| |
| |||||||
Log-Analyse und Auswertung: mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.04.2012, 15:59
| #1 |
 |  mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( so leute, nachdem mir hier schon einmal vor ca. 2 jahren kompetent geholfen wurde (merci!), muss ich mich leider schon wieder an euch wenden. ein bekannter hat meinen rechner vor ca. 6 monaten gewartet und mir den virenscanner "avast" aufgespielt, weil er den wohl ganz toll findet. es lief nun ein paar monte einwandfrei, aber neulich fing der rechner an zu spinnen. symptom 1: das dvd-laufwerk war einfach weg. es war im explorer einfach verschwunden, tauchte zwar bei ca. jedem 5. rechnerstart wieder auf, aber prinzipell war es weg. symptom 2: vor ein paar tagen war mein "HP solution center" verschwunden. ich kann zwar noch drucken, aber nicht mehr scannen. aha. symptom 3: seit gestern hat es mir auch den adobe reader zerschossen. kein pdf ist mehr zu öffnen. neuinstallation hilft auch nichts. naja und dann ist mir aufgefallen, dass das "avast"-symbol auf der taskleiste verschwunden ist. windows defender sagt auch "kein virenprogramm aktiv". naja ich hab mal avira installiert und spybot laufen lassen, aber mangels wirklicher kenntnis, was ich da tue, habe ich nun lieber doch die anleitung bon diesem board befolgt und hier sind nun die logfiles: (meine freundin hat ein ähnliches problem auf ihrem rechner, aber das folgt dann extra...) dds.txt: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23 Run by Florian at 15:59:49 on 2012-04-17 Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.1983.877 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\srvany.exe C:\Windows\KMService.exe C:\Windows\system32\conhost.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Apple\Internet Services\ubd.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\julitec\julitecCRM\julitecCONTACT.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe C:\Program Files\IrfanView\i_view32.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.de/ uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\users\florian\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\florian\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: DhcpNameServer = 192.168.178.1 TCP: Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780} : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456} : DhcpNameServer = 192.168.178.1 TCP: Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}\1427265696475627D2E45647 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}\14962777F6C666 : DhcpNameServer = 192.168.178.1 Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\florian\appdata\roaming\mozilla\firefox\profiles\x9tel1l1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/ FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p= FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-16 36000] R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-4-16 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-4-16 110032] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-11 51280] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-16 74640] R2 KMService;KMService;c:\windows\system32\srvany.exe [2012-1-30 8192] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-12 1153368] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336] S2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast5\avastsvc.exe" --> c:\program files\alwil software\avast5\AvastSvc.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-16 253088] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2011-2-16 573440] S3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2011-2-16 15616] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\PFC027.SYS [2006-12-5 507136] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-4-28 15872] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504] S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-28 52224] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-18 1343400] . =============== Created Last 30 ================ . 2012-04-17 08:46:29 -------- d-----w- c:\users\florian\.thumbnails 2012-04-17 08:45:01 -------- d-----w- c:\users\florian\.gimp-2.6 2012-04-17 08:23:58 -------- d-----w- c:\users\florian\appdata\roaming\Avira 2012-04-16 21:02:25 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-16 21:02:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-16 20:58:27 -------- d-----w- c:\program files\Foxit Software 2012-04-16 20:41:31 -------- d-----w- c:\programdata\McAfee Security Scan 2012-04-16 20:41:29 -------- d-----w- c:\program files\McAfee Security Scan 2012-04-16 20:26:32 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-04-16 20:26:32 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-04-16 20:26:31 -------- d-----w- c:\programdata\Avira 2012-04-16 20:26:31 -------- d-----w- c:\program files\Avira 2012-04-16 04:51:11 -------- d-----w- c:\programdata\AVAST Software 2012-04-15 19:35:17 -------- d--h--w- c:\programdata\Common Files 2012-04-13 05:43:59 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ca727b0c-3e65-467c-a7e0-c5e750aa7422}\mpengine.dll 2012-04-13 05:33:41 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-13 05:33:40 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-13 05:33:40 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-04-13 05:33:39 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-02 07:43:58 -------- d-----w- c:\program files\iPod 2012-04-02 07:43:56 -------- d-----w- c:\program files\iTunes 2012-03-27 09:36:15 -------- d-----w- c:\users\florian\appdata\roaming\julitec 2012-03-27 09:36:15 -------- d-----w- c:\users\florian\appdata\local\julitec 2012-03-27 09:35:57 -------- d-----w- c:\programdata\julitec 2012-03-27 09:35:57 -------- d-----w- c:\program files\julitec 2012-03-27 09:07:30 493056 ----a-w- c:\windows\system32\dhRichClient3.dll 2012-03-27 09:07:30 338432 ----a-w- c:\windows\system32\sqlite36_engine.dll 2012-03-25 09:37:12 -------- d-----w- c:\users\florian\appdata\roaming\Samsung 2012-03-25 09:34:40 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers 2012-03-25 09:34:19 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2012-03-25 09:12:03 -------- d-----w- c:\programdata\WEBREG 2012-03-25 09:11:49 -------- d-----w- c:\users\florian\appdata\local\HP 2012-03-25 09:06:14 -------- d-----w- c:\program files\common files\HP 2012-03-25 09:06:10 -------- d-----w- c:\program files\common files\Hewlett-Packard 2012-03-25 09:03:46 307200 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzppw72.dll 2012-03-25 09:01:45 452408 ----a-w- c:\windows\system32\hpzids01.dll 2012-03-25 09:01:44 737280 ----a-w- c:\windows\system32\hposwia_p01b.dll 2012-03-25 09:01:44 372736 ----a-w- c:\windows\system32\hppldcoi.dll 2012-03-25 09:01:43 974848 ----a-w- c:\windows\system32\hpost_p01b.dll 2012-03-25 09:01:43 307200 ----a-w- c:\windows\system32\hposc_p01a.dll 2012-03-21 13:01:19 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-21 13:01:19 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll 2012-03-20 20:42:12 -------- d-----r- c:\users\florian\Dropbox 2012-03-20 20:39:22 -------- d-----w- c:\users\florian\appdata\roaming\Dropbox . ==================== Find3M ==================== . 2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-17 05:34:22 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 10:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-15 10:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-30 18:09:15 8192 ----a-w- c:\windows\system32\srvany.exe 2012-01-30 18:09:15 151552 ----a-w- c:\windows\KMService.exe 2012-01-25 05:32:35 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-01-25 05:32:34 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-01-25 05:27:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe . ============= FINISH: 16:01:02,02 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Enterprise Boot Device: \Device\HarddiskVolume1 Install Date: 11.02.2011 20:35:05 System Uptime: 17.04.2012 11:22:19 (5 hours ago) . Motherboard: Quanta | | 30D1 Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 98 GiB total, 59,112 GiB free. D: is FIXED (NTFS) - 135 GiB total, 30,691 GiB free. E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {36fc9e60-c465-11cf-8056-444553540000} Description: Unknown Device Device ID: USB\VID_0000&PID_0000\5&2175A365&0&2 Manufacturer: (Standard-USB-Hostcontroller) Name: Unknown Device PNP Device ID: USB\VID_0000&PID_0000\5&2175A365&0&2 Service: . ==== System Restore Points =================== . RP185: 13.04.2012 07:32:19 - Windows Update RP186: 14.04.2012 08:29:25 - TouchCopy 11 wird entfernt RP187: 15.04.2012 21:36:25 - TuneUp Utilities 2012 wird installiert RP188: 15.04.2012 22:35:48 - Wiederherstellungsvorgang RP189: 16.04.2012 06:50:17 - avast! Free Antivirus Setup RP190: 16.04.2012 06:51:36 - avast! Free Antivirus Setup RP191: 16.04.2012 18:09:40 - Wiederherstellungsvorgang RP192: 16.04.2012 18:38:12 - Windows-Sicherung RP193: 16.04.2012 21:38:44 - Windows-Sicherung RP194: 16.04.2012 22:20:56 - Removed Adobe Reader X (10.0.1) - Deutsch. RP195: 16.04.2012 22:22:53 - TuneUp Utilities 2012 wird entfernt RP196: 16.04.2012 22:23:31 - TuneUp Utilities Language Pack (de-DE) wird entfernt RP197: 16.04.2012 22:47:54 - Removed Adobe Reader X (10.1.3) - Deutsch. . ==== Installed Programs ====================== . 