| greenstudent | 26.04.2013 18:03 |
"System Care Antivirus" eingefangen...
Hallo, habe mir auf meinem Laptop den sogenannten "System Care Antivirus" eingefangen, der sich nach dem Hochfahren automatisch startet und vorgibt, dass der Laptop mit allen möglichen Viren infiziert ist und dass man eine Software zur Behebung kaufen soll. Mir ist schon klar, dass das alles nur ein Fake ist und auch das vorgeschlagene Programm, das man im Internet findet (und gegen Entgelt kaufen soll) selbst ein Schädlingsprogramm ist. Aber: wie bekomme ich das ganze wieder vom Laptop?! Diese "System Care Antivirus" hindert mich nämlich daran alle *.exe-dateien auszuführen, also legt er meinen Lapi ziemlich lahm momentan. Habe einen Thread hier gefunden wo ein User anscheinden das selbe Problem hat und ihm ist geraten worden einen OTL-Scan zu machen. Werde die Log-Dateien jetzt dann gleich hier unten posten, was sollte ich ansonsten noch tun?
Lg, greenstudent
hier die datei "extras":OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 26.04.2013 18:58:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Dokumente und Einstellungen\Matthsi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,78% Memory free
3,84 Gb Paging File | 3,77 Gb Available in Paging File | 98,27% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 999,70 Mb Total Space | 980,80 Mb Free Space | 98,11% Space Free | Partition Type: FAT
Drive E: | 29,29 Gb Total Space | 11,13 Gb Free Space | 38,01% Space Free | Partition Type: NTFS
Drive F: | 51,76 Gb Total Space | 2,31 Gb Free Space | 4,46% Space Free | Partition Type: NTFS
Computer Name: ***** | User Name: *****| Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1482476501-1004336348-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1067:TCP" = 1067:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"E:\Programme\ICQ6.5\ICQ.exe" = E:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"E:\Programme\vlc-0.9.8a\vlc.exe" = E:\Programme\vlc-0.9.8a\vlc.exe:*:Enabled:VLC media player -- ()
"E:\Programme\Messenger\msmsgs.exe" = E:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"E:\Programme\Skype\Plugin Manager\skypePM.exe" = E:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc.)
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"E:\Programme\f4.2\F4\f4.exe" = E:\Programme\f4.2\F4\f4.exe:*:Enabled:f4
"E:\Dokumente und Einstellungen\Matthsi\Desktop\f4\F4\f4.exe" = E:\Dokumente und Einstellungen\Matthsi\Desktop\f4\F4\f4.exe:*:Enabled:f4
"E:\Programme\skype recorder\MP3 Skype Recorder.exe" = E:\Programme\skype recorder\MP3 Skype Recorder.exe:*:Enabled:MP3 Skype Recorder
"E:\Programme\Freeciv-2.3.2-gtk2\freeciv-server.exe" = E:\Programme\Freeciv-2.3.2-gtk2\freeciv-server.exe:*:Enabled:freeciv-server
"E:\Programme\Skype\Phone\Skype.exe" = E:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003CD4FD-DB3E-4D12-9A34-8C00FA8A680F}" = WirelessControl
"{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}" = SpyHunter
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{26CA1B07-BC53-4196-B9C2-A11C6F6F3E08}_is1" = EXIF Date Changer v2.52
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6B2715ED-7DBF-4BF1-9009-FE4D66421031}" = Nero 7 Ultra Edition
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{DB457913-028D-460E-BB4C-D9A6369752CA}" = TouchPad HotKey Utility
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hotpot_is1" = HotPotatoes v 6.3.0.4
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"K-Meleon" = K-Meleon 1.5.3 de-DE (nur entfernen)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1482476501-1004336348-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.04.2013 06:24:29 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Gemeinsame Dateien\Symantec
Shared\ccEvtMgr.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Temp\2.tmp (PID 1572)
Time:
Dienstag, 23. April 2013 12:24:29
Error - 23.04.2013 06:24:29 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Gemeinsame Dateien\Symantec
Shared\SPBBC\SPBBCSvc.exe Event Info: Terminate Process Action Taken: Blocked Actor
Process: E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Temp\2.tmp
(PID 1572) Time: Dienstag, 23. April 2013 12:24:29
Error - 23.04.2013 06:24:29 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Gemeinsame Dateien\Symantec
Shared\ccApp.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Temp\2.tmp (PID 1572)
Time:
Dienstag, 23. April 2013 12:24:29
Error - 23.04.2013 06:24:29 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Symantec AntiVirus\VPTray.exe
Event
Info: Terminate Process Action Taken: Blocked Actor Process: E:\Dokumente und
Einstellungen\Matthsi\Lokale Einstellungen\Temp\2.tmp (PID 1572) Time: Dienstag,
