| |
| |||||||
Log-Analyse und Auswertung: Trojaner nach BKA-MeldungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.03.2012, 13:46
| #1 |
 |  Trojaner nach BKA-Meldung Hallo. Nachdem sich eine BKA-Mitteilung auf meinem PC geöffnet hatte (die ich nur wegbekam, indem ich den Rechner zum Herunterfahren zwang), meldete AntiVir einen Trojaner. Ich habe versucht, im Internet zu recherchieren, aber regelmäßig erscheint die BKA-Meldung wieder und ich muss den Rechner herunterfahren. Deswegen wende ich mich verzweifelt an euch. Ich bin entsetzlich ahnungslos, was Computertechnologie angeht. Akribisch genau habe ich die Anweisungen des Forums befolgt und die Log-Dateien erstellt. (Wann darf ich denn das re-enable in diesem defogger betätigen?) Ich bitte euch dringend um Hilfe!!! Vielen Dank! Fran P.S: Die DDS-File habe ich wie gefordert hier rein kopiert. Im Anhang befindet sie sich nochmal nebst den anderen beiden Logfiles. DDS-Text: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24 Run by Claudia at 11:51:54 on 2012-03-09 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.49.1031.18.1900.798 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe C:\Windows\Explorer.EXE C:\Program Files\asus\Wireless Console 3\wcourier.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Java\jre6\bin\javaw.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Nero\Update\NASvc.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Ask.com\Updater\Updater.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskeng.exe C:\Users\Claudia\Desktop\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank mStart Page = about:blank uURLSearchHooks: H - No File BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.5.3\PriceGongIE.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - c:\program files\dealply\DealPlyIE.dll BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: {B106B661-3E1B-4015-AF5C-195E909F35C6} - No File uRun: [LicenseValidator] c:\users\claudia\appdata\roaming\identities\{8e802f35-4ba7-46ff-beca-9b273d732d5f}\LicenseValidator.exe mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\users\claudia\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Free YouTube Download - c:\users\claudia\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\14C4943454D275C414E42313 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\64259445A51224F6870264F6E60275C414E40273131333 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\7596C646562702F4374756E6 : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}\75C414E4D2030313 : DhcpNameServer = 192.168.2.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - SweetIM Search FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q= FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}\components\PriceGongFF.dll FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}\components\RadioWMPCore.dll FF - component: c:\users\claudia\appdata\roaming\mozilla\firefox\profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}\components\RadioWMPCoreGecko19.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Babylon Spelling and Proofreading: adapter@babylontc.com - c:\program files\mozilla firefox\extensions\adapter@babylontc.com FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\mozilla firefox\extensions\ocr@babylon.com FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: NCH DE Community Toolbar: {b106b661-3e1b-4015-af5c-195e909f35c6} - %profile%\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - %profile%\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\claudia\appdata\roaming\NetAssistant . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-9 36000] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-9 86224] R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-9 110032] R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-3-9 463824] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-9 74640] R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-3-29 598312] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2011-11-18 1510720] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-11-8 10064] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-03-09 10:46:15 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{024ce031-fa56-4dbd-ba7a-d9dd8e5c9b19}\offreg.dll 2012-03-09 10:39:51 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{024ce031-fa56-4dbd-ba7a-d9dd8e5c9b19}\mpengine.dll 2012-03-09 10:37:22 -------- d-----w- c:\program files\Ask.com 2012-03-09 10:36:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-03-09 10:36:57 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-03-07 19:00:50 -------- d-----w- c:\users\claudia\appdata\roaming\Avira 2012-03-07 19:00:03 -------- d-----w- c:\programdata\Avira 2012-03-07 19:00:03 -------- d-----w- c:\program files\Avira 2012-03-03 16:34:48 -------- d-----w- c:\users\claudia\.thumb 2012-03-02 09:06:56 -------- d-----w- c:\users\claudia\appdata\roaming\TeamViewer 2012-02-16 02:31:23 -------- d-----w- c:\windows\system32\wbem\en-US 2012-02-16 02:09:59 222720 ----a-w- c:\program files\internet explorer\ielowutil.exe 2012-02-15 05:46:27 478208 ----a-w- c:\windows\system32\timedate.cpl 2012-02-15 05:46:21 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-15 05:46:16 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 05:45:57 2340864 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-16 02:10:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-02-16 02:10:04 161792 ----a-w- c:\windows\system32\msls31.dll 2012-02-16 02:10:03 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-16 02:10:02 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-02-16 02:10:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-02-16 02:10:02 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-02-16 02:10:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-02-16 02:10:01 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-02-16 02:10:00 367104 ----a-w- c:\windows\system32\html.iec 2012-02-16 02:09:57 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-02-16 02:09:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-16 02:09:56 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-02-16 02:09:56 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-02-16 02:09:56 152064 ----a-w- c:\windows\system32\wextract.exe 2012-02-16 02:09:56 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-02-16 02:09:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-16 02:09:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-02-16 02:09:54 11776 ----a-w- c:\windows\system32\mshta.exe 2012-02-16 02:09:54 101888 ----a-w- c:\windows\system32\admparse.dll 2012-02-16 02:09:53 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-02-16 02:09:53 1798656 ----a-w- c:\windows\system32\jscript9.dll 2006-05-03 11:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 12:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 14:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll 2010-01-06 23:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . ============= FINISH: 11:53:23,57 =============== |
