach aus, dass die Vorgeschlagenen Kontakte benutzt wurden, kann dies aber nicht sicher sagen). Dabei waren auch Adressen betroffen, welche nicht existieren (also mal falsch geschrieben wurden) und welche die schon älter als 2 Jahre sind. Aufmerksam darauf wurde ich durch Bekannte, die diese Mails bekommen haben und dem "Mail Delivery System", welches die Mails von den nicht existierenden Adressen nicht verschicken konnte. Die gesendeten Mails befinden sich nicht im Postausgang, weder in Outlook noch bei GMX. Hinzuzufügen ist, dass mein Computer zu dieser Zeit aus war. Was ich bisher unternommen habe(zeitlich in Reihenfolge) : - Die betroffenen E-Mail Adressen gewarnt - Systemscan mit Bitdefender 2012 (1 Cookie wurde gefunden) - Hijackthis (eine gefährliche Datei wurde entfernt) - Spybot search and destroy (10 Cookies gelöscht) - Malwarebytes Anti-Malware (nichts) - SuperAntiSpyware (315 Cookies entfernt) - Alle Kontakte (bis auf eine Fakeadresse) gelöscht um weiteres Senden dieser Mails zu verhindern Defogger hat keine Fehlermeldung wiedergegeben. Hier die OTL.txt: OTL logfile created on: 10.06.2012 13:11:39 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 61,09% Memory free 7,35 Gb Paging File | 5,84 Gb Available in Paging File | 79,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 150,51 Gb Free Space | 66,93% Space Free | Partition Type: NTFS Drive D: | 225,17 Gb Total Space | 187,98 Gb Free Space | 83,49% Space Free | Partition Type: NTFS Computer Name: BÄM | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.10 12:37:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- D:\Sony-Reader\appHelper\ReaderAppHelper.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2010.10.21 06:24:14 | 000,098,304 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.29 01:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.06.29 01:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.06.25 16:38:02 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.05.27 05:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe PRC - [2010.03.11 08:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 08:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.05.10 18:08:07 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll MOD - [2012.05.08 21:56:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012.05.08 21:56:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll MOD - [2012.05.08 21:56:01 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll MOD - [2012.05.08 21:55:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012.05.08 21:55:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012.05.08 21:55:38 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012.05.08 21:55:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2012.02.28 20:15:25 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.02.28 20:15:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- D:\Sony-Reader\appHelper\fsk.dll MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- D:\Sony-Reader\appHelper\readerAppHelper.dll MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- D:\Sony-Reader\appHelper\USBDetector.dll MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- D:\Sony-Reader\appHelper\FskNetInterface.dll MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- D:\Sony-Reader\appHelper\FskPower.dll MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- D:\Sony-Reader\appHelper\FskinLocalize.dll MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- D:\Sony-Reader\appHelper\FskTimeHardware.dll MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- D:\Sony-Reader\appHelper\ticket.dll MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- D:\Sony-Reader\appHelper\ebookDeviceNotifier.dll MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- D:\Sony-Reader\appHelper\FskDocumentViewer.dll MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- D:\Sony-Reader\appHelper\Fskin.dll MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- D:\Sony-Reader\appHelper\FskMobileMediaDevice.dll MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- D:\Sony-Reader\appHelper\FskMediaPlayers.dll MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- D:\Sony-Reader\appHelper\FskSecurity.dll MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- D:\Sony-Reader\appHelper\ebookUsb.