32 Bit HP CIO Components Installer 7-Zip 9.20 Adobe Flash Player 11 Plugin Apple Application Support Apple Mobile Device Support Apple Software Update Avira Free Antivirus Bonjour BufferChm C5300 CDBurnerXP Conexant HD Audio Destinations DeviceDiscovery Dropbox Foxit Reader 5.1 GIMP 2.6.12 GPBaseService2 HDAUDIO Soft Data Fax Modem with SmartCP HP Customer Participation Program 13.0 HP Imaging Device Functions 13.0 HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4 HP Photosmart Essential 3.5 HP Quick Launch Buttons HP QuickPlay 3.6 HP Smart Web Printing 4.51 HP Solution Center 13.0 HP Update HPPhotoGadget HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotosmartEssential HPProductAssistant iCloud IrfanView (remove only) iTunes Java Auto Updater Java(TM) 6 Update 22 Java(TM) 6 Update 23 julitecCRM 6.0 MarketResearch McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MobileMe Control Panel Mozilla Firefox 11.0 (x86 de) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers NVIDIA PhysX PDFCreator PlayReady PC Runtime x86 PS_AIO_04_C5300_Software_Min QLBCASL QuickPlay SlingPlayer 0.4.6 QuickTime Real Alternative 2.0.2 RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) SmartWebPrinting SolutionCenter Spybot - Search & Destroy Status Synaptics Pointing Device Driver Toolbox TrayApp UnloadSupport VLC media player 1.1.5 WebReg . ==== End Of File =========================== gmer.txt GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-04-17 16:49:57 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-60UST0 rev.01.01A01 Running: cww3hq49.exe; Driver: C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys ---- System - GMER 1.0.15 ---- SSDT 8CE53156 ZwCreateSection SSDT 8CE53160 ZwRequestWaitReplyPort SSDT 8CE5315B ZwSetContextThread SSDT 8CE53165 ZwSetSecurityObject SSDT 8CE5316A ZwSystemDebugControl SSDT 8CE530F7 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82C51369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C8AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C91EAC 4 Bytes [56, 31, E5, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82C92208 2 Bytes [60, 31] .text ntkrnlpa.exe!KeRemoveQueueEx + 1556 82C9220B 1 Byte [8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82C9224C 4 Bytes [5B, 31, E5, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82C922C8 4 Bytes [65, 31, E5, 8C] .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91A32340, 0x3EE217, 0xE8000020] ? C:\Users\Florian\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software) Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- wie auch immer ihr es schafft, damit etwas anzufangen: ich danke euch! gruß willi |
|
17.04.2012, 16:01
| #2 |
| /// Malware-holic   |  mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( hi,
__________________hatten avast oder avira funde? wenn ja, logs posten bitte
__________________ |
|
17.04.2012, 16:10
| #3 | |
| | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (Zitat:
von avira kam auch nix. kann erst gg späten abend wieder ins board schauen, bedanke mich schon mal im voraus für alle beiträge - |
|
17.04.2012, 16:14
| #4 |
| /// Malware-holic | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( hi, Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.04.2012, 18:25
| #5 |
| | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.04.2012 17:49:37 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Florian\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,94 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 55,70% Memory free 3,87 Gb Paging File | 2,65 Gb Available in Paging File | 68,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 59,13 Gb Free Space | 60,61% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\KMService.exe () PRC - C:\Windows\System32\srvany.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (KMService) -- C:\Windows\System32\srvany.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (pwdiyfob) -- C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys File not found DRV - (mbr) -- C:\Users\Florian\AppData\Local\Temp\mbr.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 74 B0 E4 24 CA CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4281416F-6676-460C-80DC-7C23AB943F7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 15:01:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 22:48:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.04.16 22:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\x9tel1l1.default\extensions [2011.11.12 13:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.21 15:01:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.11 22:12:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 12:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 12:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.15 12:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 12:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 12:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 12:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.12 00:27:48 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14798 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\bin\cdviewer.exe O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\launch\command - "" = H:\bin\cdviewer.exe O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.17 17:47:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2012.04.17 15:59:50 | 000,000,000 | R--D | C] -- C:\Users\Florian\Favorites [2012.04.17 15:59:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Florian\Desktop\dds.com [2012.04.17 15:52:02 | 000,000,000 | R--D | C] -- C:\Users\Florian\Searches [2012.04.17 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\bmw [2012.04.17 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\.thumbnails [2012.04.17 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\.gimp-2.6 [2012.04.17 10:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.04.17 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Avira [2012.04.16 23:02:25 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.04.16 23:02:25 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.04.16 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.04.16 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.04.16 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.04.16 22:26:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.04.16 22:26:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.04.16 22:26:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.04.16 22:26:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.04.16 22:21:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.04.16 06:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.04.15 21:35:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.04.13 07:40:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.13 07:40:33 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.13 07:40:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.13 07:40:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.13 07:40:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.13 07:40:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.02 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.04.02 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.04.02 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\julitec [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\julitec [2012.03.27 11:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\julitecCRM [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\julitec [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\julitec [2012.03.27 11:07:30 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2012.03.25 11:37:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Samsung [2012.03.25 11:34:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers [2012.03.25 11:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012.03.25 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\HP [2012.03.25 11:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012.03.25 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2012.03.25 11:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2012.03.25 11:01:45 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll [2012.03.25 11:01:44 | 000,737,280 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_p01b.dll [2012.03.25 11:01:44 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll [2012.03.25 11:01:43 | 000,974,848 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p01b.dll [2012.03.25 11:01:43 | 000,307,200 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_p01a.dll [2012.03.20 22:42:12 | 000,000,000 | R--D | C] -- C:\Users\Florian\Dropbox [2012.03.20 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.03.20 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Dropbox ========== Files - Modified Within 30 Days ========== [2012.04.17 17:47:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2012.04.17 17:45:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.17 16:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.17 16:01:16 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\cww3hq49.exe [2012.04.17 15:59:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Florian\Desktop\dds.com [2012.04.17 15:58:22 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable [2012.04.17 15:57:51 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe [2012.04.17 15:10:20 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.17 15:10:20 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.17 15:10:20 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.17 15:10:20 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.17 15:08:35 | 000,132,706 | ---- | M] () -- C:\Users\Florian\Desktop\plzde.jpg [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.17 10:35:12 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.04.17 10:12:23 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys [2012.04.16 23:02:25 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.04.16 23:02:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.04.05 10:00:28 | 000,012,800 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.02 09:44:55 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.30 15:55:10 | 000,315,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.25 11:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2012.03.25 11:11:52 | 000,180,901 | ---- | M] () -- C:\Windows\hpoins32.dat [2012.03.25 11:07:48 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.03.20 22:42:12 | 000,001,043 | ---- | M] () -- C:\Users\Florian\Desktop\Dropbox.lnk [2012.03.20 22:40:37 | 000,001,023 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2012.04.17 16:01:09 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\cww3hq49.exe [2012.04.17 15:58:22 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable [2012.04.17 15:57:49 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe [2012.04.17 15:08:35 | 000,132,706 | ---- | C] () -- C:\Users\Florian\Desktop\plzde.jpg [2012.04.16 23:02:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.16 22:41:30 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.04.08 11:28:00 | 001,983,729 | ---- | C] () -- C:\Users\Florian\TAN.pdf [2012.04.02 09:44:55 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.27 11:07:30 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.03.25 11:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.03.25 11:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2012.03.25 11:07:48 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.03.25 11:02:30 | 000,180,901 | ---- | C] () -- C:\Windows\hpoins32.dat [2012.03.25 11:02:30 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat [2012.03.20 22:42:12 | 000,001,043 | ---- | C] () -- C:\Users\Florian\Desktop\Dropbox.lnk [2012.03.20 22:40:37 | 000,001,023 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.15 22:26:09 | 000,004,096 | -H-- | C] () -- C:\Users\Florian\AppData\Local\keyfile3.drm [2012.01.30 20:10:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2012.01.30 20:10:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.05.10 22:11:19 | 000,007,605 | ---- | C] () -- C:\Users\Florian\AppData\Local\Resmon.ResmonCfg [2011.04.28 22:54:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.04.28 22:52:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.16 22:31:03 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini [2011.02.16 22:30:47 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI [2011.02.16 22:30:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.02.16 22:30:11 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2011.02.16 22:22:26 | 000,009,701 | ---- | C] () -- C:\Windows\HCWPNP.INI [2011.02.16 01:52:15 | 000,012,800 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.15 22:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.11 23:41:34 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.02.11 22:14:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll ========== LOP Check ========== [2011.02.11 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canneverbe Limited [2012.04.17 10:19:03 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Dropbox [2011.02.16 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GetRightToGo [2012.02.28 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0 [2012.03.27 11:36:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\julitec [2011.07.31 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Nvu [2011.02.11 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org [2012.03.25 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Samsung [2011.07.27 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer [2011.02.12 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird [2012.02.08 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software [2011.07.01 18:03:06 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
17.04.2012, 18:28
| #6 |
| /// Malware-holic | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( wieso wurde otl nicht wie beschrieben ausgeführt, mit script?
__________________ --> mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( |
|
18.04.2012, 07:09
| #7 |
| | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( ok hab ich wohl was falsch gemacht? sorry. hier der nächste versuch mit "quick scan" (die anleitung widerspricht sich da ein bisschen?)OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.04.2012 08:04:03 - Run 2 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Florian\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,94 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 55,80% Memory free 3,87 Gb Paging File | 2,59 Gb Available in Paging File | 66,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 59,15 Gb Free Space | 60,63% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\KMService.exe () PRC - C:\Windows\System32\srvany.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (KMService) -- C:\Windows\System32\srvany.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (pwdiyfob) -- C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys File not found DRV - (mbr) -- C:\Users\Florian\AppData\Local\Temp\mbr.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 74 B0 E4 24 CA CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4281416F-6676-460C-80DC-7C23AB943F7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 15:01:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 22:48:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.04.16 22:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\x9tel1l1.default\extensions [2011.11.12 13:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.21 15:01:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.11 22:12:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 12:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 12:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.15 12:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 12:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 12:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 12:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.12 00:27:48 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14798 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\bin\cdviewer.exe O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\launch\command - "" = H:\bin\cdviewer.exe O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.17 17:47:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2012.04.17 15:59:50 | 000,000,000 | R--D | C] -- C:\Users\Florian\Favorites [2012.04.17 15:59:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Florian\Desktop\dds.com [2012.04.17 15:52:02 | 000,000,000 | R--D | C] -- C:\Users\Florian\Searches [2012.04.17 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\bmw [2012.04.17 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\.thumbnails [2012.04.17 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\.gimp-2.6 [2012.04.17 10:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.04.17 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Avira [2012.04.16 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.04.16 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.04.16 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.04.16 22:26:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.04.16 22:26:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.04.16 22:26:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.04.16 22:26:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.04.16 22:21:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.04.16 06:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.04.15 21:35:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.04.02 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.04.02 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.04.02 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\julitec [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\julitec [2012.03.27 11:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\julitecCRM [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\julitec [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\julitec [2012.03.27 11:07:30 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2012.03.25 11:37:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Samsung [2012.03.25 11:34:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers [2012.03.25 11:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012.03.25 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\HP [2012.03.25 11:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012.03.25 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2012.03.25 11:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2012.03.20 22:42:12 | 000,000,000 | R--D | C] -- C:\Users\Florian\Dropbox [2012.03.20 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.03.20 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Dropbox ========== Files - Modified Within 30 Days ========== [2012.04.18 07:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.18 07:55:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.17 17:47:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2012.04.17 16:01:16 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\cww3hq49.exe [2012.04.17 15:59:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Florian\Desktop\dds.com [2012.04.17 15:58:22 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable [2012.04.17 15:57:51 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe [2012.04.17 15:10:20 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.17 15:10:20 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.17 15:10:20 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.17 15:10:20 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.17 15:08:35 | 000,132,706 | ---- | M] () -- C:\Users\Florian\Desktop\plzde.jpg [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.17 10:35:12 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.04.17 10:12:23 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys [2012.04.05 10:00:28 | 000,012,800 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.02 09:44:55 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.30 15:55:10 | 000,315,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.25 11:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2012.03.25 11:11:52 | 000,180,901 | ---- | M] () -- C:\Windows\hpoins32.dat [2012.03.25 11:07:48 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.03.20 22:42:12 | 000,001,043 | ---- | M] () -- C:\Users\Florian\Desktop\Dropbox.lnk [2012.03.20 22:40:37 | 000,001,023 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2012.04.17 16:01:09 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\cww3hq49.exe [2012.04.17 15:58:22 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable [2012.04.17 15:57:49 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe [2012.04.17 15:08:35 | 000,132,706 | ---- | C] () -- C:\Users\Florian\Desktop\plzde.jpg [2012.04.16 23:02:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.16 22:41:30 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.04.08 11:28:00 | 001,983,729 | ---- | C] () -- C:\Users\Florian\TAN.pdf [2012.04.02 09:44:55 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.27 11:07:30 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.03.25 11:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.03.25 11:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2012.03.25 11:07:48 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.03.25 11:02:30 | 000,180,901 | ---- | C] () -- C:\Windows\hpoins32.dat [2012.03.25 11:02:30 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat [2012.03.20 22:42:12 | 000,001,043 | ---- | C] () -- C:\Users\Florian\Desktop\Dropbox.lnk [2012.03.20 22:40:37 | 000,001,023 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.15 22:26:09 | 000,004,096 | -H-- | C] () -- C:\Users\Florian\AppData\Local\keyfile3.drm [2012.01.30 20:10:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2012.01.30 20:10:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.05.10 22:11:19 | 000,007,605 | ---- | C] () -- C:\Users\Florian\AppData\Local\Resmon.ResmonCfg [2011.04.28 22:54:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.04.28 22:52:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.16 22:31:03 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini [2011.02.16 22:30:47 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI [2011.02.16 22:30:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.02.16 22:30:11 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2011.02.16 22:22:26 | 000,009,701 | ---- | C] () -- C:\Windows\HCWPNP.INI [2011.02.16 01:52:15 | 000,012,800 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.15 22:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.11 23:41:34 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.02.11 22:14:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll ========== LOP Check ========== [2011.02.11 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canneverbe Limited [2012.04.17 10:19:03 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Dropbox [2011.02.16 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GetRightToGo [2012.02.28 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0 [2012.03.27 11:36:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\julitec [2011.07.31 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Nvu [2011.02.11 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org [2012.03.25 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Samsung [2011.07.27 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer [2011.02.12 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird [2012.02.08 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software [2011.07.01 18:03:06 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > die datei "extras" finde ich nicht! hilfe! aha, ich lese da was von "100sexlinks.com"  |
|
18.04.2012, 09:54
| #8 | |
| /// Malware-holic | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : (Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.04.2012, 12:52
| #9 |
| | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( ok leute, ich bin offensichtlich zu doof. also das mit combofix werde ich gleich machen, vorher aber nochmal ein versuch mit OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 18.04.2012 13:01:26 - Run 3 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Florian\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,94 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 59,42% Memory free 3,87 Gb Paging File | 2,63 Gb Available in Paging File | 67,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,56 Gb Total Space | 58,90 Gb Free Space | 60,37% Space Free | Partition Type: NTFS Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) PRC - C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\KMService.exe () PRC - C:\Windows\System32\srvany.exe () PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Win32 Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (KMService) -- C:\Windows\System32\srvany.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found DRV - (pwdiyfob) -- C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys File not found DRV - (mbr) -- C:\Users\Florian\AppData\Local\Temp\mbr.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 74 B0 E4 24 CA CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4281416F-6676-460C-80DC-7C23AB943F7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 15:01:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 22:48:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.04.16 22:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\x9tel1l1.default\extensions [2011.11.12 13:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.21 15:01:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.11 22:12:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 12:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.15 12:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.15 12:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.15 12:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 12:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 12:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.02.12 00:27:48 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14798 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\bin\cdviewer.exe O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\launch\command - "" = H:\bin\cdviewer.exe O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.04.17 17:47:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2012.04.17 15:59:50 | 000,000,000 | R--D | C] -- C:\Users\Florian\Favorites [2012.04.17 15:59:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Florian\Desktop\dds.com [2012.04.17 15:52:02 | 000,000,000 | R--D | C] -- C:\Users\Florian\Searches [2012.04.17 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\bmw [2012.04.17 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\.thumbnails [2012.04.17 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\.gimp-2.6 [2012.04.17 10:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.04.17 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Avira [2012.04.16 23:02:25 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.04.16 23:02:25 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.04.16 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.04.16 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2012.04.16 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.04.16 22:26:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.04.16 22:26:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.04.16 22:26:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.04.16 22:26:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.04.16 22:21:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.04.16 06:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.04.15 21:35:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.04.13 07:40:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.04.13 07:40:33 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.04.13 07:40:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.04.13 07:40:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.04.13 07:40:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.04.13 07:40:30 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.04.02 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.04.02 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.04.02 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\julitec [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\julitec [2012.03.27 11:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\julitecCRM [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\julitec [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\julitec [2012.03.27 11:07:30 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2012.03.25 11:37:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Samsung [2012.03.25 11:34:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers [2012.03.25 11:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012.03.25 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\HP [2012.03.25 11:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2012.03.25 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP [2012.03.25 11:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2012.03.25 11:01:45 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll [2012.03.25 11:01:44 | 000,737,280 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hposwia_p01b.dll [2012.03.25 11:01:44 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll [2012.03.25 11:01:43 | 000,974,848 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpost_p01b.dll [2012.03.25 11:01:43 | 000,307,200 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hposc_p01a.dll [2012.03.20 22:42:12 | 000,000,000 | R--D | C] -- C:\Users\Florian\Dropbox [2012.03.20 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2012.03.20 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Dropbox ========== Files - Modified Within 30 Days ========== [2012.04.18 13:00:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.18 13:00:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.17 17:47:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2012.04.17 16:01:16 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\cww3hq49.exe [2012.04.17 15:59:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Florian\Desktop\dds.com [2012.04.17 15:58:22 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable [2012.04.17 15:57:51 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe [2012.04.17 15:10:20 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.17 15:10:20 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.17 15:10:20 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.17 15:10:20 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.17 15:08:35 | 000,132,706 | ---- | M] () -- C:\Users\Florian\Desktop\plzde.jpg [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.17 10:35:12 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.04.17 10:12:23 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys [2012.04.16 23:02:25 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.04.16 23:02:25 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.04.05 10:00:28 | 000,012,800 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.02 09:44:55 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.30 15:55:10 | 000,315,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.25 11:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2012.03.25 