|
09.03.2012, 15:27
| #2 |
| /// Malware-holic   | Trojaner nach BKA-Meldung hi,
__________________1. öffne avira, ereignisse, fundmeldung (en) posten. 2. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
09.03.2012, 16:22
| #3 |
| | Trojaner nach BKA-Meldung Hallo Markus,
__________________danke für deine schnellen Bemühungen. Habe avira nochmal scannen lassen, diesmal zeigte es eigenartigerweise keinen Fund an. Vielleicht, weil es den TR in Quarantäne verschoben hatte? Naja, das weißt du vermutlich ohnehin besser als ich. Kopiere dir den Report vom avira-Scan trotzdem mit rein, danach dann OTL und Extras. Hoffe, du findest was. Mein PC ist inzwischen auch ganz schön langsam, hat sich 1x aufgehangen. Avira-Report: Avira Free Antivirus Report file date: Freitag, 9. März 2012 15:38 Scanning for 3537865 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Windows version : (plain) [6.1.7600] Boot mode : Normally booted Username : Claudia Computer name : CLAUDIA-PC Version information: BUILD.DAT : 12.0.0.849 41825 Bytes 23.09.2011 20:19:00 AVSCAN.EXE : 12.1.0.17 490448 Bytes 23.09.2011 17:04:46 AVSCAN.DLL : 12.1.0.17 54224 Bytes 23.09.2011 12:34:56 LUKE.DLL : 12.1.0.17 68304 Bytes 23.09.2011 11:55:16 AVSCPLR.DLL : 12.1.0.22 100048 Bytes 09.03.2012 10:39:36 AVREG.DLL : 12.1.0.29 228048 Bytes 09.03.2012 10:39:35 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 10:38:58 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 10:39:11 VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 10:39:11 VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 10:39:11 VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 10:39:11 VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 10:39:11 VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 10:39:11 VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 10:39:11 VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 10:39:12 VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 10:39:12 VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 10:39:12 VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 10:39:15 VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 10:39:17 VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 10:39:17 VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 10:39:17 VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 10:39:18 VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 10:39:18 VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 10:39:19 VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 10:39:19 VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 10:39:20 VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 10:39:20 VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 10:39:21 VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 10:39:22 VBASE025.VDF : 7.11.24.205 2048 Bytes 07.03.2012 10:39:22 VBASE026.VDF : 7.11.24.206 2048 Bytes 07.03.2012 10:39:22 VBASE027.VDF : 7.11.24.207 2048 Bytes 07.03.2012 10:39:22 VBASE028.VDF : 7.11.24.208 2048 Bytes 07.03.2012 10:39:22 VBASE029.VDF : 7.11.24.209 2048 Bytes 07.03.2012 10:39:24 VBASE030.VDF : 7.11.24.210 2048 Bytes 07.03.2012 10:39:24 VBASE031.VDF : 7.11.24.248 124416 Bytes 09.03.2012 10:39:24 Engineversion : 8.2.10.14 AEVDF.DLL : 8.1.2.2 106868 Bytes 09.03.2012 10:39:34 AESCRIPT.DLL : 8.1.4.8 455034 Bytes 09.03.2012 10:39:34 AESCN.DLL : 8.1.8.2 131444 Bytes 09.03.2012 10:39:33 AESBX.DLL : 8.2.4.5 434549 Bytes 09.03.2012 10:39:35 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06 AEPACK.DLL : 8.2.16.5 803190 Bytes 09.03.2012 10:39:33 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 09.03.2012 10:39:31 AEHEUR.DLL : 8.1.4.3 4444534 Bytes 09.03.2012 10:39:31 AEHELP.DLL : 8.1.19.0 254327 Bytes 09.03.2012 10:39:26 AEGEN.DLL : 8.1.5.23 409973 Bytes 09.03.2012 10:39:25 AEEXP.DLL : 8.1.0.24 74101 Bytes 09.03.2012 10:39:35 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01 AECORE.DLL : 8.1.25.5 201079 Bytes 09.03.2012 10:39:25 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 23.09.2011 11:13:18 AVPREF.DLL : 12.1.0.17 51920 Bytes 23.09.2011 10:53:57 AVREP.DLL : 12.1.0.17 179408 Bytes 23.09.2011 10:55:01 AVARKT.DLL : 12.1.0.17 223184 Bytes 23.09.2011 10:25:26 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 23.09.2011 10:34:37 SQLITE3.DLL : 3.7.0.0 398288 Bytes 16.09.2011 01:05:58 AVSMTP.DLL : 12.1.0.17 62928 Bytes 23.09.2011 11:03:47 NETNT.DLL : 12.1.0.17 17104 Bytes 23.09.2011 11:58:06 RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 23.09.2011 12:37:25 RCTEXT.DLL : 12.1.0.16 96208 Bytes 23.09.2011 12:37:24 Configuration settings for the scan: Jobname.............................: Short system scan after installation Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat Logging.............................: default Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: Intelligent file selection Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: extended Start of the scan: Freitag, 9. März 2012 15:38 Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avconfig.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'conhost.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned Scan process 'setup.exe' - '1' Module(s) have been scanned Scan process 'presetup.exe' - '1' Module(s) have been scanned Scan process 'avira_free_antivirus_en.exe' - '1' Module(s) have been scanned Scan process 'thunderbird.exe' - '1' Module(s) have been scanned Scan process 'conhost.exe' - '1' Module(s) have been scanned Scan process 'Defogger.exe' - '1' Module(s) have been scanned Scan process 'plugin-container.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned Scan process 'Updater.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sppsvc.exe' - '1' Module(s) have been scanned Scan process 'NASvc.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'wmplayer.exe' - '1' Module(s) have been scanned Scan process 'javaw.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'Babylon.exe' - '1' Module(s) have been scanned Scan process 'SweetIM.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'igfxtray.exe' - '1' Module(s) have been scanned Scan process 'wcourier.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'TuneUpUtilitiesApp32.exe' - '1' Module(s) have been scanned Scan process 'taskhost.exe' - '1' Module(s) have been scanned Scan process 'Dwm.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned Scan process 'TuneUpUtilitiesService32.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting to scan executable files (registry). The registry was scanned ( '523' files ). End of the scan: Freitag, 9. März 2012 15:40 Used time: 01:28 Minute(s) The scan has been done completely. 