23. April 2013 12:24:29
Error - 23.04.2013 06:24:29 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Symantec AntiVirus\DefWatch.exe
Event
Info: Terminate Process Action Taken: Blocked Actor Process: E:\Dokumente und
Einstellungen\Matthsi\Lokale Einstellungen\Temp\2.tmp (PID 1572) Time: Dienstag,
23. April 2013 12:24:29
Error - 23.04.2013 06:24:29 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Symantec AntiVirus\Rtvscan.exe
Event
Info: Terminate Process Action Taken: Blocked Actor Process: E:\Dokumente und
Einstellungen\Matthsi\Lokale Einstellungen\Temp\2.tmp (PID 1572) Time: Dienstag,
23. April 2013 12:24:29
Error - 23.04.2013 06:24:29 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Gemeinsame Dateien\Symantec
Shared\ccSetMgr.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Temp\2.tmp (PID 1572)
Time:
Dienstag, 23. April 2013 12:24:29
Error - 23.04.2013 06:24:29 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Symantec AntiVirus\DefWatch.exe
Event
Info: Terminate Process Action Taken: Blocked Actor Process: E:\Dokumente und
Einstellungen\Matthsi\Lokale Einstellungen\Temp\2.tmp (PID 1572) Time: Dienstag,
23. April 2013 12:24:29
Error - 24.04.2013 11:01:07 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Gemeinsame Dateien\Symantec
Shared\ccSetMgr.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\90FB6AAE63DEE6C4000090FAD9B8EC26\90FB6AAE63DEE6C4000090FAD9B8EC26.exe
(PID 2852) Time: Mittwoch, 24. April 2013 17:01:07
Error - 24.04.2013 11:01:07 | Computer Name = *****| Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: E:\Programme\Gemeinsame Dateien\Symantec
Shared\ccEvtMgr.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\90FB6AAE63DEE6C4000090FAD9B8EC26\90FB6AAE63DEE6C4000090FAD9B8EC26.exe
(PID 2852) Time: Mittwoch, 24. April 2013 17:01:07
[ System Events ]
Error - 24.04.2013 12:33:05 | Computer Name = *****| Source = DCOM | ID = 10010
Description = Der Server "{FFF2D28F-E4EE-44D9-8104-8E71556757F6}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 26.04.2013 12:56:52 | Computer Name = *****| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 26.04.2013 12:56:54 | Computer Name = *****| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 26.04.2013 12:57:13 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 26.04.2013 12:57:13 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 26.04.2013 12:57:13 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 26.04.2013 12:57:13 | Computer Name = *****| Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 26.04.2013 12:57:13 | Computer Name = *****| Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SAVRT SAVRTPEL SPBBCDrv SYMTDI
Tcpip
Error - 26.04.2013 12:57:21 | Computer Name = *****| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 26.04.2013 13:06:09 | Computer Name = *****| Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
--- --- ---
hier die datei "OTL":OTL Logfile: Code:
OTL logfile created on: 26.04.2013 18:58:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Dokumente und Einstellungen\Matthsi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,78% Memory free
3,84 Gb Paging File | 3,77 Gb Available in Paging File | 98,27% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 999,70 Mb Total Space | 980,80 Mb Free Space | 98,11% Space Free | Partition Type: FAT
Drive E: | 29,29 Gb Total Space | 11,13 Gb Free Space | 38,01% Space Free | Partition Type: NTFS
Drive F: | 51,76 Gb Total Space | 2,31 Gb Free Space | 4,46% Space Free | Partition Type: NTFS
Computer Name: *****| User Name: ***** | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - E:\Dokumente und Einstellungen\Matthsi\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (MozillaMaintenance) -- E:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SpyHunter 4 Service) -- E:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (SkypeUpdate) -- E:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- E:\Programme\Virenscanner\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- E:\Programme\Virenscanner\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Macromedia Licensing Service) -- E:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (BrYNSvc) -- E:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (Adobe LM Service) -- E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (SavRoam) -- E:\Programme\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- E:\Programme\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- E:\Programme\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- E:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- E:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- E:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (LiveUpdate) -- E:\Programme\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- E:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ose) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- E:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20130419.