|
Plagegeister aller Art und deren Bekämpfung: bka trojaner entfernen - wie gehts weiter?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.08.2012, 12:16 | #1 |
| bka trojaner entfernen - wie gehts weiter? Hallo, hab bisher alles gemacht, was mir im Forum empfohlen wurde; Anti-Malware-Scanner, DeFogger, OTL und GMER hab ich alles druchlaufen lassen. Hier sind die Ergebnisse. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 achim :: LAPTOP [Administrator] 11.08.2012 10:07:49 mbam-log-2012-08-11 (10-42-13).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 281454 Laufzeit: 33 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\n. -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt. C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt. (Ende) OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 11.08.2012 12:13:37 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = E:\ Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 80,79% Memory free 4,00 Gb Paging File | 3,68 Gb Available in Paging File | 92,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,43 Gb Total Space | 20,04 Gb Free Space | 26,92% Space Free | Partition Type: NTFS Drive D: | 5,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 7,44 Gb Total Space | 7,43 Gb Free Space | 99,90% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: achim | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.11 11:19:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.09.11 09:51:06 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.05.11 17:20:04 | 003,590,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2011.04.21 22:25:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.10.26 14:59:10 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2012.08.11 12:08:16 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\geoxjq.sys -- (kiqwaj) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011.02.24 22:53:10 | 000,032,840 | ---- | M] (wj32) [Kernel | System | Stopped] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.04.07 17:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2009.07.14 17:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009.05.07 02:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2009.05.07 02:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2009.03.06 12:52:00 | 007,545,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.07.06 14:44:00 | 000,168,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21) DRV - [2006.03.23 16:45:42 | 000,566,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2005.11.08 16:12:00 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.11.08 16:11:00 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.11.08 16:11:00 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSFHWAZL.sys -- (HSFHWAZL) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 FB 21 57 33 DF CB 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {8E7F3647-06E6-4FE5-8B59-CC955A80C4CD} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{21E85D67-BA33-459F-9B00-2A6815650EA8}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{50F2DC35-78A0-4A9B-B1F2-69060610B749}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_de IE - HKCU\..\SearchScopes\{5FE029EB-2BBA-484A-8487-77133B5BA997}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{78F2962E-7A79-4F09-BC3A-D66F6E6E1D6E}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{8E7F3647-06E6-4FE5-8B59-CC955A80C4CD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{A7266C9F-A576-4B30-A814-E07340971CE8}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{C0A3E3FE-3DAD-4CE2-8474-01F459385806}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=36202E08-FEFA-41C3-945C-F2DD54E9867E&apn_sauid=93E2D062-44F4-4261-B393-25B5904AF7A7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.07.17 10:01:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.06 09:48:46 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\Windows\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKCU..\Run: [Process Hacker 2] C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7\ICQ7.7\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C0E520F-928C-4EBE-ADC6-2E04C19BD8B7}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A239AF62-9901-49F5-96F9-A795D5F81FA7}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B828C8DE-81AB-430E-BD92-7C7158C45660}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E02C4779-655B-4664-8571-29A7FA1BE80A}: NameServer = 192.168.1.1 O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{034261ae-848d-11e0-9f23-0013020d585f}\Shell - "" = AutoRun O33 - MountPoints2\{034261ae-848d-11e0-9f23-0013020d585f}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{501589b8-db9d-11e0-bf57-001e101faa49}\Shell - "" = AutoRun O33 - MountPoints2\{501589b8-db9d-11e0-bf57-001e101faa49}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{501589bd-db9d-11e0-bf57-001e101faa49}\Shell - "" = AutoRun O33 - MountPoints2\{501589bd-db9d-11e0-bf57-001e101faa49}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5825a36a-dc43-11e0-b308-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{5825a36a-dc43-11e0-b308-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{7f6d210d-845a-11e0-9b82-001e101f9aeb}\Shell - "" = AutoRun O33 - MountPoints2\{7f6d210d-845a-11e0-9b82-001e101f9aeb}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{930bc752-86a4-11e0-9f5a-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{930bc752-86a4-11e0-9f5a-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{94e3ac37-8458-11e0-9fd5-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{94e3ac37-8458-11e0-9fd5-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{94e3ac46-8458-11e0-9fd5-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{94e3ac46-8458-11e0-9fd5-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{b57b292b-848f-11e0-9ea4-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{b57b292b-848f-11e0-9ea4-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{b57b2937-848f-11e0-9ea4-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{b57b2937-848f-11e0-9ea4-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bbea4d4d-8455-11e0-9b89-0013020d585f}\Shell - "" = AutoRun O33 - MountPoints2\{bbea4d4d-8455-11e0-9b89-0013020d585f}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{bbea4d5d-8455-11e0-9b89-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{bbea4d5d-8455-11e0-9b89-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c797e8b4-db9e-11e0-84ef-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{c797e8b4-db9e-11e0-84ef-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c797e8c4-db9e-11e0-84ef-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{c797e8c4-db9e-11e0-84ef-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{cc64d2ba-4b61-11e1-b435-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cc64d2ba-4b61-11e1-b435-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{cc64d2cd-4b61-11e1-b435-0013020d585f}\Shell - "" = AutoRun O33 - MountPoints2\{cc64d2cd-4b61-11e1-b435-0013020d585f}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f4a618d4-848d-11e0-9bac-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{f4a618d4-848d-11e0-9bac-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f4a618da-848d-11e0-9bac-001636206379}\Shell - "" = AutoRun O33 - MountPoints2\{f4a618da-848d-11e0-9bac-001636206379}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.11 10:05:38 | 000,000,000 | ---D | C] -- C:\Users\achim\AppData\Roaming\Malwarebytes [2012.08.11 10:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.11 10:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.11 10:05:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.11 10:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.31 14:40:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.07.31 14:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\YTD Toolbar [2012.07.31 14:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.07.31 14:40:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.17 10:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.11 12:12:14 | 000,000,000 | ---- | M] () -- C:\Users\achim\defogger_reenable [2012.08.11 12:08:16 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\geoxjq.sys [2012.08.11 11:27:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.11 11:27:32 | 1609,179,136 | -HS- | M] () -- C:\hiberfil.sys [2012.08.11 11:25:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad [2012.08.11 11:23:36 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.11 11:23:36 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.11 11:23:36 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.11 11:23:36 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.11 10:05:23 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.10 11:40:04 | 000,001,885 | ---- | M] () -- C:\Users\achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.08.10 08:50:45 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.10 08:50:45 | 000,013,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.10 08:49:27 | 103,499,138 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.08.01 18:21:28 | 000,219,134 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.07.17 10:01:03 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.11 12:12:14 | 000,000,000 | ---- | C] () -- C:\Users\achim\defogger_reenable [2012.08.11 12:08:16 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\geoxjq.sys [2012.08.11 10:05:23 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.10 11:40:04 | 004,503,728 | ---- | C] () -- C:\ProgramData\ldsw_0paos.pad [2012.08.10 11:40:04 | 000,001,885 | ---- | C] () -- C:\Users\achim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012.07.11 11:23:16 | 000,095,744 | ---- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\80000032.@ [2012.07.11 11:23:16 | 000,000,804 | ---- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\L\00000004.@ [2012.07.11 11:23:15 | 000,002,048 | ---- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\00000004.@ [2012.07.11 11:23:15 | 000,001,632 | ---- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\U\000000cb.