0 Scanned directories 1242 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 1242 Files not concerned 13 Archives were scanned 0 Warnings 0 Notes OTL-txt.:OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.03.2012 16:01:47 - Run 1 OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Claudia\Desktop Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,86 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 55,93% Memory free 3,71 Gb Paging File | 2,62 Gb Available in Paging File | 70,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,91 Gb Total Space | 70,85 Gb Free Space | 30,82% Space Free | Partition Type: NTFS Drive D: | 68,18 Gb Total Space | 15,92 Gb Free Space | 23,36% Space Free | Partition Type: NTFS Drive E: | 7,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.09 15:59:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe PRC - [2012.01.04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.11.18 14:13:54 | 001,510,720 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2011.11.18 14:13:46 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.09.16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.08.25 14:06:04 | 003,346,544 | ---- | M] (Babylon Ltd.) -- C:\Programme\Babylon\Babylon-Pro\Babylon.exe PRC - [2011.08.01 13:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe PRC - [2011.07.16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.08.11 19:46:34 | 001,597,440 | ---- | M] () -- C:\Programme\asus\Wireless Console 3\wcourier.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe ========== Modules (No Company Name) ========== MOD - [2010.08.11 19:46:34 | 001,597,440 | ---- | M] () -- C:\Programme\asus\Wireless Console 3\wcourier.exe MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.11.18 14:13:54 | 001,510,720 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.09.23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.09.23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.09.23 12:08:37 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.03.29 14:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- -- (pxliafog) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mbr) DRV - [2011.11.08 21:25:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.09.18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.09.15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.09.15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2007.07.31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 4C A1 72 5B 9C CC 01 [binary data] IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{945BA5EF-4688-49A0-9499-452A8DC3725F}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "SweetIM Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b106b661-3e1b-4015-af5c-195e909f35c6}:3.5.0.12 FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0 FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.5.3 FF - prefs.js..extensions.enabledItems: {1266764D-FC4F-4FA7-B63B-884D53B1680F}:3.6.5 FF - prefs.js..extensions.enabledItems: adapter@babylontc.com:1.0.0.1 FF - prefs.js..extensions.enabledItems: ocr@babylon.com:1.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://g.live.com/1rewlive4startup/home" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.19 10:13:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 10:13:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.17 12:33:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Claudia\AppData\Roaming\NetAssistant\ [2011.10.09 09:36:03 | 000,000,000 | ---D | M] [2011.01.14 15:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions [2011.01.14 15:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.03.09 15:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions [2011.10.09 09:35:36 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2011.02.18 09:23:14 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.06.22 17:00:54 | 000,000,000 | ---D | M] (NCH DE Community Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6} [2011.05.30 16:46:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.10.09 09:21:48 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2011.10.09 09:21:30 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2012.03.09 11:42:56 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\toolbar@ask.com [2011.01.06 22:03:51 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\di1k0jef.default\extensions\youtube2mp3@mondayx.de [2011.04.18 22:40:45 | 000,001,832 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\searchplugins\bing.xml [2011.10.09 09:21:19 | 000,003,915 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\searchplugins\sweetim.xml [2011.11.14 16:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.16 00:13:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.11.14 16:46:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com [2011.10.31 01:49:47 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2011.11.14 16:46:39 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Programme\Mozilla Firefox\extensions\ocr@babylon.com [2011.03.16 00:13:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.11.14 16:46:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM [2011.11.14 16:46:39 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\OCR@BABYLON.COM [2011.10.09 09:36:03 | 000,000,000 | ---D | M] (Freeze.com NetAssistant) -- C:\USERS\CLAUDIA\APPDATA\ROAMING\NETASSISTANT [2011.03.16 00:12:46 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.24 07:21:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.24 07:21:23 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.24 07:21:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.24 07:21:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.24 07:21:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.3\PriceGongIE.dll (PriceGong) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B106B661-3E1B-4015-AF5C-195E909F35C6} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Wireless Console 3] C:\Programme\asus\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [LicenseValidator] C:\Users\Claudia\AppData\Roaming\Identities\{8E802F35-4BA7-46FF-BECA-9B273D732D5F}\LicenseValidator.exe File not found O4 - Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EA25103-661B-461F-9C6E-9B3765699E99}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.09 16:00:18 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe [2012.03.09 15:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.03.09 13:31:22 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Desktop\Logfiles [2012.03.09 13:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.03.09 13:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.03.09 11:51:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Claudia\Desktop\dds.com [2012.03.09 11:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.03.09 11:36:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.03.09 11:36:57 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.03.09 11:36:57 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.03.09 11:36:57 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.03.07 20:00:50 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Avira [2012.03.07 