11:11:52 | 000,180,901 | ---- | M] () -- C:\Windows\hpoins32.dat [2012.03.25 11:07:48 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.03.20 22:42:12 | 000,001,043 | ---- | M] () -- C:\Users\Florian\Desktop\Dropbox.lnk [2012.03.20 22:40:37 | 000,001,023 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2012.04.17 16:01:09 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\cww3hq49.exe [2012.04.17 15:58:22 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable [2012.04.17 15:57:49 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe [2012.04.17 15:08:35 | 000,132,706 | ---- | C] () -- C:\Users\Florian\Desktop\plzde.jpg [2012.04.16 23:02:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.16 22:41:30 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012.04.08 11:28:00 | 001,983,729 | ---- | C] () -- C:\Users\Florian\TAN.pdf [2012.04.02 09:44:55 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.27 11:07:30 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.03.25 11:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012.03.25 11:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2012.03.25 11:07:48 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012.03.25 11:02:30 | 000,180,901 | ---- | C] () -- C:\Windows\hpoins32.dat [2012.03.25 11:02:30 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat [2012.03.20 22:42:12 | 000,001,043 | ---- | C] () -- C:\Users\Florian\Desktop\Dropbox.lnk [2012.03.20 22:40:37 | 000,001,023 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.15 22:26:09 | 000,004,096 | -H-- | C] () -- C:\Users\Florian\AppData\Local\keyfile3.drm [2012.01.30 20:10:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe [2012.01.30 20:10:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.05.10 22:11:19 | 000,007,605 | ---- | C] () -- C:\Users\Florian\AppData\Local\Resmon.ResmonCfg [2011.04.28 22:54:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.04.28 22:52:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.16 22:31:03 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini [2011.02.16 22:30:47 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI [2011.02.16 22:30:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.02.16 22:30:11 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2011.02.16 22:22:26 | 000,009,701 | ---- | C] () -- C:\Windows\HCWPNP.INI [2011.02.16 01:52:15 | 000,012,800 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.15 22:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.11 23:41:34 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.02.11 22:14:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll ========== LOP Check ========== [2011.02.11 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canneverbe Limited [2012.04.18 13:00:25 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Dropbox [2011.02.16 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GetRightToGo [2012.02.28 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0 [2012.03.27 11:36:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\julitec [2011.07.31 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Nvu [2011.02.11 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org [2012.03.25 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Samsung [2011.07.27 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer [2011.02.12 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird [2012.02.08 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software [2011.07.01 18:03:06 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < OTL logfile created on: 18.04.2012 08:04:03 - Run 2 > < OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Florian\Desktop > < Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation > < Internet Explorer (Version = 9.0.8112.16421) > < Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy > < > < 1,94 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 55,80% Memory free > < 3,87 Gb Paging File | 2,59 Gb Available in Paging File | 66,91% Paging File free > < Paging file location(s): ?:\pagefile.sys [binary data] > < > < %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files > < Drive C: | 97,56 Gb Total Space | 59,15 Gb Free Space | 60,63% Space Free | Partition Type: NTFS > < Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS > < > < Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator. > < Boot Mode: Normal | Scan Mode: Current user | Quick Scan > < Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days > < > < ========== Processes (SafeList) ========== > Invalid Switch: color] < > < PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools) > < PRC - C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) > < PRC - C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) > < PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) > < PRC - C:\Windows\KMService.exe () > < PRC - C:\Windows\System32\srvany.exe () > < PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) > < PRC - C:\Windows\explorer.exe (Microsoft Corporation) > < PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) > < PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) > < PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) > < PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) > < > < > < ========== Modules (No Company Name) ========== > Invalid Switch: color] < > < MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () > < MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () > < > < > < ========== Win32 Services (SafeList) ========== > Invalid Switch: color] < > < SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found > < SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe File not found > < SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) > < SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) > < SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) > < SRV - (KMService) -- C:\Windows\System32\srvany.exe () > < SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) > < SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) > < SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) > < SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) > < SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) > < SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) > < SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) > < SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) > < > < > < ========== Driver Services (SafeList) ========== > Invalid Switch: color] < > < DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found > < DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found > < DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found > < DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found > < DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found > < DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found > < DRV - (pwdiyfob) -- C:\Users\Florian\AppData\Local\Temp\pwdiyfob.sys File not found > < DRV - (mbr) -- C:\Users\Florian\AppData\Local\Temp\mbr.sys File not found > < DRV - (massfilter) -- system32\drivers\massfilter.sys File not found > < DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) > < DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) > < DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) > < DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) > < DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) > < DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) > < DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) > < DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) > < DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) > < DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) > < DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) > < DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) > < DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) > < DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) > < DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) > < DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) > < DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) > < DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) > < DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) > < DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) > < DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) > < DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) > < DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) > < DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) > < DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) > < DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) > < DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) > < DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) > < DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) > < DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () > < > < > < ========== Standard Registry (SafeList) ========== > Invalid Switch: color] < > < > < ========== Internet Explorer ========== > Invalid Switch: color] < > < IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > < IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC > < > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ > Invalid Switch: < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp > Invalid Switch: ?ocid=iehp < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de > < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 74 B0 E4 24 CA CB 01 [binary data] > < IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} > < IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC > < IE - HKCU\..