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.06.29 01:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2012.04.06 12:58:55 | 000,066,096 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV) SRV:64bit: - [2012.04.06 12:58:47 | 001,956,616 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV) SRV:64bit: - [2010.10.20 23:26:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.04 20:01:43 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.12 05:56:08 | 000,204,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2) SRV - [2012.03.01 21:05:05 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Programme\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.07.01 06:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.07.01 06:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.06.29 01:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.25 10:08:30 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.06.11 15:27:40 | 000,821,792 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.06.02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 05:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.04.22 20:39:54 | 000,171,040 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe -- (ODDPwrSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.02.20 01:44:18 | 000,046,592 | ---- | M] (Dassault Systemes) [Auto | Running] -- D:\Catia\win_b64\code\bin\CATSysDemon.exe -- (BBDemon) SRV - [2010.01.30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.12 17:14:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.04.06 12:58:48 | 000,691,896 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3) DRV:64bit: - [2012.03.01 21:04:02 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox) DRV:64bit: - [2012.03.01 21:03:56 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv) DRV:64bit: - [2012.03.01 21:03:12 | 000,545,064 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf) DRV:64bit: - [2012.03.01 20:59:01 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos) DRV:64bit: - [2012.03.01 20:53:01 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.10.21 00:02:30 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.10.20 23:10:52 | 010,331,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010.10.20 22:52:08 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.06.25 04:13:18 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.06.25 04:12:26 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.25 04:12:26 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.06.25 04:12:24 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.06.25 04:12:24 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.06.03 21:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.04.28 08:21:38 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.28 08:21:38 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.03.11 14:17:42 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.03.03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.10 09:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.19 20:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK) DRV:64bit: - [2009.12.01 19:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009.09.23 03:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009.09.23 03:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009.09.23 03:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2009.09.23 03:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.01.02 14:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver) DRV - [2012.03.01 21:05:43 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: D:\Sony-Reader\npreaderdetectmoz.dll (Sony Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.02.28 11:54:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.03 00:58:39 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Reader Application Detector (Enabled) = D:\Sony-Reader\npreaderdetectmoz.dll CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.09 23:41:04 | 000,442,883 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15214 more lines... O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe (Microsoft) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [Reader Application Helper] D:\Sony-Reader\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5849EECF-20BB-438B-97C8-70375B895C94}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB34A0AD-FA18-4806-8B25-162234B5E3D1}: DhcpNameServer = 10.57.