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.03.07 20:00:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.03.07 19:31:39 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Opera [2012.03.03 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\Claudia\.thumb [2012.03.02 10:11:03 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\Help [2012.03.02 10:06:56 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Roaming\TeamViewer [2011.05.20 08:31:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Claudia\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012.03.09 15:59:43 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Claudia\Desktop\OTL.exe [2012.03.09 15:36:54 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.09 15:36:11 | 000,012,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.09 15:36:10 | 000,012,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.09 11:58:43 | 000,302,592 | ---- | M] () -- C:\Users\Claudia\Desktop\coicerpu.exe [2012.03.09 11:51:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Claudia\Desktop\dds.com [2012.03.09 11:49:42 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable [2012.03.09 11:47:51 | 000,050,477 | ---- | M] () -- C:\Users\Claudia\Desktop\Defogger.exe [2012.03.09 11:34:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.09 11:33:54 | 1494,515,712 | -HS- | M] () -- C:\hiberfil.sys [2012.03.08 07:30:45 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.08 07:30:45 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.08 07:30:45 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.08 07:30:45 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.18 12:41:34 | 000,060,929 | ---- | M] () -- C:\Users\Claudia\Documents\fine.odt [2012.02.16 03:33:41 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.16 03:09:57 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf ========== Files Created - No Company Name ========== [2012.03.09 11:58:56 | 000,302,592 | ---- | C] () -- C:\Users\Claudia\Desktop\coicerpu.exe [2012.03.09 11:49:42 | 000,000,000 | ---- | C] () -- C:\Users\Claudia\defogger_reenable [2012.03.09 11:48:46 | 000,050,477 | ---- | C] () -- C:\Users\Claudia\Desktop\Defogger.exe [2012.03.09 11:37:54 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.02.18 12:15:40 | 000,060,929 | ---- | C] () -- C:\Users\Claudia\Documents\fine.odt [2012.02.16 03:09:57 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2011.11.14 16:44:21 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011.10.31 01:50:53 | 000,017,408 | ---- | C] () -- C:\Users\Claudia\AppData\Local\WebpageIcons.db [2011.09.11 21:39:36 | 000,005,632 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.04 09:48:28 | 000,000,275 | ---- | C] () -- C:\Users\Claudia\AppData\Local\HamsterVideoConverterSettings.cfg [2011.05.20 08:40:50 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.05.20 08:31:06 | 000,087,608 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\inst.exe [2011.05.20 08:31:06 | 000,007,887 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.cat [2011.05.20 08:31:06 | 000,001,144 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\pcouffin.inf [2011.04.19 21:50:39 | 000,000,079 | ---- | C] () -- C:\Users\Claudia\AppData\Roaming\vso_ts_preview.xml [2011.01.28 11:18:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.01.13 23:17:34 | 000,000,033 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini [2010.08.25 19:30:02 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2010.08.25 19:30:00 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2010.08.25 19:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2010.08.25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll ========== LOP Check ========== [2012.01.06 07:21:03 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Amazon [2011.12.16 23:35:44 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Babylon [2011.10.28 06:09:29 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Digiarty [2011.08.16 19:57:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoft [2011.02.18 09:23:13 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.23 08:14:23 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\GHISLER [2011.01.06 21:54:01 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Local [2011.10.09 09:36:03 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\NetAssistant [2011.11.14 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenCandy [2011.01.06 21:59:53 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org [2012.03.07 19:31:39 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Opera [2012.03.02 10:06:56 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TeamViewer [2011.01.14 15:05:12 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird [2011.11.22 22:07:09 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TuneUp Software [2011.05.20 08:31:06 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Vso [2011.08.16 19:48:04 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Xilisoft [2011.04.16 23:05:21 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\XMedia Recode [2009.07.14 05:53:46 | 000,029,860 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.04.16 23:45:52 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.11.29 07:39:13 | 000,000,000 | -HSD | M] -- C:\Boot [2011.01.06 21:31:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.06.25 08:35:02 | 000,000,000 | ---D | M] -- C:\HP [2011.04.26 08:12:39 | 000,000,000 | ---D | M] -- C:\Intel [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.09 13:29:53 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.07 23:49:30 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.01.06 21:31:13 | 000,000,000 | -HSD | M] -- C:\Programme [2011.01.06 21:31:13 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.03.09 16:03:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.11.21 20:41:34 | 000,000,000 | ---D | M] -- C:\Temp [2011.01.06 21:31:21 | 000,000,000 | R--D | M] -- C:\Users [2012.03.09 11:33:54 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.03.09 11:49:42 | 000,000,000 | ---- | M] () -- C:\Users\Claudia\defogger_reenable [2012.03.09 16:14:15 | 003,145,728 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat [2012.03.09 16:14:15 | 000,262,144 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat.LOG1 [2011.01.06 21:31:22 | 000,000,000 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat.LOG2 [2012.03.07 23:50:38 | 000,065,536 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{19b72e9e-68a7-11e1-97d7-b5b926bb88f7}.TM.blf [2012.03.07 23:50:38 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{19b72e9e-68a7-11e1-97d7-b5b926bb88f7}.TMContainer00000000000000000001.regtrans-ms [2012.03.07 23:50:38 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{19b72e9e-68a7-11e1-97d7-b5b926bb88f7}.TMContainer00000000000000000002.regtrans-ms [2011.01.05 22:22:54 | 000,065,536 | -HS- | M] () -- C:\Users\Claudia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2011.01.05 22:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2011.01.05 22:22:54 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.03.09 15:55:47 | 000,065,536 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{aad492bc-69d2-11e1-af7e-e8d4d8e9b1f7}.TM.blf [2012.03.09 15:55:47 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{aad492bc-69d2-11e1-af7e-e8d4d8e9b1f7}.TMContainer00000000000000000001.regtrans-ms [2012.03.09 15:55:47 | 000,524,288 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat{aad492bc-69d2-11e1-af7e-e8d4d8e9b1f7}.TMContainer00000000000000000002.regtrans-ms [2011.01.06 21:31:22 | 000,000,020 | -HS- | M] () -- C:\Users\Claudia\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.03.2012 16:01:47 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Claudia\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,86 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 55,93% Memory free
3,71 Gb Paging File | 2,62 Gb Available in Paging File | 70,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,91 Gb Total Space | 70,85 Gb Free Space | 30,82% Space Free | Partition Type: NTFS
Drive D: | 68,18 Gb Total Space | 15,92 Gb Free Space | 23,36% Space Free | Partition Type: NTFS
Drive E: | 7,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: CLAUDIA-PC | User Name: Claudia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Convertor
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7E7EC5E-4349-4E40-B37C-4342188B86EC}" = Monopoly
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"Babylon" = Babylon
"DealPly" = DealPly
"druckstdu.de Designer 1.6.1_is1" = druckstdu.de Designer 1.6.1
"DVDStyler_is1" = DVDStyler v2.0.1
"Free YouTube Download_is1" = Free YouTube Download version 3.0.815
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"PriceGong" = PriceGong 2.5.3
"Trusted Software Assistant_is1" = File Type Assistant
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.10.3
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"NetAssistant 3.6.5" = NetAssistant for Firefox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.02.2012 04:32:36 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
Error - 23.02.2012 07:09:09 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
Error - 27.02.2012 09:40:16 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
Error - 02.03.2012 08:39:41 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.4429,
Zeitstempel: 0x4f3ce50d Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49caf Ausnahmecode: 0xc0000008 Fehleroffset: 0x0007f3d7 ID des fehlerhaften
Prozesses: 0x82c Startzeit der fehlerhaften Anwendung: 0x01ccf55580436368 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: c760829b-6464-11e1-8412-a04d2711c6e6
Error - 02.03.2012 08:40:03 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.4429,
Zeitstempel: 0x4f3ce4d4 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
Zeitstempel: 0x4ec49caf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046850 ID des fehlerhaften
Prozesses: 0xb68 Startzeit der fehlerhaften Anwendung: 0x01ccf555b026793c Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: d473425c-6464-11e1-8412-a04d2711c6e6
Error - 02.03.2012 14:08:33 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
Error - 03.03.2012 07:34:47 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DVDStyler.exe, Version: 0.0.0.0,
Zeitstempel: 0x4ec2d984 Name des fehlerhaften Moduls: DVDStyler.exe, Version: 0.0.0.0,
Zeitstempel: 0x4ec2d984 Ausnahmecode: 0xc0000094 Fehleroffset: 0x00080a13 ID des fehlerhaften
Prozesses: 0x22e0 Startzeit der fehlerhaften Anwendung: 0x01ccf931a0cf75a3 Pfad der
fehlerhaften Anwendung: C:\Program Files\DVDStyler\bin\DVDStyler.exe Pfad des fehlerhaften
Moduls: C:\Program Files\DVDStyler\bin\DVDStyler.exe Berichtskennung: e1186fb5-6524-11e1-ac6d-814f569fc9e3
Error - 03.03.2012 07:34:55 | Computer Name = Claudia-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DVDStyler.exe, Version: 0.0.0.0,
Zeitstempel: 0x4ec2d984 Name des fehlerhaften Moduls: DVDStyler.exe, Version: 0.0.0.0,
Zeitstempel: 0x4ec2d984 Ausnahmecode: 0xc0000094 Fehleroffset: 0x00080a13 ID des fehlerhaften
Prozesses: 0x2178 Startzeit der fehlerhaften Anwendung: 0x01ccf931a7959147 Pfad der
fehlerhaften Anwendung: C:\Program Files\DVDStyler\bin\DVDStyler.exe Pfad des fehlerhaften
Moduls: C:\Program Files\DVDStyler\bin\DVDStyler.exe Berichtskennung: e56fcc2b-6524-11e1-ac6d-814f569fc9e3
Error - 04.03.2012 12:34:38 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
Error - 07.03.2012 14:40:00 | Computer Name = Claudia-PC | Source = BackItUp5 | ID = 5225
Description =
[ System Events ]
Error - 09.03.2012 06:30:48 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.03.2012 06:30:48 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.03.2012 06:30:49 | Computer Name = Claudia-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 09.03.2012 06:31:25 | Computer Name = Claudia-PC | Source = DCOM | ID = 10005
Description =
Error - 09.03.2012 10:55:59 | Computer Name = Claudia-PC | Source = DCOM | ID = 10010
Description =
< End of report >
Bis dann! |
|
09.03.2012, 16:23
| #4 |
| /// Malware-holic | Trojaner nach BKA-Meldung ich brauch schon die fundmeldung, entweder avira, berichte, falls beim scan, oder avira, ereignisse, falls vom hintergrund wächter :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.03.2012, 16:27
| #5 |
| | Trojaner nach BKA-Meldung Es hat heute vormittag gedudelt und avira zeigte den Fund. Ich musste ja den PC runterfahren und danach zeigte es ihn nicht nochmal. wie find ich denn den bericht von heute vormittag? |
|
09.03.2012, 16:29
| #6 |
| | Trojaner nach BKA-Meldung Ach, hab ihn. Hier der Report von heut mittag: Avira Free Antivirus Report file date: Freitag, 9. März 2012 12:02 Scanning for 3537865 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - Free Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 Windows version : (plain) [6.1.7600] Boot mode : Normally booted Username : SYSTEM Computer name : CLAUDIA-PC Version information: BUILD.DAT : 12.0.0.849 41825 Bytes 23.09.2011 20:19:00 AVSCAN.EXE : 12.1.0.17 490448 Bytes 23.09.2011 17:04:46 AVSCAN.DLL : 12.1.0.17 54224 Bytes 23.09.2011 12:34:56 LUKE.DLL : 12.1.0.17 68304 Bytes 23.09.2011 11:55:16 AVSCPLR.DLL : 12.1.0.22 100048 Bytes 09.03.2012 10:39:36 AVREG.DLL : 12.1.0.29 228048 Bytes 09.03.2012 10:39:35 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 10:38:58 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 10:39:11 VBASE004.VDF : 7.11.21.239 2048 Bytes 01.02.2012 10:39:11 VBASE005.VDF : 7.11.21.240 2048 Bytes 01.02.2012 10:39:11 VBASE006.VDF : 7.11.21.241 2048 Bytes 01.02.2012 10:39:11 VBASE007.VDF : 7.11.21.242 2048 Bytes 01.02.2012 10:39:11 VBASE008.VDF : 7.11.21.243 2048 Bytes 01.02.2012 10:39:11 VBASE009.VDF : 7.11.21.244 2048 Bytes 01.02.2012 10:39:11 VBASE010.VDF : 7.11.21.245 2048 Bytes 01.02.2012 10:39:12 VBASE011.VDF : 7.11.21.246 2048 Bytes 01.02.2012 10:39:12 VBASE012.VDF : 7.11.21.247 2048 Bytes 01.02.2012 