\SearchScopes\{4281416F-6676-460C-80DC-7C23AB943F7D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms} > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 > < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local > < > < ========== FireFox ========== > Invalid Switch: color] < > < FF - prefs.js..browser.search.defaultenginename: "Yahoo" > < FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" > < FF - prefs.js..browser.startup.homepage: "hxxp://www.tagesschau.de/" > < FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 > < FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 > < FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 > < FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 > < FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" > < FF - user.js - File not found > < > < FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () > Invalid Switch: FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found > Invalid Switch: iTunes,version=: File not found < FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () > Invalid Switch: iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () < FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) > Invalid Switch: pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) < FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) > Invalid Switch: JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) < FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found > Invalid Switch: GENUINE: disabled File not found < FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) > Invalid Switch: NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) < FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) > Invalid Switch: nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) > Invalid Switch: nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) < FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found > Invalid Switch: nsJSRealPlayerPlugin;version=: File not found < > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 15:01:19 | 000,000,000 | ---D | M] > < FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.16 22:48:28 | 000,000,000 | ---D | M] > < FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.03.25 11:10:11 | 000,000,000 | ---D | M] > < > < [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions > < [2011.02.12 09:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} > < [2012.04.16 22:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\x9tel1l1.default\extensions > < [2011.11.12 13:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions > < [2012.03.21 15:01:19 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll > < [2011.02.11 22:12:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll > < [2012.02.15 12:25:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml > < [2012.02.15 12:25:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml > < [2012.02.15 12:25:09 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml > < [2012.02.15 12:25:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml > < [2012.02.15 12:25:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml > < [2012.02.15 12:25:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml > < > < O1 HOSTS File: ([2011.02.12 00:27:48 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts > < O1 - Hosts: 127.0.0.1 www.007guard.com > < O1 - Hosts: 127.0.0.1 007guard.com > < O1 - Hosts: 127.0.0.1 008i.com > < O1 - Hosts: 127.0.0.1 www.008k.com > < O1 - Hosts: 127.0.0.1 008k.com > < O1 - Hosts: 127.0.0.1 www.00hq.com > < O1 - Hosts: 127.0.0.1 00hq.com > < O1 - Hosts: 127.0.0.1 010402.com > < O1 - Hosts: 127.0.0.1 www.032439.com > < O1 - Hosts: 127.0.0.1 032439.com > < O1 - Hosts: 127.0.0.1 www.0scan.com > < O1 - Hosts: 127.0.0.1 0scan.com > < O1 - Hosts: 127.0.0.1 1000gratisproben.com > < O1 - Hosts: 127.0.0.1 www.1000gratisproben.com > < O1 - Hosts: 127.0.0.1 1001namen.com > < O1 - Hosts: 127.0.0.1 www.1001namen.com > < O1 - Hosts: 127.0.0.1 100888290cs.com > < O1 - Hosts: 127.0.0.1 www.100888290cs.com > < O1 - Hosts: 127.0.0.1 www.100sexlinks.com > < O1 - Hosts: 127.0.0.1 100sexlinks.com > < O1 - Hosts: 127.0.0.1 10sek.com > < O1 - Hosts: 127.0.0.1 www.10sek.com > < O1 - Hosts: 127.0.0.1 www.1-2005-search.com > < O1 - Hosts: 127.0.0.1 1-2005-search.com > < O1 - Hosts: 127.0.0.1 123fporn.info > < O1 - Hosts: 14798 more lines... > < O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) > < O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) > < O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found > < O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) > < O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) > < O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) > < O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) > < O4 - Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 > < O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 > < O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) > < O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) > < O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) > < O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) > < O13 - gopher Prefix: missing > < O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) > Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) < O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) > Invalid Switch: jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) < O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) > Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) < O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) > Invalid Switch: jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) < O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2310DDD-CDD1-485B-942C-B997E90D8780}: DhcpNameServer = 192.168.178.1 > < O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5A85DFC-2DA9-414F-A624-BCCF37DDC456}: DhcpNameServer = 192.168.178.1 > < O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) > < O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) > < O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) > Invalid Switch: xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) < O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) > < O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found > Invalid Switch: pagefile) - File not found < O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. > < O32 - HKLM CDRom: AutoRun - 1 > < O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] > < O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\bin\cdviewer.exe > < O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\launch\command - "" = H:\bin\cdviewer.exe > < O33 - MountPoints2\{372ee469-3615-11e0-8a4b-806e6f6e6963}\Shell\readme\command - "" = notepad readme.txt > < O34 - HKLM BootExecute: (autocheck autochk *) > < O35 - HKLM\..comfile [open] -- "%1" %* > < O35 - HKLM\..exefile [open] -- "%1" %* > < O37 - HKLM\...com [@ = comfile] -- "%1" %* > < O37 - HKLM\...exe [@ = exefile] -- "%1" %* > < > < ========== Files/Folders - Created Within 30 Days ========== > Invalid Switch: color] < > < [2012.04.17 17:47:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe > < [2012.04.17 15:59:50 | 000,000,000 | R--D | C] -- C:\Users\Florian\Favorites > < [2012.04.17 15:59:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Florian\Desktop\dds.com > < [2012.04.17 15:52:02 | 000,000,000 | R--D | C] -- C:\Users\Florian\Searches > < [2012.04.17 11:57:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\Desktop\bmw > < [2012.04.17 10:46:29 | 000,000,000 | ---D | C] -- C:\Users\Florian\.thumbnails > < [2012.04.17 10:45:01 | 000,000,000 | ---D | C] -- C:\Users\Florian\.gimp-2.6 > < [2012.04.17 10:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus > < [2012.04.17 10:23:58 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Avira > < [2012.04.16 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software > < [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan > < [2012.04.16 22:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee > < [2012.04.16 22:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan > < [2012.04.16 22:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira > < [2012.04.16 22:26:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys > < [2012.04.16 22:26:32 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys > < [2012.04.16 22:26:32 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys > < [2012.04.16 22:26:32 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys > < [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira > < [2012.04.16 22:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Avira > < [2012.04.16 22:21:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi > < [2012.04.16 06:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software > < [2012.04.15 21:35:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files > < [2012.04.02 09:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes > < [2012.04.02 09:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod > < [2012.04.02 09:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes > < [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\julitec > < [2012.03.27 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\julitec > < [2012.03.27 11:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\julitecCRM > < [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\julitec > < [2012.03.27 11:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\julitec > < [2012.03.27 11:07:30 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll > < [2012.03.25 11:37:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Samsung > < [2012.03.25 11:34:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers > < [2012.03.25 11:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG > < [2012.03.25 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\HP > < [2012.03.25 11:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant > < [2012.03.25 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP > < [2012.03.25 11:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard > < [2012.03.20 22:42:12 | 000,000,000 | R--D | C] -- C:\Users\Florian\Dropbox > < [2012.03.20 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox > < [2012.03.20 22:39:22 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Dropbox > < > < ========== Files - Modified Within 30 Days ========== > Invalid Switch: color] < > < [2012.04.18 07:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job > < [2012.04.18 07:55:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat > < [2012.04.17 17:47:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe > < [2012.04.17 16:01:16 | 000,302,592 | ---- | M] () -- C:\Users\Florian\Desktop\cww3hq49.exe > < [2012.04.17 15:59:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Florian\Desktop\dds.com > < [2012.04.17 