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell - "" = AutoRun O33 - MountPoints2\{0496327a-848e-11e1-95bf-60eb69957375}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell - "" = AutoRun O33 - MountPoints2\{35679a60-6d21-11e1-b62d-60eb69957375}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.10 09:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2012.06.10 05:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.06.10 01:59:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.06.10 01:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.09 23:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.06.09 23:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.06.09 23:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.06.07 15:45:22 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Java [2012.06.06 23:13:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\libimobiledevice [2012.06.06 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\absinthe [2012.06.06 01:39:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\redsn0w [2012.06.06 01:35:56 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\redsn0w_win_0.9.12b1 [2012.06.05 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Jailbreak to do [2012.05.26 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MATLAB2 [2012.05.11 23:22:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Skyrim [2012.05.11 23:22:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games ========== Files - Modified Within 30 Days ========== [2012.06.10 13:18:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 13:18:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.10 13:10:14 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2012.06.10 13:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.10 13:09:24 | 2962,243,584 | -HS- | M] () -- C:\hiberfil.sys [2012.06.10 12:45:04 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001UA.job [2012.06.10 12:37:02 | 000,000,154 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.06.10 12:30:13 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.10 12:30:13 | 000,656,040 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.10 12:30:13 | 000,616,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.10 12:30:13 | 000,130,640 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.10 12:30:13 | 000,106,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.09 23:41:04 | 000,442,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.09 23:28:34 | 000,001,266 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2012.06.09 11:27:59 | 000,000,084 | ---- | M] () -- C:\Users\***\Desktop\SPLITREASON.COM - - design - Man at Work.url [2012.06.08 22:18:05 | 000,000,116 | ---- | M] () -- C:\Users\***\Desktop\Alternative zu Spire oder Spite iOS 5.1.1 -.url [2012.06.08 21:45:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3034614752-1738423758-3299665760-1001Core.job [2012.06.07 15:41:13 | 000,000,130 | ---- | M] () -- C:\Users\***\Desktop\HowTo- Android-Programmierung - Newbie Guide - Android-Hilfe.de.url [2012.05.26 09:48:10 | 000,000,075 | ---- | M] () -- C:\Users\***\Desktop\HANFBURG GROWSHOP - HANFANBAU & HANFZUCHT LEHRGÄNGE.url [2012.05.24 13:55:40 | 000,000,323 | ---- | M] () -- C:\Windows\SysNative\checkdnsid.xml [2012.05.24 08:37:35 | 000,000,097 | ---- | M] () -- C:\Users\***\Desktop\Pizza Hut Pizzateig (Rezept mit Bild) von claudi77 - Chefkoch.de.url [2012.05.12 23:44:26 | 000,001,091 | ---- | M] () -- C:\Users\***\Desktop\SkyrimLauncher - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.06.10 12:37:02 | 000,000,154 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.06.09 23:28:34 | 000,001,266 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2012.06.09 11:27:59 | 000,000,084 | ---- | C] () -- C:\Users\***\Desktop\SPLITREASON.COM - - design - Man at Work.url [2012.06.08 22:18:05 | 000,000,116 | ---- | C] () -- C:\Users\***\Desktop\Alternative zu Spire oder Spite iOS 5.1.1 -.url [2012.06.07 15:41:13 | 000,000,130 | ---- | C] () -- C:\Users\***\Desktop\HowTo- Android-Programmierung - Newbie Guide - Android-Hilfe.de.url [2012.05.26 09:48:10 | 000,000,075 | ---- | C] () -- C:\Users\***\Desktop\HANFBURG GROWSHOP - HANFANBAU & HANFZUCHT LEHRGÄNGE.url [2012.05.24 08:37:35 | 000,000,097 | ---- | C] () -- C:\Users\***\Desktop\Pizza Hut Pizzateig (Rezept mit Bild) von claudi77 - Chefkoch.de.url [2012.05.12 23:44:26 | 000,001,091 | ---- | C] () -- C:\Users\***\Desktop\SkyrimLauncher - Verknüpfung.lnk [2012.05.12 18:13:12 | 1204,746,239 | ---- | C] () -- C:\Users\***\Desktop\de-essky.iso [2012.04.12 17:15:02 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini [2012.04.06 19:28:50 | 000,010,593 | ---- | C] () -- C:\Windows\CSTBox.INI [2012.03.01 19:53:01 | 000,415,635 | ---- | C] () -- C:\ProgramData\1330623337.bdinstall.bin [2012.02.28 11:46:52 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.02.28 11:46:52 | 000,191,688 | ---- | C] () -- C:\Windows\flicker.dll [2012.02.28 11:46:52 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2012.02.28 11:46:52 | 000,011,976 | ---- | C] () -- C:\Windows\setpwlin.exe [2012.02.28 11:46:52 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2012.02.28 11:46:52 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2012.02.28 11:30:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.28 11:26:21 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.11.10 17:50:01 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.11.10 17:20:12 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.11.10 17:20:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.11.10 17:20:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.11.10 17:20:12 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.11.10 17:20:12 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2011.11.10 17:20:11 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.03.01 19:52:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bitdefender [2012.04.06 16:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.04.12 17:16:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2012.04.16 18:08:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DassaultSystemes [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Deckadance19 [2012.03.08 22:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DiskAid [2012.04.17 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.04.29 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc [2012.04.17 20:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF [2012.03.03 21:21:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema [2012.03.01 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2012.06.06 01:39:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\redsn0w [2012.03.04 16:34:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SongManager [2012.06.10 13:10:14 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012.04.18 08:40:54 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt: OTL Extras logfile created on: 10.06.2012 12:59:59 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,68 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,88% Memory free 7,35 Gb Paging File | 5,67 Gb Available in Paging File | 77,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,87 Gb Total Space | 150,52 Gb Free Space | 66,94% Space Free | Partition Type: NTFS Drive D: | 225,17 Gb Total Space | 187,98 Gb Free Space | 83,49% Space Free | Partition Type: NTFS Computer Name: BÄM | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E604C60-CB03-4E52-995D-E79E8634AB11}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{251ACAC2-D903-4286-964C-A880FB3F9B34}" = lport=10243 | protocol=6 | dir=in | app=system | "{268955CF-8F65-405A-A09C-C6E04ED7652C}" = rport=10243 | protocol=6 | dir=out | app=system | "{2AFCE442-BFE2-4E4A-AA1C-17ED418DD7AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3B389085-19E1-46FF-AB6A-D9091D617FA3}" = lport=445 | protocol=6 | dir=in | app=system | "{4BF1178A-BB19-4067-B5DE-B1BC15DCD18F}" = lport=138 | protocol=17 | dir=in | app=system | "{53E9EBB5-0F1A-467B-91CD-6C291FD5CE25}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{57EB7827-1CC2-406F-8A8D-C99EDF87A662}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5C0B89F6-7E35-4E8A-8ACA-D0A500AEE227}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{671278A9-737A-4DEF-B7D6-9AC09EC7CC61}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{86F9B09C-82DA-4009-991A-1FAE0F173759}" = rport=445 | protocol=6 | dir=out | app=system | "{9479E519-8757-4EBC-8BD9-1753797B88F0}" = rport=137 | protocol=17 | dir=out | app=system | "{976ABAA3-D42E-4AE7-A1D7-CD18B8081CDA}" = rport=138 | protocol=17 | dir=out | app=system | "{A66E75EB-A9B5-4E91-B728-39B88B67F48C}" = lport=2869 | protocol=6 | dir=in | app=system | "{A9B37970-AA45-4AA4-8C65-225E6F7AAF4A}" = lport=137 | protocol=17 | dir=in | app=system | "{B30DA8E9-EF2E-473F-8601-A0854629DF85}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B744F1BC-7DAF-42CF-B482-D50EA752F0E5}" = lport=2869 | protocol=6 | dir=in | app=system | "{B8D5CC8B-C084-445E-8CE4-EB4DB0477AFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C4152E36-FC97-445B-917A-491D3BFC7A86}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CEDC279A-6D30-4BF4-8ED1-621C21AB8F17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E5AC5870-F191-44DE-AB59-A23B83742A08}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E7BD7A90-D98E-44B0-8346-7692D012E202}" = lport=139 | protocol=6 | dir=in | app=system | "{EACC6CFC-66E2-4952-8F56-5CABC7DEF698}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F11B7233-F318-4CCB-9F64-156A1696F9F0}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0BCA2755-A618-4866-B668-4B97864A02B0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\powercinema.exe | "{0BEFF176-2CFC-498B-B5B5-8A0DBD0D6171}" = dir=in | app=d:\itunes\itunes.exe | "{162BD845-ED66-4D1E-AEA3-02EA596B296B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1C197AC1-D259-430C-8A43-E167EF8FC7D0}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | "{1E385960-D782-4F1F-ABF3-348A9ADB09A2}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{1EE7F67C-6772-4594-96AD-0FED9D099D52}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{22994C4A-27F4-4AB1-BE51-CEA13275DB93}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{23FABF43-16B4-4A41-94D2-907523A412A3}" = protocol=17 | dir=in | app=d:\steam\steamapps\crisperz1\counter-strike source\hl2.exe | "{2641AA79-1673-4957-A77E-19002AF22D0B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{26A26828-DE4F-4FFF-9181-F8E71356371A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | "{27BB22AD-7C52-42F0-B718-CF82A044EE24}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{28F41CF5-3CA8-4849-BB23-7588205768E2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{29DDBE38-E317-4F0D-BD76-F4397B547C32}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | "{403C25BB-EC6B-487A-AFCA-A93FB6FB9106}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5A45AA48-1E85-4522-B993-AF25D1202A73}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{5C64D854-C9AB-4111-8970-72E556F46C3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5D9C1BD8-E2F0-487E-BA54-D5FDC23394B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{75A5DDE7-79E4-4DFE-9021-2761B8CC9525}" = protocol=6 | dir=in | app=d:\steam\steamapps\crisperz1\counter-strike source\hl2.exe | "{7935E4CF-24AE-45B0-BC6F-621A6CAAA9DF}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\pcmservice.exe | "{80A03DA7-BA40-44F1-B69C-952DD319940C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{82BF7F19-E3F9-4DD8-89B5-0AE2BC56B10A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{832C37EA-0873-459E-A6CC-BDD406FDB463}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{868DA542-0CD9-4CEB-BB1E-2F4780A06B61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{915E99F4-D29C-4F92-8804-2C7B709A76B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9558C2FC-06F4-4EEE-9C36-547FB91FB38B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{95FBC384-838E-413F-B223-82F84EADBC06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{961FA9CD-A33A-4BDE-824E-702B57AFD6F7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9BEB2345-CC8D-458B-A318-D75336616978}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{9F0684CF-6831-48B2-9E74-6C860A113203}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dmp\clbrowserengine.exe | "{A133E428-86FB-401A-A80E-E87280CC649B}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{A19976D3-5D84-4D32-95E4-B1DDDDDF9D89}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A6E3D7D8-6DB4-4715-B392-62A52448CBC6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{A7D82905-2D0A-4153-B5C0-E97EC797AFFB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{A9948276-859F-4C6C-851D-3639ACE34E98}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C034A782-1F1C-45B8-9A0A-226424B4FFCB}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{C2EFF68B-6F6F-476E-9093-EB3E77EE07B6}" = protocol=6 | dir=out | app=system | "{CB4C87DC-A47B-4DE1-8425-37545F4CCE0C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{CB5DF051-91AC-4F57-87B0-8E7E51853A31}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CB99B471-5A60-4573-BD6F-F9DF470B457D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DB3DBD9E-4EB7-4668-9046-19435A4FF0BF}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{DE88650C-FC0B-4DD6-90B4-74CDBDE0CDEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E03BBF8D-7447-463C-A194-9A0B42B3DB82}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E1773F32-B7D3-47C4-BCD6-801A6185FAF3}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\kernel\dms\clmsservice.exe | "{E3B0A80F-FE1C-49B1-ABA9-43FC11B49948}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E9FAC1C0-4EC5-4046-8AC5-11787301CEAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EA4861BF-CCCB-4017-90B2-7EB88F9203BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EFC78122-89AD-43E1-BD0B-8133C81DC907}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F8FAE1E8-4708-4FBA-A906-D9C98B2483BE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FD4E85E1-E012-483C-B504-23C76C3809C1}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{FD7D420A-FC8F-4790-BDC9-FEE2E77A8475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FEEBCE98-411D-481D-B5E3-F37106393410}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{FEEF2795-4370-451D-921C-874130A70F73}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "TCP Query User{0BCA16A4-5148-4F9A-B2EB-97BB117FCE9C}D:\catia\win_b64\code\bin\orbixd.exe" = protocol=6 | dir=in | app=d:\catia\win_b64\code\bin\orbixd.exe | "TCP Query User{B8DD8E27-1D22-4878-8823-FC14429FAB8C}D:\catia\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe | "TCP Query User{D6991E80-187B-478D-AC27-C800351A7036}D:\catia\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe | "UDP Query User{23121440-C7FF-45D0-A3AD-E56A247A8E21}D:\catia\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe | "UDP Query User{908C2632-3944-4D0C-B8A6-5DDFB896D810}D:\catia\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=d:\catia\win_b64\code\bin\cnext.exe | "UDP Query User{E32E0070-9111-41B4-AC73-8444690B377A}D:\catia\win_b64\code\bin\orbixd.exe" = protocol=17 | dir=in | app=d:\catia\win_b64\code\bin\orbixd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Antivirus Plus 2012 "{2B0B6950-2F09-4351-8638-DC6E163DE8FF}" = Nitro Pro 7 "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software "{6DBD1CB9-C0FB-86FC-D25A-52B9CA6F6E82}" = ccc-utility64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D360EAD-35A6-238B-9790-94408681FC5D}" = ATI Catalyst Install Manager "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF1EB598-B424-436A-B15F-B763846BA970}" = Dassault Systemes Software Prerequisites x86-x64 "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Bitdefender" = Bitdefender Antivirus Plus 2012 "Dassault Systemes B20_0" = Dassault Systemes Software B20 "Matlab R2011b" = MATLAB R2011b "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.11 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{093C7142-1E6A-C1B8-12C7-D784676488A9}" = CCC Help Chinese Traditional "{0D41D56D-3952-B85B-FA41-D09934AC6DD1}" = CCC Help Chinese Standard "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{13AD742D-ADB6-B3DB-89B0-96AE2F79B81D}" = ccc-core-static "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18EDC8AB-D0CF-8678-A828-3D18F21E5264}" = Catalyst Control Center InstallProxy "{1A2422A8-6D49-1734-67FF-EC4F544170DB}" = CCC Help Polish "{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{223E728C-D2B1-333B-81F8-32017DC2CCDA}" = CCC Help Norwegian "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{28EA0358-478B-5C81-D070-245CE678D75B}" = CCC Help Thai "{302B0B7E-7A19-50E1-99F7-D08FB9160973}" = CCC Help Italian "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F639515-0E53-DCF5-135C-C39B5AA42EC7}" = CCC Help Russian "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{48785B21-D8D8-48F9-3404-4CCC9AC7C375}" = CCC Help Spanish "{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{776AF279-0720-227B-7A74-AA5292C9D53A}" = CCC Help Swedish "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{84C92FC5-74D0-BFF9-36C9-880C02AE9ABE}" = CCC Help Dutch "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC "{9268B41D-6045-4F5F-A14E-3F8E51CD2666}" = Secure Download Manager "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{954BC3C0-F0A4-A48A-2585-3C059B9A2772}" = CCC Help Japanese "{981DEDC9-B1DE-DC6E-891F-E82553FBA979}" = Catalyst Control Center Graphics Previews Vista "{9959AE7D-447C-204F-F4FF-3837B5A74AEC}" = CCC Help German "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F5819DF-44D2-BE6D-8AC3-A3365FE5C49E}" = CCC Help Czech "{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English "{A28678E9-585E-FA4A-FB5C-D507AF25D1A7}" = Catalyst Control Center Localization All "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B1B5FCCC-F7AC-AE3E-6E8C-6B3407DE0B04}" = CCC Help Korean "{B2B3A9F8-2186-2999-B766-A0EDB8299174}" = CCC Help Finnish "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6D53192-1D62-3E07-15F1-27AE2519C5FC}" = CCC Help Greek "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie "{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b) "{BF9B92A9-4B53-9178-D0E4-10159D640EC1}" = CCC Help Hungarian "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C8D48524-5390-F032-C6A1-A5B7463B4CE2}" = CCC Help French "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCA523EE-7458-4D0D-1DB3-3A4C51A5EA14}" = CCC Help English "{CE76F39C-556B-C5E5-0909-E04200DB65FF}" = CCC Help Turkish "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E5405C62-539F-3774-10D3-FAC8F4CA1B4C}" = PX Profile Update "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4AD2F84-F76A-703F-4F5E-E91FDEE35B5A}" = CCC Help Portuguese "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F96602AD-82B9-B7F4-8614-E13F3D198791}" = CCC Help Danish "{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ASIO4ALL" = ASIO4ALL "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0 "DAEMON Tools Lite" = DAEMON Tools Lite "Deckadance" = Deckadance "DivX Setup" = DivX-Setup "ESET Online Scanner" = ESET Online Scanner v3 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe "InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "LManager" = Launch Manager "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Steam App 240" = Counter-Strike: Source "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.04.2012 08:40:25 | Computer Name = Bäm | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 17.04.2012 13:27:25 | Computer Name = Bäm | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: pdf24-Editor.exe, Version: 4.4.3.0, Zeitstempel: 0x4f7b2404 Name des fehlerhaften Moduls: pdf24-Editor.exe, Version: 4.4.3.0, Zeitstempel: 0x4f7b2404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002d785 ID des fehlerhaften Prozesses: 0x390 Startzeit der fehlerhaften Anwendung: 0x01cd1cbf5a243a7b Pfad der fehlerhaften Anwendung: D:\PDF24\pdf24-Editor.exe Pfad des fehlerhaften Moduls: D:\PDF24\pdf24-Editor.exe Berichtskennung: 9870e7ec-88b2-11e1-9006-60eb69957375 Error - 22.04.2012 03:08:23 | Computer Name = Bäm | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 14.0.6117.5001, Zeitstempel: 0x4f3e2d20 Name des fehlerhaften Moduls: wwlib.dll, Version: 14.0.6024.1000, Zeitstempel: 0x4d83e39d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00029fd3 ID des fehlerhaften Prozesses: 0x1328 Startzeit der fehlerhaften Anwendung: 0x01cd20562b5749a0 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Microsoft Office\Office14\wwlib.dll Berichtskennung: f249ef2f-8c49-11e1-82c1-60eb69957375 Error - 24.04.2012 16:19:22 | Computer Name = Bäm | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: reader.exe, Version: 1.1.5.13310, Zeitstempel: 0x4f28b13e Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.7.3.0, Zeitstempel: 0x4d92c65a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020366 ID des fehlerhaften Prozesses: 0x14d4 Startzeit der fehlerhaften Anwendung: 0x01cd225738c2440d Pfad der fehlerhaften Anwendung: D:\Sony-Reader\reader.exe Pfad des fehlerhaften Moduls: D:\Sony-Reader\QtCore4.dll Berichtskennung: c71ac2b9-8e4a-11e1-9695-60eb69957375 Error - 27.04.2012 11:26:00 | Computer Name = Bäm | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 27.04.2012 11:26:00 | Computer Name = Bäm | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 138669 Error - 27.04.2012 11:26:00 | Computer Name = Bäm | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 138669 Error - 28.04.2012 11:05:43 | Computer Name = Bäm | Source = Application Hang | ID = 1002 Description = Programm reader.exe, Version 1.1.5.13310 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: cf8 Startzeit: 01cd254debba944e Endzeit: 32 Anwendungspfad: D:\Sony-Reader\reader.exe Berichts-ID: 9d856c77-9143-11e1-9b19-60eb69957375 Error - 12.05.2012 06:22:15 | Computer Name = Bäm | Source = Application Hang | ID = 1002 Description = Programm steam.exe, Version 1.0.1065.11 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 874 Startzeit: 01cd302903e70b13 Endzeit: 0 Anwendungspfad: D:\Steam\steam.exe Berichts-ID: 559422ba-9c1c-11e1-b96d-60eb69957375 Error - 15.05.2012 02:20:25 | Computer Name = Bäm | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.1.21.0, Zeitstempel: 0x4ea9b052 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49d10 Ausnahmecode: 0xc0000029 Fehleroffset: 0x00090746 ID des fehlerhaften Prozesses: 0xcbc Startzeit der fehlerhaften Anwendung: 0x01cd324dfc36c506 Pfad der fehlerhaften Anwendung: D:\The Elder Scrolls V- Skyrim\TESV.