@ [2012.01.29 10:41:12 | 000,002,048 | -HS- | C] () -- C:\Users\achim\AppData\Local\{f3c92b2c-5439-71c3-3586-388d3b45a58a}\@ [2011.03.10 19:05:13 | 002,648,064 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2011.03.10 17:45:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.28 22:41:33 | 001,783,056 | ---- | C] () -- C:\Windows\System32\WavesLib.dll ========== LOP Check ========== [2012.05.04 15:27:21 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\1&1 Mail & Media GmbH [2012.06.05 15:04:56 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\AVG2012 [2012.05.02 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\ICQ [2011.05.22 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\Process Hacker 2 [2011.03.10 19:05:47 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\Tobit [2011.03.10 17:16:26 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\toshiba [2011.04.21 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\TS3Client [2011.03.04 19:36:43 | 000,000,000 | ---D | M] -- C:\Users\achim\AppData\Roaming\WinBatch [2012.05.16 05:49:31 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.08.2012 12:13:37 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = E:\ Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 80,79% Memory free 4,00 Gb Paging File | 3,68 Gb Available in Paging File | 92,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,43 Gb Total Space | 20,04 Gb Free Space | 26,92% Space Free | Partition Type: NTFS Drive D: | 5,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 7,44 Gb Total Space | 7,43 Gb Free Space | 99,90% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: achim | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02795C0C-00B3-4B39-9D5C-C11F328D6AA8}" = rport=137 | protocol=17 | dir=out | app=system | "{02EEB895-6B48-44EB-B3C5-595DBDB653C4}" = rport=138 | protocol=17 | dir=out | app=system | "{21B51686-8282-4C85-AA7B-8E8993CCF1B1}" = rport=445 | protocol=6 | dir=out | app=system | "{27CC4379-5EC4-43E8-9A06-EFA36DA2AA68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2B1D5095-0E2C-4EB3-9B64-DB8A85765C73}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{308AF2A5-E20C-4BE1-9DB9-EB080875C666}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{476BCC21-AE37-4C4D-AC6E-F8940718CA7B}" = lport=138 | protocol=17 | dir=in | app=system | "{49025A59-E2A2-44B0-B405-5E0214C267DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5809DD5D-D5D9-4A3F-8758-2604DA127DA1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5EBACEA3-EDD9-4CFA-B2CC-A18F6CF4CBEB}" = lport=445 | protocol=6 | dir=in | app=system | "{8828B6D5-8D4F-43DA-A13A-97B2C8245129}" = rport=10243 | protocol=6 | dir=out | app=system | "{9099CF09-A865-4639-BCE3-41A2C445571F}" = lport=10243 | protocol=6 | dir=in | app=system | "{A641E961-641F-4A8C-A44F-3DB5ADAE0390}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B5110437-4787-4F8F-8285-04C7615C9BBC}" = lport=137 | protocol=17 | dir=in | app=system | "{B88D9655-560B-44C4-B183-16A3D581C694}" = rport=139 | protocol=6 | dir=out | app=system | "{C41317AB-B3CA-4004-8EBF-8A0D4A6E9A70}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C9C22DAA-C8C8-4B62-8907-37DF4FE9C3AD}" = lport=139 | protocol=6 | dir=in | app=system | "{DBE6529C-B84E-4FBB-8B93-C831C30D4657}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E4FC1F41-8E6D-4020-8B52-E2E0C7FD8964}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{ED05FCF8-B4D8-43F9-A3E7-8784D4489D2D}" = lport=2869 | protocol=6 | dir=in | app=system | "{F9A66791-E011-48EC-9944-0344F5B7614F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01D93C70-A6CA-45FC-B48C-EAF1007620D8}" = protocol=6 | dir=out | app=system | "{084AA9F8-F351-454E-B73B-43B873504FE3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{11B8AA9A-D473-4232-8F34-AF5167A30CD9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{13D69BC4-2A60-4645-B9D9-8AF155D07EE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1C9950C4-1D56-4CD3-AEFC-A48878E47370}" = protocol=6 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | "{1E7AD015-C54B-4EDA-A7A7-22E874C3DCC1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{1ED7A41B-840A-42D0-9F2C-591911461C6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1EE389C0-1E76-4074-A726-DF35A3ACCD6A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{271E615B-28C3-4FBC-9A45-BCB3B9185C01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3C85010F-D987-417B-B703-C62187D7C1B0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{4B273946-71B6-4FAD-B247-E21DFC41F917}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4B3464B4-D04A-4818-B4E7-9F8F87E3DD5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4D500593-5B2F-40E8-8CF4-E3E03EED300D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4F27BF3D-98E1-4963-BB50-FE1117E44F10}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{55065431-E475-46BA-9596-DBC199130276}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{578F39AF-5C96-4ABE-812D-C888148A07D6}" = protocol=17 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | "{594260D1-73EC-40B6-A7D0-FF71C1195120}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{59EACD63-BC81-4D9E-BAA8-7E53347F9A6F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{5DC77444-8BFE-4296-AE0C-E2A25AC95684}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{5E551D6C-805E-47E9-A531-9D5D5BFB80E9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{5FDD027A-A431-4E09-865B-E9DCF96DB141}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6DA14E32-E1C9-45B6-931F-D9C3DCC0A7CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{71CCDAD0-D29B-4FC3-83E2-83941CA5EEB3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{78F0F007-36C7-4B91-A5B7-1830ABEB6D01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8658B64E-E642-45DE-98C5-64D4F564394F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{86678CB8-E31D-4D4D-BB76-C0CED7987A36}" = protocol=6 