Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Verschlüsselungs-Trojaner - nachträgliche PC reinigung

Verschlüsselungs-Trojaner - nachträgliche PC reinigung


Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs-Trojaner - nachträgliche PC reinigung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.09.2012, 10:22   #1
pannenmann
 
Verschlüsselungs-Trojaner - nachträgliche PC reinigung - Standard

Verschlüsselungs-Trojaner - nachträgliche PC reinigung


Hallo liebe admins,

eine Freundin hat sich den Verschlüsselungstrojaner eingefangen und ich habe den beseitigt, indem ich "windows reparieren" ausgeführt habe und im abgesicherten Modus die Daten im "Temp" ordner gelöscht habe.

Der PC läuft jetzt auch wieder, aber soweit ich weiß kann der Trojaner noch im Hintergrund aktiv sein. Ich habe Malwarebytes Anti-Malware durchlaufen lassen. Leider konnte ich die Funde nicht in Quarantäne verschieben und habe Sie dann gelöscht - hier das log-file:
Zitat:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.14.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
x :: x [Administrator]

14.09.2012 23:21:57
mbam-log-2012-09-14 (23-21-57).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345608
Laufzeit: 1 Stunde(n), 18 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Program Files\mozjs.dll (Spyware.OnlineGames) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Tessa\AppData\Local\{90167eb2-82c4-09eb-f416-dc1196ba549c}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{E61E5BC6-A9D4-7F5B-98C6-978D2E486645} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Tessa\AppData\Roaming\Ohy\uhirwac.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\mozjs.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Danach habe ich defogger wie in der ANleitung beschrieben durchlaufen lassen. Der Scan ergab aber keinen Fund und hat auch keinen Neustart gefordert.

Danach kam dann der Quick-Scan vom OTL
Hier der Report:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.09.2012 11:07:08 - Run 1
OTL by OldTimer - Version 3.2.61.4     Folder = C:\Users\Tessa\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,11% Memory free
4,00 Gb Paging File | 2,84 Gb Available in Paging File | 71,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91,44 Gb Total Space | 47,00 Gb Free Space | 51,40% Space Free | Partition Type: NTFS
Drive D: | 45,72 Gb Total Space | 45,63 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
 