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0e4e64d4-9e56-11e1-b4a7-60eb69957375 [ System Events ] Error - 09.06.2012 17:55:50 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: trufos Error - 09.06.2012 19:32:30 | Computer Name = Bäm | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 09.06.2012 19:32:30 | Computer Name = Bäm | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 09.06.2012 19:33:54 | Computer Name = Bäm | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 09.06.2012 19:33:54 | Computer Name = Bäm | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error - 10.06.2012 03:43:56 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: trufos Error - 10.06.2012 04:04:24 | Computer Name = Bäm | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 10.06.2012 04:05:00 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: trufos Error - 10.06.2012 06:52:09 | Computer Name = Bäm | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SAS Core Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 10.06.2012 06:52:59 | Computer Name = Bäm | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: trufos < End of report > Und zu guter Letzt noch die Mail, welche vom Mail Delivery System zurück gegeben wurde: --- The header of the original message is following. --- Received: from msvc021.dlan.cinetic.de (msvc021.dlan.cinetic.de [172.19.126.63]) by mrelay.gmx.net (node=mrgmx001) with ESMTP (Nemesis) id 0LymHf-1RrEkh1s8t-015UUs; Sat, 09 Jun 2012 22:18:32 +0200 Received: from [65.255.61.228] by msvc021.dlan.cinetic.de with HTTP; Sat Jun 09 22:18:32 CEST 2012 MIME-Version: 1.0 Message-ID: <trinity-56510f93-cf64-426b-9fa3-65426b502380-1339273112229@msvc021.dlan.cinetic.de> From: *** To:*** Subject: Hey Friend How are you?!! Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Importance: normal Date: Sat, 9 Jun 2012 22:18:32 +0200 (CEST) X-Priority: 3 X-Provags-ID: V02:K0:rnO2Ca12sSlqg2F66osy3KHonyyW7/h5YI9KITc8r4s jCodEz3CC7+IO/uDWb/QoxGri4C9DcGH7Dv9Fv6VYwZ9RLvWwK MWx7WzWB6AFMpSfXAVU4iMcjsGpELGXokYpGBuw5nRfiD38rbA PEbUq6TyrgMCaf8gVPH+iflW4CxTVjqVAsZoTcB4P0Ol11eTXZ gXLy5kO8Nl5BqQrzVeB8YYZrEwRD9Qf0Unb+eIHSaI/d6H0gwe K/qCOlkC/4rfH7ZM7u6IT02+YJZta9B3c9QE1TKNvamNR2c3wz us5CDYNJxOp77LgM8gnsJRpfPPqhEffCb3JV/0K2NdKTf1V2EQ bz2HQ1x2Pkniyk+YGDfAEgQ/TT65USJoapR2j/eBLxFHDDaZBC OYpI2iQw+UQ5hC9If02N2RP0b4xm4xHcBGpGPgDRzOCsvRYOdW iArhJ Danke fürs Lesen und Gruß, Crisperz |
Zitat:
Warum kommst du zu so einer Aussage? Wer hat dir gesagt da war eine verdächtige Datei und warum postest du nicht welche Datei da ngeblich gefährlich ist? Zitat:
In so einem Log stehen schon ein paar mehr Infos drin als nur Fund oder kein Fund! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das Log |
Hallo Cosinus , also ich habe (bevor ich von eurem Forum hier Wind bekommen habe :P) Hijackthis drüber laufen lassen, danach auf der Seite hijackthis.de eine Logfileauswertung gemacht und dort wurde eine Datei (weiß leider nicht mehr welche) als schädigend eingestuft. Habe diese daraufhin gelöscht. Den Tipp mit Hijackthis habe ich von einem Bekannten bekommen. Entschuldige, das mit dem CODE-Tag wusste ich nicht. Hier die Logfile von Malwarebytes Anti-Malware: Code: Malwarebytes Anti-Malware (Test) 1.61.0.1400Code: OTL logfile created on: 10.06.2012 13:11:39 - Run 2Code: OTL Extras logfile created on: 10.06.2012 12:59:59 - Run 1 |
Zitat:
- Datei nicht notiert - die Funktion der angeblichen Datei (wohl eher meinst du eine Zeile im Hijackthis-Log) ist dir nicht bekannt - nur weil die automatische Auswertung mit all ihren Fehlern meint da wäre was böse fixt du gleich etwas Bitte mach solche u.ä. Dinge auf KEINEN FALL OHNE Absprache! Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Code: "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"Code: "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt" |
Code: ESETSmartInstaller@High as downloader log: |
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das LogFalls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code: netsvcs
|
Code: OTL logfile created on: 05.07.2012 20:22:03 - Run 4 |
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code: :OTLDas Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! |
Code: All processes killed |
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg |
Code: 22:41:20.0505 4144 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 |
Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
|
Code: ComboFix 12-07-05.04 - *** 05.07.2012 22:56:33.1.4 - x64 |
Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 06:00 Uhr. |
Copyright ©2000-2025, Trojaner-Board