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | "{88A07269-CD51-4CCF-B163-97BEFB958129}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8DDC49E0-0738-4DBC-A42A-4B9D9CD8EB20}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{96331694-E159-409B-B02C-2808FC97A737}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | "{9CA25908-6494-4A00-A88F-A77C843C98D6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{A7BF5245-EE53-4834-A837-36312D5F3D75}" = protocol=17 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | "{A98E8723-9DC3-4664-8CE8-A4C779B539AA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{AB675916-40F0-46DE-9148-DF59AE4DA4A3}" = protocol=17 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | "{AC7D73B6-704C-4D0B-B420-4608B455718B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{BB4181EA-58ED-43F7-BBD6-F86FA9C7F0CC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | "{BC9E9A17-47D6-4AB1-BF28-793091B012E2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | "{BFC23E44-FBF4-4917-AAAB-1DCC2D28DA3B}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | "{C08A4FFD-88FA-4B80-94F0-9BE865F49C6B}" = protocol=6 | dir=in | app=c:\program files\icq7\icq7.7\icq.exe | "{C302AD60-592B-4C47-9623-7E88F7DE3067}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{C92F457E-EB92-4B09-91A4-689E98F6131A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CFE4E3D0-42F4-4717-A04F-90CE35D3B957}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | "{D8DF9EB3-B622-400B-8003-CF6E76349625}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | "{E1430B44-CE4E-4E0E-9172-E6079FC3BB97}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe | "{E423BC1D-7851-4B7C-8F42-54385E4D4521}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E71951EB-DA80-42D3-ADEB-4CCE09A8A88F}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe | "{F038145D-02BC-412A-9ED3-E84EE5FDB3C5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F4C46E4C-A29B-4DAB-82EC-D0B564AF8513}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | "TCP Query User{445B3992-A69A-4B20-B762-DCBB88E15851}C:\temp\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\temp\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | "TCP Query User{49171F03-AAA0-45A4-A0EE-892177654726}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{7731B827-25F5-431D-9C4A-19F661F3DB0F}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe | "TCP Query User{9322599E-AE58-4614-BA6D-11DFB1C81EB5}E:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\games\world of warcraft\launcher.exe | "TCP Query User{9701FEBA-D93C-44FF-A391-7F7013C6F9A4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{AA674E5E-6099-4099-AC18-67F16E221612}C:\temp\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\temp\world of warcraft\launcher.exe | "TCP Query User{AC583122-829E-436F-B2F7-6C908700784E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{AF29EAA9-F5C2-402B-A2E2-E10A02FBBD25}C:\temp\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\temp\world of warcraft\launcher.exe | "TCP Query User{D60A2AF4-F649-4979-BADC-7B98C1C6FFEB}C:\temp\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\temp\world of warcraft\launcher.patch.exe | "UDP Query User{0A1B00BD-941D-4E23-B46B-9C8E23C619BA}C:\temp\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\temp\world of warcraft\launcher.patch.exe | "UDP Query User{1C59CC5A-4440-4320-A3BC-F3D4A3273390}C:\temp\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\temp\world of warcraft\launcher.exe | "UDP Query User{50356605-E9CD-4156-9480-E6DBF9E27675}C:\temp\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\temp\world of warcraft\launcher.exe | "UDP Query User{647CEF99-820F-45C3-A643-EA3974931A28}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{6A227CE8-DCF8-4C27-8F78-2FD25DFBC6BD}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{6EF74A73-64FA-409E-BD00-31C171246B29}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe | "UDP Query User{72EBEA4F-6834-44BF-881C-A52EEA94E054}E:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\games\world of warcraft\launcher.exe | "UDP Query User{B57C25DA-F23C-42C4-9BE0-9977E0812CAD}C:\temp\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\temp\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe | "UDP Query User{C359A6F9-AA24-4736-B6ED-7F87B29354AB}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{3A9B3B6D-3C08-4283-AF50-FD82C49DD71E}" = TOSHIBA TEMPRO "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012 "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1 "{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012 "{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "AVG" = AVG 2012 "CCleaner" = CCleaner "CNXT_HDAUDIO" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5047&SUBSYS_1179FF31" = HDAUDIO Soft Data Fax Modem with SmartCP "ENTERPRISE" = Microsoft Office Enterprise 2007 "InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "Mobile Partner" = Mobile Partner "NVIDIA Drivers" = NVIDIA Drivers "Process_Hacker2_is1" = Process Hacker 2.15 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Tobit Radio.fx Server" = Radio.fx "Winamp" = Winamp "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05.07.2012 08:48:06 | Computer Name = laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Updater.exe, Version: 1.2.0.20007, Zeitstempel: 0x4f039db9 Name des fehlerhaften Moduls: Updater.exe, Version: 1.2.0.20007, Zeitstempel: 0x4f039db9 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0008fcd7 ID des fehlerhaften Prozesses: 0x96c Startzeit der fehlerhaften Anwendung: 0x01cd5a9079885569 Pfad der fehlerhaften Anwendung: C:\Program Files\Ask.com\Updater\Updater.exe Pfad des fehlerhaften Moduls: C:\Program Files\Ask.com\Updater\Updater.exe Berichtskennung: aa693a55-c69f-11e1-882d-0013020d585f Error - 09.07.2012 10:19:46 | Computer Name = laptop | Source = VSS | ID = 8194 Description = Error - 11.07.2012 05:22:12 | Computer Name = laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: InstallFlashPlayer.exe, Version: 11.0.1.152, Zeitstempel: 0x4e7d1453 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00337428 ID des fehlerhaften Prozesses: 0x1614 Startzeit der fehlerhaften Anwendung: 0x01cd5f46a25f1697 Pfad der fehlerhaften Anwendung: C:\Users\achim\AppData\Local\Temp\InstallFlashPlayer.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: e4fedaae-cb39-11e1-8dd7-001636206379 Error - 11.07.2012 07:24:42 | Computer Name = laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: jscript9.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fb57f7f Ausnahmecode: 0xc0000005 Fehleroffset: 0x69c5c775 ID des fehlerhaften Prozesses: 0x1e50 Startzeit der fehlerhaften Anwendung: 0x01cd5f56f078d480 Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: jscript9.dll Berichtskennung: 01e42d90-cb4b-11e1-8dd7-001636206379 Error - 11.07.2012 12:58:48 | Computer Name = laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: jscript9.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fb57f7f Ausnahmecode: 0xc0000005 Fehleroffset: 0x69c5c775 ID des fehlerhaften Prozesses: 0x1764 Startzeit der fehlerhaften Anwendung: 0x01cd5f8570f9e13b Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: jscript9.dll Berichtskennung: ae79d77e-cb79-11e1-8dd7-001636206379 Error - 11.07.2012 12:59:04 | Computer Name = laptop | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: jscript9.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fb57f7f Ausnahmecode: 0xc0000005 Fehleroffset: 0x69b79f66 ID des fehlerhaften Prozesses: 0x1764 Startzeit der fehlerhaften Anwendung: 0x01cd5f8570f9e13b Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls: jscript9.dll Berichtskennung: b7e94fbc-cb79-11e1-8dd7-001636206379 Error - 17.07.2012 15:39:19 | Computer Name = laptop | Source = Desktop Window Manager | ID = 9020 Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8007000e) festgestellt. Error - 17.07.2012 16:04:23 | Computer Name = laptop | Source = Desktop Window Manager | ID = 9020 Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8007000e) festgestellt. Error - 17.07.2012 16:04:25 | Computer Name = laptop | Source = Desktop Window Manager | ID = 9020 Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8007000e) festgestellt. Error - 09.08.2012 17:37:02 | Computer Name = laptop | Source = RasClient | ID = 20227 Description = [ System Events ] Error - 11.08.2012 05:28:05 | Computer Name = laptop | Source = DCOM | ID = 10005 Description = Error - 11.08.2012 05:28:05 | Computer Name = laptop | Source = DCOM | ID = 10005 Description = Error - 11.08.2012 05:28:05 | Computer Name = laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.08.2012 05:28:05 | Computer Name = laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.08.2012 05:28:19 | Computer Name = laptop | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > GMER GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-08-11 12:45:47 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK8032GSX rev.AS111G Running: l7ke6ot2.exe; Driver: C:\Users\achim\AppData\Local\Temp\uxldapow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E803C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EB9D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Besten Dank im Vorraus für eure Hilfe Rocco |
15.08.2012, 14:48 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | bka trojaner entfernen - wie gehts weiter?Code:
ATTFilter Datenbank Version: v2012.07.03.05 Zitat:
NICHTS voreilig aus der Quarantäne löschen! Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
Themen zu bka trojaner entfernen - wie gehts weiter? |
00000008.@, administrator, adobe, adobe flash player, autorun, avg, bho, bka trojaner entfernen, defender, desktop, entfernen, error, excel, explorer, firefox, flash player, format, helper, install.exe, langs, locker, logfile, nvidia, origin, plug-in, registry, rundll, security, software, svchost.exe, teamspeak, trojaner |