Computer Name: TESSA-PC | User Name: Tessa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.15 11:07:02 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2012.08.18 12:30:52 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\xxx\AppData\Roaming\Spotify\spotify.exe
PRC - [2012.08.18 12:30:52 | 001,193,176 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.08 16:50:26 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () -- C:\Users\xxx\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.23 11:17:07 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.18 12:30:52 | 020,219,096 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2012.08.18 12:30:52 | 001,193,176 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.06.18 17:27:24 | 000,223,232 | ---- | M] () -- C:\Users\xxx\AppData\LocalLow\ColorZillaStats\IE\sqlite3.dll
MOD - [2011.04.21 18:35:58 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.10 12:57:01 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\xxx\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStatsUpdater.exe -- (ColorZillaStatsUpdater)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.02.15 16:50:12 | 000,490,624 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA DB 17 1E 60 4E CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=060612_5_&babsrc=SP_ss&mntrId=5edd7dd100000000000000030d716548
IE - HKCU\..\SearchScopes\{B1EFCBCB-71F5-42D7-A543-6E2400E679E8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=5d6a205d-2c9a-4c50-9309-e5edd37d1123&apn_sauid=401986CA-02B4-4D2E-9E1A-67BC3328973F
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=5d6a205d-2c9a-4c50-9309-e5edd37d1123&apn_ptnrs=^ABT&apn_sauid=401986CA-02B4-4D2E-9E1A-67BC3328973F&apn_dtid=^YYYYYY^YY^DE&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.15 11:04:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.04.21 18:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.09.10 09:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ddf9qu03.default\extensions
[2012.06.25 17:29:44 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ddf9qu03.default\extensions\ffxtlbr@babylon.com
[2012.06.25 17:30:16 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ddf9qu03.default\extensions\stats@colorzilla.com
[2012.08.23 23:34:56 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ddf9qu03.default\extensions\toolbar@ask.com
[2012.02.23 12:15:38 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\ddf9qu03.default\extensions\welcome@toolmin.com
[2011.05.22 23:36:21 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\ddf9qu03.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.09.10 09:14:58 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\ddf9qu03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.14 14:12:44 | 000,002,413 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\ddf9qu03.default\searchplugins\askcom.xml
[2012.09.15 11:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.29 19:09:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (ColorZillaStats) - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Users\xxx\AppData\LocalLow\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\xxx\AppData\Roaming\toolplugin\toolbar.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [GameXN GO] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [Spotify] C:\Users\xxx\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\xxx\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{347D4C57-5B97-4E3E-8CD9-C75E347ED992}: DhcpNameServer = 10.124.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7397CFFD-222A-445D-BC01-77998836B4CC}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 11:05:22 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.09.15 11:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.15 11:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.09.15 11:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.09.14 23:17:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.09.14 23:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.14 23:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.14 23:16:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.14 23:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.13 09:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CMUV
[2012.09.13 09:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\DVBViewer TERRATEC Edition
[2012.09.13 09:32:54 | 000,043,392 | ---- | C] (Realtek) -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys
[2012.09.07 13:42:28 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Bilder WG
[2012.09.07 02:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.07 02:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\xxx\Documents\*.tmp files -> C:\Users\xxx\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.15 11:13:49 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.15 11:07:02 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.09.15 11:04:45 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.15 11:03:56 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.09.15 11:00:30 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 11:00:30 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.15 10:53:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.15 10:52:51 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 00:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.14 23:16:18 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.14 22:40:42 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.13 09:34:33 | 000,001,051 | ---- | M] () -- C:\Users\x\Desktop\DVBViewer TERRATEC Edition.lnk
[2012.09.11 18:28:18 | 001,103,104 | ---- | M] () -- C:\Users\x\Desktop\b_allgemein_modulhandbuch.pdf
[2012.09.10 15:39:01 | 006,695,431 | ---- | M] () -- C:\Users\x\Desktop\b_handbook.pdf
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.07 02:28:49 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.25 18:55:54 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.25 18:55:54 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.25 18:55:54 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.25 18:55:54 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\xxx\Documents\*.tmp files -> C:\Users\xxx\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.15 11:04:45 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.15 11:04:44 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.15 11:03:56 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.09.14 23:16:18 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.14 22:36:59 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.13 09:34:33 | 000,001,051 | ---- | C] () -- C:\Users\xxx\Desktop\DVBViewer TERRATEC Edition.lnk
[2012.09.11 18:28:12 | 001,103,104 | ---- | C] () -- C:\Users\xxx\Desktop\b_allgemein_modulhandbuch.pdf
[2012.09.10 15:37:17 | 006,695,431 | ---- | C] () -- C:\Users\xxx\Desktop\b_handbook.pdf
[2012.05.03 00:15:26 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2012.01.11 20:08:18 | 000,002,048 | -HS- | C] () -- C:\Users\xxx\AppData\Local\{90167eb2-82c4-09eb-f416-dc1196ba549c}\@
[2011.09.12 23:53:56 | 001,720,663 | ---- | C] () -- C:\Users\xxx\IMG_1747.JPG
[2011.09.12 23:53:56 | 001,574,799 | ---- | C] () -- C:\Users\xxx\IMG_1746.JPG
[2011.08.05 12:35:33 | 003,634,563 | ---- | C] () -- C:\Users\xxx\IMG_1035.JPG
[2011.08.05 12:35:33 | 003,572,881 | ---- | C] () -- C:\Users\xxx\IMG_1033.JPG
[2011.08.05 12:35:33 | 002,543,863 | ---- | C] () -- C:\Users\xxx\IMG_1031.JPG
[2011.08.05 12:35:33 | 002,276,397 | ---- | C] () -- C:\Users\xxx\IMG_1036.JPG
[2011.04.29 19:11:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.21 17:45:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.21 17:45:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== LOP Check ==========
 