15:58:22 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable > < [2012.04.17 15:57:51 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe > < [2012.04.17 15:10:20 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat > < [2012.04.17 15:10:20 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat > < [2012.04.17 15:10:20 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat > < [2012.04.17 15:10:20 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat > < [2012.04.17 15:08:35 | 000,132,706 | ---- | M] () -- C:\Users\Florian\Desktop\plzde.jpg > < [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 > < [2012.04.17 14:46:06 | 000,018,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 > < [2012.04.17 10:35:12 | 000,001,810 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk > < [2012.04.17 10:12:23 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys > < [2012.04.05 10:00:28 | 000,012,800 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini > < [2012.04.02 09:44:55 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk > < [2012.03.30 15:55:10 | 000,315,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT > < [2012.03.25 11:37:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt > < [2012.03.25 11:11:52 | 000,180,901 | ---- | M] () -- C:\Windows\hpoins32.dat > < [2012.03.25 11:07:48 | 000,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk > < [2012.03.20 22:42:12 | 000,001,043 | ---- | M] () -- C:\Users\Florian\Desktop\Dropbox.lnk > < [2012.03.20 22:40:37 | 000,001,023 | ---- | M] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk > < > < ========== Files Created - No Company Name ========== > Invalid Switch: color] < > < [2012.04.17 16:01:09 | 000,302,592 | ---- | C] () -- C:\Users\Florian\Desktop\cww3hq49.exe > < [2012.04.17 15:58:22 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable > < [2012.04.17 15:57:49 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe > < [2012.04.17 15:08:35 | 000,132,706 | ---- | C] () -- C:\Users\Florian\Desktop\plzde.jpg > < [2012.04.16 23:02:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job > < [2012.04.16 22:41:30 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk > < [2012.04.08 11:28:00 | 001,983,729 | ---- | C] () -- C:\Users\Florian\TAN.pdf > < [2012.04.02 09:44:55 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk > < [2012.03.27 11:07:30 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll > < [2012.03.25 11:37:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt > < [2012.03.25 11:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys > < [2012.03.25 11:07:48 | 000,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk > < [2012.03.25 11:02:30 | 000,180,901 | ---- | C] () -- C:\Windows\hpoins32.dat > < [2012.03.25 11:02:30 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat > < [2012.03.20 22:42:12 | 000,001,043 | ---- | C] () -- C:\Users\Florian\Desktop\Dropbox.lnk > < [2012.03.20 22:40:37 | 000,001,023 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk > < [2012.03.15 22:26:09 | 000,004,096 | -H-- | C] () -- C:\Users\Florian\AppData\Local\keyfile3.drm > < [2012.01.30 20:10:07 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe > < [2012.01.30 20:10:07 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe > < [2011.05.10 22:11:19 | 000,007,605 | ---- | C] () -- C:\Users\Florian\AppData\Local\Resmon.ResmonCfg > < [2011.04.28 22:54:08 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe > < [2011.04.28 22:52:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe > < [2011.02.16 22:31:03 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini > < [2011.02.16 22:30:47 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI > < [2011.02.16 22:30:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI > < [2011.02.16 22:30:11 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe > < [2011.02.16 22:22:26 | 000,009,701 | ---- | C] () -- C:\Windows\HCWPNP.INI > < [2011.02.16 01:52:15 | 000,012,800 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini > < [2011.02.15 22:35:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat > < [2011.02.11 23:41:34 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin > < [2011.02.11 22:14:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll > < > < ========== LOP Check ========== > Invalid Switch: color] < > < [2011.02.11 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Canneverbe Limited > < [2012.04.17 10:19:03 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Dropbox > < [2011.02.16 22:26:17 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\GetRightToGo > < [2012.02.28 12:50:12 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\gtk-2.0 > < [2012.03.27 11:36:41 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\julitec > < [2011.07.31 22:11:04 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Nvu > < [2011.02.11 23:28:20 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\OpenOffice.org > < [2012.03.25 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Samsung > < [2011.07.27 21:19:35 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TeamViewer > < [2011.02.12 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\Thunderbird > < [2012.02.08 12:06:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\TuneUp Software > < [2011.07.01 18:03:06 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT > < > < ========== Purity Check ========== > Invalid Switch: color] < > < > < > < < End of report > --- --- --- > < End of report > und jetzt gibt es auch "extras":OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.04.2012 13:01:26 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Florian\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,94 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 59,42% Memory free
3,87 Gb Paging File | 2,63 Gb Available in Paging File | 67,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 58,90 Gb Free Space | 60,37% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 30,69 Gb Free Space | 22,70% Space Free | Partition Type: NTFS
Computer Name: FLORIAN-PC | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{095FC6D2-DF7E-40C1-B4AF-FFB3EC472BEB}" = C5300
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{567C4A87-9029-4001-ACF1-CFC0717EC1A0}" = PS_AIO_04_C5300_Software_Min
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FA29B87-FED3-45A1-8A95-2FDEE0F6DD18}" = HP Photosmart C5300 All-In-One Driver Software 13.0 Rel. 4
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Foxit Reader_is1" = Foxit Reader 5.1
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IrfanView" = IrfanView (remove only)
"julitecCRM_is1" = julitecCRM 6.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"RealAlt_is1" = Real Alternative 2.0.2
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.12
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 18.10.2011 19:04:13 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2491663
Error - 18.10.2011 19:04:13 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2491663
Error - 18.10.2011 19:04:14 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.10.2011 19:04:14 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2492662
Error - 18.10.2011 19:04:14 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2492662
Error - 18.10.2011 19:04:15 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.10.2011 19:04:15 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2493660
Error - 18.10.2011 19:04:15 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2493660
Error - 18.10.2011 19:04:16 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 18.10.2011 19:04:16 | Computer Name = Florian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2494659
[ Media Center Events ]
Error - 16.02.2011 17:05:06 | Computer Name = Florian-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 16.02.2011 17:05:06 | Computer Name = Florian-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 16.02.2011 17:19:29 | Computer Name = Florian-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80004005) WinTV Nova-T
Stick DVB-T Tuner (Dev1 Path0)
Error - 19.02.2011 18:04:57 | Computer Name = Florian-PC | Source = MCUpdate | ID = 0
Description = 23:04:57 - Fehler beim Herstellen der Internetverbindung. 23:04:57
- Serververbindung konnte nicht hergestellt werden..
Error - 19.02.2011 18:05:12 | Computer Name = Florian-PC | Source = MCUpdate | ID = 0
Description = 23:05:02 - Fehler beim Herstellen der Internetverbindung. 23:05:02
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 24.02.2012 03:21:24 | Computer Name = Florian-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 25.02.2012 05:36:12 | Computer Name = Florian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Dnscache erreicht.
Error - 25.02.2012 10:41:48 | Computer Name = Florian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 25.02.2012 10:41:52 | Computer Name = Florian-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 25.02.2012 10:41:52 | Computer Name = Florian-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 0 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 28.02.2012 07:56:22 | Computer Name = Florian-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 29.02.2012 12:03:37 | Computer Name = Florian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 29.02.2012 12:03:37 | Computer Name = Florian-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 29.02.2012 12:03:37 | Computer Name = Florian-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 29.02.2012 13:16:29 | Computer Name = Florian-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
< End of report >
war das jetzt korrekt? ich kümmere mich jetzt mal um combofix |
|
18.04.2012, 13:06
| #10 |
| /// Malware-holic | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( erstelle das combofix log bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.04.2012, 14:57
| #11 |
| | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( Combofix Logfile: Code:
ATTFilter ComboFix 12-04-17.01 - Florian 18.04.2012 13:59:20.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.1983.765 [GMT 2:00]
ausgeführt von:: d:\eigene dateien\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-18 bis 2012-04-18 ))))))))))))))))))))))))))))))
.
.