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- E:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20130419.003\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMProtector) -- E:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (EraserUtilRebootDrv) -- E:\Programme\Gemeinsame Dateien\Symantec Shared\eengine\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- E:\Programme\Gemeinsame Dateien\Symantec Shared\eengine\eeCtrl.sys (Symantec Corporation)
DRV - (EsgScanner) -- E:\WINDOWS\system32\drivers\EsgScanner.sys ()
DRV - (Uim_IM) -- E:\WINDOWS\system32\drivers\Uim_IM.sys (Paragon)
DRV - (Uim_Vim) -- E:\WINDOWS\system32\drivers\Uim_Vim.sys (Paragon)
DRV - (UimBus) -- E:\WINDOWS\system32\drivers\UimBus.sys (Windows (R) 2000 DDK provider)
DRV - (esgiguard) -- E:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (ZTEusbnet) -- E:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- E:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- E:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- E:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- E:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- E:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (AR5211) -- E:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (yukonwxp) -- E:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (SymEvent) -- E:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- E:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- E:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- E:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- E:\Programme\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SAVRT) -- E:\Programme\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (alcan5wn) -- E:\WINDOWS\system32\drivers\alcan5wn.sys (THOMSON)
DRV - (alcaudsl) -- E:\WINDOWS\system32\drivers\alcaudsl.sys (THOMSON)
DRV - (zntport) -- E:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\..\SearchScopes\{00C7BD46-1080-4FDF-BF80-F2EF27FCAA96}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: software@loadtubes.com:1.01
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.12.0.8
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://at.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: E:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Plugins: E:\Programme\K-Meleon\Plugins [2013.04.10 14:31:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\K-Meleon\Extensions\\Components: E:\Programme\K-Meleon\Components [2012.05.29 18:07:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: E:\Programme\Mozilla Firefox\components [2013.04.16 15:20:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2013.04.16 15:20:23 | 000,000,000 | ---D | M]
[2009.04.08 20:46:09 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Mozilla\Extensions
[2013.04.16 13:03:14 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Mozilla\Firefox\Profiles\5jgtpsd0.default\extensions
[2013.04.16 13:03:14 | 000,000,000 | ---D | M] (Flagfox) -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Mozilla\Firefox\Profiles\5jgtpsd0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.04.11 06:47:46 | 000,000,000 | ---D | M] (WOT) -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Mozilla\Firefox\Profiles\5jgtpsd0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.02.23 17:40:13 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Mozilla\Firefox\Profiles\5jgtpsd0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.11.01 11:57:47 | 000,434,392 | ---- | M] () (No name found) -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Mozilla\Firefox\Profiles\5jgtpsd0.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.04.17 15:18:41 | 000,000,950 | ---- | M] () -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Mozilla\Firefox\Profiles\5jgtpsd0.default\searchplugins\icqplugin-2.xml
[2011.11.11 19:59:15 | 000,001,056 | ---- | M] () -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Mozilla\Firefox\Profiles\5jgtpsd0.default\searchplugins\icqplugin.xml
[2013.04.16 15:20:21 | 000,000,000 | ---D | M] (No name found) -- E:\Programme\Mozilla Firefox\extensions
[2013.04.16 15:20:21 | 000,000,000 | ---D | M] (No name found) -- E:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2013.04.16 15:20:34 | 000,263,064 | ---- | M] (Mozilla Foundation) -- E:\Programme\mozilla firefox\components\browsercomps.dll