10:39:12 VBASE013.VDF : 7.11.22.33 1486848 Bytes 03.02.2012 10:39:15 VBASE014.VDF : 7.11.22.56 687616 Bytes 03.02.2012 10:39:17 VBASE015.VDF : 7.11.22.92 178176 Bytes 06.02.2012 10:39:17 VBASE016.VDF : 7.11.22.154 144896 Bytes 08.02.2012 10:39:17 VBASE017.VDF : 7.11.22.220 183296 Bytes 13.02.2012 10:39:18 VBASE018.VDF : 7.11.23.34 202752 Bytes 15.02.2012 10:39:18 VBASE019.VDF : 7.11.23.98 126464 Bytes 17.02.2012 10:39:19 VBASE020.VDF : 7.11.23.150 148480 Bytes 20.02.2012 10:39:19 VBASE021.VDF : 7.11.23.224 172544 Bytes 23.02.2012 10:39:20 VBASE022.VDF : 7.11.24.52 219648 Bytes 28.02.2012 10:39:20 VBASE023.VDF : 7.11.24.152 165888 Bytes 05.03.2012 10:39:21 VBASE024.VDF : 7.11.24.204 177664 Bytes 07.03.2012 10:39:22 VBASE025.VDF : 7.11.24.205 2048 Bytes 07.03.2012 10:39:22 VBASE026.VDF : 7.11.24.206 2048 Bytes 07.03.2012 10:39:22 VBASE027.VDF : 7.11.24.207 2048 Bytes 07.03.2012 10:39:22 VBASE028.VDF : 7.11.24.208 2048 Bytes 07.03.2012 10:39:22 VBASE029.VDF : 7.11.24.209 2048 Bytes 07.03.2012 10:39:24 VBASE030.VDF : 7.11.24.210 2048 Bytes 07.03.2012 10:39:24 VBASE031.VDF : 7.11.24.248 124416 Bytes 09.03.2012 10:39:24 Engineversion : 8.2.10.14 AEVDF.DLL : 8.1.2.2 106868 Bytes 09.03.2012 10:39:34 AESCRIPT.DLL : 8.1.4.8 455034 Bytes 09.03.2012 10:39:34 AESCN.DLL : 8.1.8.2 131444 Bytes 09.03.2012 10:39:33 AESBX.DLL : 8.2.4.5 434549 Bytes 09.03.2012 10:39:35 AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 22:16:06 AEPACK.DLL : 8.2.16.5 803190 Bytes 09.03.2012 10:39:33 AEOFFICE.DLL : 8.1.2.25 201084 Bytes 09.03.2012 10:39:31 AEHEUR.DLL : 8.1.4.3 4444534 Bytes 09.03.2012 10:39:31 AEHELP.DLL : 8.1.19.0 254327 Bytes 09.03.2012 10:39:26 AEGEN.DLL : 8.1.5.23 409973 Bytes 09.03.2012 10:39:25 AEEXP.DLL : 8.1.0.24 74101 Bytes 09.03.2012 10:39:35 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 22:46:01 AECORE.DLL : 8.1.25.5 201079 Bytes 09.03.2012 10:39:25 AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 22:46:01 AVWINLL.DLL : 12.1.0.17 27344 Bytes 23.09.2011 11:13:18 AVPREF.DLL : 12.1.0.17 51920 Bytes 23.09.2011 10:53:57 AVREP.DLL : 12.1.0.17 179408 Bytes 23.09.2011 10:55:01 AVARKT.DLL : 12.1.0.17 223184 Bytes 23.09.2011 10:25:26 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 23.09.2011 10:34:37 SQLITE3.DLL : 3.7.0.0 398288 Bytes 16.09.2011 01:05:58 AVSMTP.DLL : 12.1.0.17 62928 Bytes 23.09.2011 11:03:47 NETNT.DLL : 12.1.0.17 17104 Bytes 23.09.2011 11:58:06 RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 23.09.2011 12:37:25 RCTEXT.DLL : 12.1.0.16 96208 Bytes 23.09.2011 12:37:24 Configuration settings for the scan: Jobname.............................: AVGuardAsyncScan Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f59de02\guard_slideup.avp Logging.............................: default Primary action......................: repair Secondary action....................: quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: Complete Start of the scan: Freitag, 9. März 2012 12:02 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'conhost.exe' - '1' Module(s) have been scanned Scan process 'Defogger.exe' - '1' Module(s) have been scanned Scan process 'plugin-container.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'conhost.exe' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'AVWEBGRD.EXE' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'Updater.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sppsvc.exe' - '1' Module(s) have been scanned Scan process 'NASvc.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'wmplayer.exe' - '1' Module(s) have been scanned Scan process 'javaw.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'Babylon.exe' - '1' Module(s) have been scanned Scan process 'SweetIM.exe' - '1' Module(s) have been scanned Scan process 'igfxpers.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'igfxtray.exe' - '1' Module(s) have been scanned Scan process 'wcourier.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'TuneUpUtilitiesApp32.exe' - '1' Module(s) have been scanned Scan process 'taskhost.exe' - '1' Module(s) have been scanned Scan process 'Dwm.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'WLIDSvcM.exe' - '1' Module(s) have been scanned Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned Scan process 'TuneUpUtilitiesService32.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\Users\Claudia\AppData\Roaming\Identities\{8E802F35-4BA7-46FF-BECA-9B273D732D5F}\LicenseValidator.exe' C:\Users\Claudia\AppData\Roaming\Identities\{8E802F35-4BA7-46FF-BECA-9B273D732D5F}\LicenseValidator.exe [DETECTION] Is the TR/Offend.7268664 Trojan [NOTE] The registration entry <HKEY_USERS\S-1-5-21-2889182835-3214054709-1994771838-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LicenseValidator> was successfully repaired. [NOTE] The file was moved to the quarantine directory under the name '498e48d1.qua'. End of the scan: Freitag, 9. März 2012 12:02 Used time: 00:04 Minute(s) The scan has been done completely. 0 Scanned directories 61 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 60 Files not concerned 0 Archives were scanned 0 Warnings 1 Notes |
|
09.03.2012, 16:41
| #7 |
| /// Malware-holic | Trojaner nach BKA-Meldung hi, Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.03.2012, 17:16
| #8 |
| | Trojaner nach BKA-Meldung Hier die log-File des Programms. Ich hoffe, ich habe es geschafft, vorher alle erforderlichen Programme zu schließen bzw. zu deaktivieren. Combofix Logfile: Code:
ATTFilter ComboFix 12-03-09.05 - Claudia 09.03.2012 17:03:41.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.49.1031.18.1900.899 [GMT 1:00]
ausgeführt von:: c:\users\Claudia\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Claudia\AppData\Local\TempDIR
c:\users\Claudia\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Claudia\AppData\Roaming\Help\coredb\storage
c:\users\Claudia\AppData\Roaming\inst.exe
c:\users\Claudia\AppData\Roaming\Local
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel.S02E22._.Home.sweet.home.avi.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel_1x08.avi.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel_1x08_i_will_remember_you_dvdrip_fs_divx_fov.avi(2).ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel_1x08_i_will_remember_you_dvdrip_fs_divx_fov.avi.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Angel_1x19.avi.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel.S02E22._.Home.sweet.home.avi.ddp
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel_1x08.avi.ddp
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel_1x08_i_will_remember_you_dvdrip_fs_divx_fov.avi
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel_1x08_i_will_remember_you_dvdrip_fs_divx_fov.avi.ddp
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Angel_1x19.avi.ddp
c:\users\Claudia\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\users\Claudia\AppData\Roaming\vso_ts_preview.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-09 bis 2012-03-09 ))))))))))))))))))))))))))))))
.
.