2012-04-18 12:07 . 2012-04-18 13:43 -------- d-----w- c:\users\Florian\AppData\Local\temp
2012-04-18 12:07 . 2012-04-18 12:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 08:02 . 2012-04-18 08:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32692CD5-1094-4EE9-A511-CD95B338025B}\offreg.dll
2012-04-17 14:09 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32692CD5-1094-4EE9-A511-CD95B338025B}\mpengine.dll
2012-04-17 08:46 . 2012-04-17 08:46 -------- d-----w- c:\users\Florian\.thumbnails
2012-04-17 08:45 . 2012-04-17 08:46 -------- d-----w- c:\users\Florian\.gimp-2.6
2012-04-17 08:23 . 2012-04-17 08:23 -------- d-----w- c:\users\Florian\AppData\Roaming\Avira
2012-04-16 21:02 . 2012-04-16 21:02 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-16 21:02 . 2012-04-16 21:02 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-16 20:58 . 2012-04-16 20:58 -------- d-----w- c:\program files\Foxit Software
2012-04-16 20:41 . 2012-04-16 20:41 -------- d-----w- c:\programdata\McAfee
2012-04-16 20:41 . 2012-04-16 20:41 -------- d-----w- c:\programdata\McAfee Security Scan
2012-04-16 20:41 . 2012-04-17 08:35 -------- d-----w- c:\program files\McAfee Security Scan
2012-04-16 20:26 . 2012-01-31 06:56 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-16 20:26 . 2012-01-31 06:56 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-16 20:26 . 2011-09-16 14:08 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-16 20:26 . 2012-04-16 20:26 -------- d-----w- c:\programdata\Avira
2012-04-16 20:26 . 2012-04-16 20:26 -------- d-----w- c:\program files\Avira
2012-04-16 04:51 . 2012-04-16 04:52 -------- d-----w- c:\programdata\AVAST Software
2012-04-15 19:35 . 2012-04-15 19:35 -------- d--h--w- c:\programdata\Common Files
2012-04-13 05:33 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 05:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 05:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 05:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-02 07:43 . 2012-04-02 07:43 -------- d-----w- c:\program files\iPod
2012-04-02 07:43 . 2012-04-02 07:44 -------- d-----w- c:\program files\iTunes
2012-03-27 09:36 . 2012-04-10 11:07 -------- d-----w- c:\users\Florian\AppData\Local\julitec
2012-03-27 09:36 . 2012-03-27 09:36 -------- d-----w- c:\users\Florian\AppData\Roaming\julitec
2012-03-27 09:35 . 2012-03-27 09:36 -------- d-----w- c:\programdata\julitec
2012-03-27 09:35 . 2012-03-27 09:35 -------- d-----w- c:\program files\julitec
2012-03-27 09:07 . 2011-05-13 11:16 493056 ----a-w- c:\windows\system32\dhRichClient3.dll
2012-03-27 09:07 . 2011-03-25 19:42 338432 ----a-w- c:\windows\system32\sqlite36_engine.dll
2012-03-25 09:37 . 2012-03-25 09:42 -------- d-----w- c:\users\Florian\AppData\Roaming\Samsung
2012-03-25 09:34 . 2012-03-30 13:54 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2012-03-25 09:34 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-03-25 09:12 . 2012-03-25 09:12 -------- d-----w- c:\programdata\WEBREG
2012-03-25 09:11 . 2012-03-25 09:11 -------- d-----w- c:\users\Florian\AppData\Local\HP
2012-03-25 09:08 . 2012-03-25 09:08 -------- d-----w- c:\programdata\HP Product Assistant
2012-03-25 09:06 . 2012-03-25 09:06 -------- d-----w- c:\program files\Common Files\HP
2012-03-25 09:06 . 2012-03-25 09:06 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2012-03-25 09:03 . 2009-07-14 01:15 307200 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw72.dll
2012-03-25 09:01 . 2009-07-08 10:51 452408 ----a-w- c:\windows\system32\hpzids01.dll
2012-03-25 09:01 . 2009-07-08 10:51 737280 ----a-w- c:\windows\system32\hposwia_p01b.dll
2012-03-25 09:01 . 2009-07-08 10:51 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2012-03-25 09:01 . 2009-07-08 10:51 974848 ----a-w- c:\windows\system32\hpost_p01b.dll
2012-03-25 09:01 . 2009-07-08 10:51 307200 ----a-w- c:\windows\system32\hposc_p01a.dll
2012-03-21 13:01 . 2012-03-21 13:01 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-21 13:01 . 2012-03-21 13:01 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-20 20:42 . 2012-04-17 08:19 -------- d-----r- c:\users\Florian\Dropbox
2012-03-20 20:39 . 2012-04-18 11:00 -------- d-----w- c:\users\Florian\AppData\Roaming\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-09-14 19:07 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-14 10:15 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 10:15 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 10:15 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 10:15 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-14 10:15 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 10:15 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-30 18:09 . 2012-01-30 18:10 8192 ----a-w- c:\windows\system32\srvany.exe
2012-01-30 18:09 . 2012-01-30 18:10 151552 ----a-w- c:\windows\KMService.exe
2012-01-25 05:32 . 2012-03-14 10:15 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-14 10:15 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-14 10:15 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-21 13:01 . 2011-05-09 19:10 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Florian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
backup=c:\windows\pss\WinTV Recording Status..lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-19 17:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2009-07-06 573440]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2009-07-06 15616]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-17 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2012-01-30 8192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 21:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\x9tel1l1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3728)
c:\users\Florian\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\KMService.exe
c:\windows\system32\conhost.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-18 15:46:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-18 13:46
.
Vor Suchlauf: 6 Verzeichnis(se), 66.002.010.112 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 66.257.920.000 Bytes frei
.
- - End Of File - - 54245BBF5D8108B3CB6CA71B147DFB23
|
|
18.04.2012, 15:03
| #12 |
| /// Malware-holic | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( öffne mal computer, c: qoobox rechtsklick quarantain, mit einem archivierungsprogramm deiner wahl packen und im upload channel hochladen, wenn fertig, melden Trojaner-Board Upload Channel
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.04.2012, 15:11
| #13 |
| | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( mhm, klappt nicht : ( "0 WARNING Zugriff verweigert" ??? |
|
18.04.2012, 15:12
| #14 |
| /// Malware-holic | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( für welche datei, da steht sicher noch mehr, bitte den vollständigen text posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.04.2012, 15:12
| #15 |
| | mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( stimmt! 1 C:\QooBox\BackEnv\ |
|
| Themen zu mehrere programme laufen nicht mehr, und "avast"-virenschutz hat sich vom acker gemacht : ( |
| adobe, antivir, antivirus, antivirus se, avast, avira, bonjour, defender, desktop, error, excel, firefox, flash player, kompetent, locker, monte, mozilla, plug-in, problem, programm, rundll, scan, schutz, security, security scan, software, svchost.exe, system, taskleiste, temp, windows |
Linear-Darstellung