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.10 07:21:04 | 000,002,465 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- E:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] E:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsMon00] E:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] E:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] E:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDFPrint] E:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] E:\Programme\SpeedTouch\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [SpyHunter Security Suite] E:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [TouchPadHotKey] E:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe ()
O4 - HKLM..\Run: [vptray] E:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1482476501-1004336348-839522115-1003..\Run: [Akamai NetSession Interface] E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1482476501-1004336348-839522115-1003..\Run: [ccleaner] E:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1482476501-1004336348-839522115-1003..\RunOnce: [90FB6AAE63DEE6C4000090FAD9B8EC26] E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\90FB6AAE63DEE6C4000090FAD9B8EC26\90FB6AAE63DEE6C4000090FAD9B8EC26.exe ()
O4 - Startup: E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = E:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WirelessSelector.lnk = E:\Programme\FSC\Wireless Utility\WirelessSelector.exe (ITE Tech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1482476501-1004336348-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Web-Suche - E:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234986694034 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (E:\WINDOWS\system32\NavLogon.dll) - E:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.23 19:46:42 | 000,000,000 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2c0370e7-32ba-11e0-8da6-00225f45c5da}\Shell - "" = AutoRun
O33 - MountPoints2\{2c0370e7-32ba-11e0-8da6-00225f45c5da}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2c0370e7-32ba-11e0-8da6-00225f45c5da}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.26 18:57:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Matthsi\Desktop\OTL.exe
[2013.04.24 17:01:04 | 000,000,000 | RH-D | C] -- E:\Dokumente und Einstellungen\Matthsi\Recent
[2013.04.23 19:46:13 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Matthsi\Startmenü\Programme\SpyHunter
[2013.04.23 19:46:05 | 000,000,000 | ---D | C] -- E:\sh4ldr
[2013.04.23 19:46:05 | 000,000,000 | ---D | C] -- E:\Programme\Enigma Software Group
[2013.04.23 19:45:37 | 000,000,000 | ---D | C] -- E:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2013.04.23 12:31:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.04.23 12:24:05 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Matthsi\Startmenü\Programme\System Care Antivirus
[2013.04.23 12:18:08 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\90FB6AAE63DEE6C4000090FAD9B8EC26
[2013.04.16 15:20:19 | 000,000,000 | ---D | C] -- E:\Programme\Mozilla Firefox
[2013.03.27 22:16:45 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Matthsi\Desktop\usb stick 2
[2013.03.27 22:12:46 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Matthsi\Desktop\usb stick 1
[2012.10.17 20:24:10 | 000,250,544 | ---- | C] (KeyWorks Software) -- E:\Programme\Gemeinsame Dateien\keyhelp.ocx
[8 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[5 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[1 E:\*.tmp files -> E:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.26 19:00:22 | 000,432,784 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2013.04.26 19:00:21 | 000,448,898 | ---- | M] () -- E:\WINDOWS\System32\perfh007.dat
[2013.04.26 19:00:21 | 000,080,338 | ---- | M] () -- E:\WINDOWS\System32\perfc007.dat
[2013.04.26 19:00:21 | 000,067,740 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2013.04.26 18:56:41 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2013.04.26 18:55:54 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2013.04.24 19:31:13 | 000,000,074 | ---- | M] () -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\mbam.context.scan
[2013.04.24 09:51:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Matthsi\Desktop\OTL.exe
[2013.04.23 19:52:41 | 000,000,283 | ---- | M] () -- E:\Dokumente und Einstellungen\Matthsi\Desktop\Desktop.lnk
[2013.04.23 19:46:42 | 000,000,000 | ---- | M] () -- E:\autoexec.bat
[2013.04.23 12:31:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.04.11 06:33:38 | 000,142,032 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.10 14:30:10 | 000,001,720 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[8 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[5 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[1 E:\*.tmp files -> E:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.24 19:31:13 | 000,000,074 | ---- | C] () -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\mbam.context.scan