2012-03-09 16:10 . 2012-03-09 16:10 -------- d-----w- c:\users\Claudia\AppData\Local\temp
2012-03-09 16:10 . 2012-03-09 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 12:29 . 2012-03-09 12:29 -------- d-----w- c:\program files\7-Zip
2012-03-09 10:46 . 2012-03-09 10:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{024CE031-FA56-4DBD-BA7A-D9DD8E5C9B19}\offreg.dll
2012-03-09 10:39 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{024CE031-FA56-4DBD-BA7A-D9DD8E5C9B19}\mpengine.dll
2012-03-09 10:37 . 2012-03-09 10:37 -------- d-----w- c:\program files\Ask.com
2012-03-09 10:36 . 2011-09-18 07:39 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-09 10:36 . 2011-09-15 22:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-03-09 10:36 . 2011-09-15 22:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-03-07 19:00 . 2012-03-07 19:00 -------- d-----w- c:\users\Claudia\AppData\Roaming\Avira
2012-03-07 19:00 . 2012-03-09 14:36 -------- d-----w- c:\programdata\Avira
2012-03-07 19:00 . 2012-03-07 19:00 -------- d-----w- c:\program files\Avira
2012-03-03 16:34 . 2012-03-03 16:34 -------- d-----w- c:\users\Claudia\.thumb
2012-03-02 09:06 . 2012-03-02 09:06 -------- d-----w- c:\users\Claudia\AppData\Roaming\TeamViewer
2012-02-16 02:31 . 2012-02-16 02:31 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-15 05:46 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 05:46 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 05:46 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 05:45 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-12-13 10:53 237072 ------w- c:\windows\system32\MpSigStub.exe
2006-05-03 11:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 19:20 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2010-08-11 1597440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2011-08-01 114992]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2011-08-25 3346544]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
c:\users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-09-23 463824]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-15 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-11-18 1510720]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-11-08 10064]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
*NewlyCreated* - PXLIAFOG
*NewlyCreated* - WS2IFSL
*Deregistered* - pxliafog
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Free YouTube Download - c:\users\Claudia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\di1k0jef.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Babylon Spelling and Proofreading: adapter@babylontc.com - c:\program files\Mozilla Firefox\extensions\adapter@babylontc.com
FF - Ext: Babylon OCR: ocr@babylon.com - c:\program files\Mozilla Firefox\extensions\ocr@babylon.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: NCH DE Community Toolbar: {b106b661-3e1b-4015-af5c-195e909f35c6} - %profile%\extensions\{b106b661-3e1b-4015-af5c-195e909f35c6}
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: PriceGong: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} - %profile%\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Avira SearchFree Toolbar plus Web Protection: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Freeze.com NetAssistant: {1266764D-FC4F-4FA7-B63B-884D53B1680F} - c:\users\Claudia\AppData\Roaming\NetAssistant
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)
HKCU-Run-LicenseValidator - c:\users\Claudia\AppData\Roaming\Identities\{8E802F35-4BA7-46FF-BECA-9B273D732D5F}\LicenseValidator.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-09 17:12:08
ComboFix-quarantined-files.txt 2012-03-09 16:12
.
Vor Suchlauf: 8 Verzeichnis(se), 75.860.783.104 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 75.543.928.832 Bytes frei
.
- - End Of File - - B5085ADFC05733799E9E83883D7DEA83
|
|
09.03.2012, 17:46
| #9 |
| /// Malware-holic | Trojaner nach BKA-Meldung malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.03.2012, 20:02
| #10 |
| | Trojaner nach BKA-Meldung Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.09.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 Claudia :: CLAUDIA-PC [Administrator] Schutz: Aktiviert 09.03.2012 18:44:39 mbam-log-2012-03-09 (18-44-39).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 299552 Laufzeit: 59 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Qoobox\Quarantine\C\Users\Claudia\AppData\Local\TempDIR\BetterInstaller.exe.vir (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
09.03.2012, 20:03
| #11 |
| /// Malware-holic | Trojaner nach BKA-Meldung sehr gut. lade den CCleaner standard: CCleaner Download - CCleaner 3.16.1666 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.03.2012, 20:22
| #12 |
| | Trojaner nach BKA-Meldung Lade den Cleaner grad und mach mich grad ans Werk. An dieser Stelle schonmal tausend Dank für deine Hilfe!!! Entnehme ich deinem "sehr gut", dass das Mistvieh weg ist? |
|
09.03.2012, 20:32
| #13 |
| | Trojaner nach BKA-Meldung Soll ich diese Option "Intelligent nach nicht zu löschenden Cookies scannen" bestätigen oder verneinen? |
|
09.03.2012, 20:45
| #14 |