[2013.04.23 19:46:42 | 000,000,000 | ---- | C] () -- E:\autoexec.bat
[2013.04.10 14:30:10 | 000,002,347 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.04.10 14:30:10 | 000,001,720 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.03.20 20:36:20 | 176,106,533 | ---- | C] () -- E:\Dokumente und Einstellungen\Matthsi\Arte+7-Verschollene_Filmschätze-A7_SGT_ENC_04_036610-006-A_PG_HQ_DE.flv
[2013.03.20 20:15:00 | 436,210,227 | ---- | C] () -- E:\Dokumente und Einstellungen\Matthsi\Arte+7-Irak_2003_-_Die_Kehrseite_des_Krieges__2-2_-A7_SGT_ENC_04_042758-000-A_PG_HQ_DE.flv
[2013.03.20 19:28:19 | 451,608,145 | ---- | C] () -- E:\Dokumente und Einstellungen\Matthsi\Arte+7-Irak_2003_-_Die_Kehrseite_des_Krieges__1-2_-A7_SGT_ENC_04_042757-000-A_PG_HQ_DE.flv
[2013.02.08 21:22:39 | 000,000,114 | ---- | C] () -- E:\WINDOWS\System32\BRLMW03A.INI
[2013.02.08 21:22:39 | 000,000,050 | ---- | C] () -- E:\WINDOWS\System32\BRADM10A.DAT
[2013.02.08 21:22:38 | 000,045,056 | ---- | C] () -- E:\WINDOWS\System32\BRTCPCON.DLL
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- E:\WINDOWS\System32\ESGScanner.sys
[2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- E:\WINDOWS\System32\drivers\EsgScanner.sys
[2012.05.23 14:38:57 | 000,007,662 | ---- | C] () -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\.freeciv-client-rc-2.3
[2012.05.11 00:07:23 | 000,000,127 | ---- | C] () -- E:\WINDOWS\System32\MRT.INI
[2012.02.15 10:18:15 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll
[2011.10.13 10:37:23 | 000,000,030 | ---- | C] () -- E:\Programme\Exiferupdate.ini
[2011.04.23 14:28:09 | 000,048,960 | R--- | C] () -- E:\Dokumente und Einstellungen\Matthsi\balticti.ttf
[2011.04.23 14:28:09 | 000,038,556 | R--- | C] () -- E:\Dokumente und Einstellungen\Matthsi\balticsa.ttf
[2009.09.15 12:01:10 | 000,002,186 | ---- | C] () -- E:\Dokumente und Einstellungen\Matthsi\.recently-used.xbel
[2009.03.06 09:46:45 | 000,065,024 | ---- | C] () -- E:\Dokumente und Einstellungen\Matthsi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2010.09.18 16:32:54 | 000,000,227 | RHS- | M] () -- E:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 03:00:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = E:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = E:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.04.24 19:32:56 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\90FB6AAE63DEE6C4000090FAD9B8EC26
[2012.07.10 14:09:38 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\backup
[2012.07.10 14:09:14 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher
[2011.07.08 18:35:26 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012.07.10 14:09:12 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher
[2011.02.07 15:01:00 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2011.02.07 15:01:30 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone
[2012.05.23 14:42:08 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\.freeciv
[2010.09.18 16:36:06 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Academic Software Zurich
[2009.07.05 01:07:28 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Cities3D
[2012.05.11 07:32:37 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Cuunuv
[2011.10.13 14:35:21 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\EXIF Date Changer
[2012.05.26 13:01:09 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\FreePDF
[2009.09.15 12:01:10 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\gtk-2.0
[2009.02.20 22:45:30 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\JAM Software
[2012.04.25 18:56:22 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\K-Meleon
[2012.04.20 14:22:07 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\MP3SkypeRecorder
[2009.02.20 22:48:59 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\OpenOffice.org
[2009.07.17 20:38:19 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\temp
[2010.03.25 21:02:09 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Vensim
[2011.02.07 15:01:48 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Vodafone
[2010.04.30 17:28:07 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Xilisoft
[2012.05.03 09:34:09 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Xulou
[2010.12.12 22:14:03 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Matthsi\Anwendungsdaten\Youtube Downloader HD
========== Purity Check ==========
< End of report >
--- --- --- |
Bitte lesen:
AdwCleaner auf deinen Desktop.