| | Trojaner nach BKA-Meldung 7-Zip 9.20 08.03.2012 UNBEKANNT Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 15.08.2011 6,00MB 10.3.183.5 BESTIMMT NOTWENDIG Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.10.2011 6,00MB 11.0.1.152 BESTIMMT NOTWENDIG Adobe Reader X - Deutsch Adobe Systems Incorporated 04.01.2011 115,1MB 10.0.0 UNBEKANNT Amazon MP3-Downloader 1.0.9 05.01.2012 UNNÖTIG ASUS Virtual Camera asus 06.01.2011 3,12MB 1.0.20 NOTWENDIG Avira Free Antivirus Avira 08.03.2012 104,6MB 12.0.0.849 NOTWENDIG Avira SearchFree Toolbar plus Web Protection Ask.com 08.03.2012 4,25MB 1.14.1.0 NOTWENDIG Avira SearchFree Toolbar plus Web Protection Updater Ask.com 08.03.2012 1.2.0.20064 NOTWENDIG AVS Video Converter 7 Online Media Technologies Ltd. 18.04.2011 UNBEKANNT Babylon Babylon 13.11.2011 UNNÖTIG CCleaner Piriform 08.03.2012 3.16 UNBEKANNT DealPly DealPly 08.10.2011 UNBEKANNT druckstdu.de Designer 1.6.1 druckstdu 01.09.2011 70,0MB UNNÖTIG DVDStyler v2.0.1 20.11.2011 25,8MB NOTWENDIG File Type Assistant Trusted Software 08.10.2011 1,96MB UNBEKANNT Free YouTube Download version 3.0.815 DVDVideoSoft Ltd.. 15.08.2011 41,9MB NOTWENDIG Google Chrome Google Inc. 08.03.2012 17.0.963.78 UNBEKANNT Hamster Free Video Convertor Hamster Soft 03.09.2011 16,1MB 2.0.0.24 NOTWENDIG Java(TM) 6 Update 24 Oracle 15.03.2011 94,8MB 6.0.240 UNBEKANNT JDownloader 0.9 AppWork GmbH 26.10.2011 0.9 UNBEKANNT Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 08.03.2012 17,3MB 1.60.1.1000 UNBEKANNT Microsoft .NET Framework 4 Client Profile Microsoft Corporation 12.12.2010 38,8MB 4.0.30319 UNBEKANNT Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 12.12.2010 2,94MB 4.0.30319 UNBEKANNT Microsoft Silverlight Microsoft Corporation 15.02.2012 160,0MB 4.1.10111.0 UNBEKANNT Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.09.2011 1,70MB 3.1.0000 UNBEKANNT Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 0,25MB 8.0.50727.4053 UNBEKANNT Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 15.06.2011 0,29MB 8.0.61001 UNBEKANNT Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 15.04.2011 0,20MB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 20.04.2011 0,58MB 9.0.30729.5570 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 15.08.2011 2,87MB 9.0.21022 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.02.2011 0,58MB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.04.2011 0,58MB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,59MB 9.0.30729.6161 UNBEKANNT Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.12.2011 15,0MB 10.0.40219 UNBEKANNT Monopoly 12.06.2011 NOTWENDIG Mozilla Firefox (3.6.27) Mozilla 18.02.2012 3.6.27 (de) NOTWENDIG Mozilla Thunderbird 10.0.2 (x86 de) Mozilla 17.02.2012 38,7MB 10.0.2 NOTWENDIG MSXML 4.0 SP2 (KB954430) Microsoft Corporation 16.04.2011 35,00KB 4.20.9870.0 UNBEKANNT MSXML 4.0 SP2 (KB973688) Microsoft Corporation 16.04.2011 1,33MB 4.20.9876.0 UNBEKANNT Nero BackItUp 10 Nero AG 02.06.2011 117,7MB 5.8.10400.4.100 UNBEKANNT Nero Burning ROM 10 Nero AG 02.06.2011 168,3MB 10.6.10600.4.100 UNNÖTIG Nero BurnRights 10 Nero AG 02.06.2011 6,15MB 4.4.10300.1.100 UNBEKANNT Nero CoverDesigner 10 Nero AG 02.06.2011 91,4MB 5.6.10500.3.100 UNBEKANNT Nero DiscCopy Gadget 10 Nero AG 02.06.2011 34,7MB 3.6.10200.1.100 UNBEKANNT Nero DiscSpeed 10 Nero AG 02.06.2011 7,22MB 6.4.10400.0.100 UNBEKANNT Nero Express 10 Nero AG 02.06.2011 165,4MB 10.6.10600.4.100 UNNÖTIG Nero InfoTool 10 Nero AG 02.06.2011 7,79MB 7.4.10200.0.100 UNNÖTIG Nero Kwik Media Nero AG 02.06.2011 249MB 1.6.14000.46.100 UNBEKANNT Nero Multimedia Suite 10 Nero AG 02.06.2011 1.719MB 10.6.11300 UNBEKANNT Nero Recode 10 Nero AG 02.06.2011 79,3MB 4.10.10600.4.100 UNBEKANNT Nero RescueAgent 10 Nero AG 02.06.2011 6,53MB 3.6.10500.3.100 UNBEKANNT Nero SoundTrax 10 Nero AG 02.06.2011 98,2MB 4.10.10300.2.100 UNBEKANNT Nero StartSmart 10 Nero AG 02.06.2011 142,7MB 10.6.10400.2.100 UNBEKANNT Nero Update Nero AG 02.06.2011 1,46MB 1.0.10900.31.0 UNBEKANNT Nero Vision 10 Nero AG 02.06.2011 223MB 7.4.10800.7.100 UNBEKANNT Nero WaveEditor 10 Nero AG 02.06.2011 79,2MB 5.10.10400.3.100 UNBEKANNT NetAssistant for Firefox Freeze.com 08.10.2011 3.6.5 UNBEKANNT OpenOffice.org 3.2 OpenOffice.org 06.01.2011 363MB 3.2.9502 NOTWENDIG PDFCreator Frank Heindörfer, Philip Chinery 27.01.2011 1.2.0 NOTWENDIG PriceGong 2.5.3 PriceGong 08.10.2011 2.5.3 UNBEKANNT SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49 eRightSoft 13.11.2011 42,7MB v2011.build.49 UNNÖTIG SweetIM for Messenger 3.6 SweetIM Technologies Ltd. 08.10.2011 4,75MB 3.6.0002 UNBEKANNT TuneUp Utilities 2012 TuneUp Software 21.11.2011 12.0.2110.7 UNBEKANNT Uninstall 1.0.0.1 10.04.2011 10,9MB UNBEKANNT VLC media player 1.1.5 VideoLAN 05.01.2011 1.1.5 NOTWENDIG Windows Live Essentials Microsoft Corporation 11.09.2011 15.4.3538.0513 NOTWENDIG Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 14.04.2011 5,58MB 15.4.5722.2 NOTWENDIG WinRAR 05.01.2011 NOTWENDIG WinX HD Video Converter Deluxe 3.10.3 Digiarty Software,Inc. 27.10.2011 45,9MB UNNÖTIG Wireless Console 3 ASUS 06.01.2011 2,45MB 3.0.18 NOTWENDIG |
|
10.03.2012, 16:19
| #15 |
| /// Malware-holic | Trojaner nach BKA-Meldung ja, sieht gut aus, meint, dass wir bald durch sind. Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Amazon Avira SearchFree : beide wir tauschen avira dann sowieso aus. AVS Babylon DealPly druckstdu File Type Java Download der kostenlosen Java-Software downloade java jre, instalieren. deinstaliere: JDownloader Microsoft Silverlight firefox upgraden bitte: Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar deinstaliere: Nero , alle PriceGong SUPER © SweetIM TuneUp WinX öffne CCleaner analysieren, bereinigen neustart. testen wie der pc läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojaner nach BKA-Meldung |
| adapter, adblock, adobe, ahnungslos, antivir, asus, avg, avira, avira searchfree toolbar, babylon, computer, dealply, defender, desktop, download, dringend, explorer, firefox, helper, herunterfahren, hilfe!!, internet, mozilla, mp3, pdf, plug-in, svchost.exe, sweetim, system, trojaner, updates, windows |
Linear-Darstellung