[2012.07.20 00:13:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Abfeb
[2012.03.26 09:07:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Acyfe
[2012.06.25 17:29:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Babylon
[2012.06.25 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BabylonToolbar
[2012.09.15 10:53:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\go
[2011.06.10 21:21:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JabRef 2.6
[2011.06.16 22:54:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\LyX16
[2012.07.21 13:06:27 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nako
[2012.07.20 12:27:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ohy
[2011.04.22 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2011.12.13 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2012.02.27 02:19:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SoftGrid Client
[2012.09.15 10:58:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spotify
[2012.02.29 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\xx\AppData\Roaming\TerraTec
[2012.07.20 14:26:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\toolplugin
[2011.06.26 21:05:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TP
[2012.07.21 13:23:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Xaev
[2012.07.09 10:32:11 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.09.2012 11:07:08 - Run 1
OTL by OldTimer - Version 3.2.61.4     Folder = C:\Users\Tessa\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 56,11% Memory free
4,00 Gb Paging File | 2,84 Gb Available in Paging File | 71,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 91,44 Gb Total Space | 47,00 Gb Free Space | 51,40% Space Free | Partition Type: NTFS
Drive D: | 45,72 Gb Total Space | 45,63 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
 
Computer Name: TESSA-PC | User Name: Tessa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C11D99-33B6-4B95-9FA6-FD4BC80C439C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1CEBA051-5C84-4594-A2D2-8E126DE12A2C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3C803FB4-5902-4378-9023-12B709BF4B26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3D762464-831D-4457-BB7E-8B1A8941FF38}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4FA2DEAF-CD91-44D0-95A1-1C2FE741A01A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{510DF041-39ED-41F6-847C-FF0BC66F7A6F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{56F096ED-5444-4455-9B9D-3B07F2801A09}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6D5589DF-E9AB-4FCC-9468-E0E15FC2FF50}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{747AA687-7FE5-4B52-B54A-50A577C88A5C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8D765C77-75DF-4B57-AAE2-8393DCEEFB0B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9269A6DA-D2F0-4AF0-8C8B-8DCD80535ACB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{941D3E2E-D57E-4EC7-8B71-C7EF55BDF969}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9722A0F5-A3A7-472C-B4B1-5F6F67CAE2E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF7BE07E-F30D-43FC-A7C1-266F29FFFFF2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BA3A4B4D-AD4D-42B2-884A-403AC2242458}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D001CC2F-D943-4D85-847B-8EA5D72E6641}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DBEF3FDD-958F-498F-97BD-3C9D1CEFDE19}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E6633BB4-85A7-497B-8F35-B0EF3E5E21E1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{ECB877DF-39DF-426C-BDE4-8F93A9EB7A71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FA08A29C-B671-4813-B063-D8A8E46061F2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FA372DEC-9F93-4790-B270-C0CB61545012}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037B5A23-936D-4568-8B31-9AA42E9BE729}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0CC07810-08EC-409D-9148-FFE33FF93E1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0EF1A47C-4FC5-4727-B6A1-F5BA72AB16E5}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{153704A2-182D-495E-91BA-6BED4BB43F24}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{192F025B-2023-4083-9C3E-044F6FCCFC52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2232FD6A-8EB5-4211-A758-9BF5D8161903}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{234FBDE3-ED13-4944-AA80-4FF67E9D0C9B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{243AE273-2DB4-4683-A03B-9F9435D900A4}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{315A43EA-DC8F-41CF-A932-0704C4B95F08}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{3E240D86-E5DA-4CAD-8140-FC3A0EDEB753}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{41076ED9-CBF1-438E-BF55-9D51BADA861B}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{5BB3304C-C779-4594-AAA6-557E62BA2942}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{85BC6581-5A94-4710-AF57-9E20071C7683}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8E6D1D49-8642-4CC9-8DF9-73660DB50E65}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{95C03BB3-1E12-4D69-BB50-397CDEAC6F67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A4888E00-051C-401F-8DE2-E6B537B4E564}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AAB1F0A9-1C2A-4B8F-BED7-EE84BAC2990A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE2F9399-6637-49B3-806A-6917D414628B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CF214AD4-B45C-4634-986A-860954346ECC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E04D141C-4EDD-4E80-BC44-41AE13A5AAA4}" = protocol=6 | dir=out | app=system | 
"{E3CEBF9A-5C56-426D-9A02-26D2D97C5331}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F08BAA1A-BFB2-41DE-94C0-4C86F59D273E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F46E25FC-484F-4DE6-993A-38A9A5E1FDF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7277467-4137-4074-9A16-E274A9E821EC}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{F7EC380B-DDBA-47E3-9188-FEF9E4F56711}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FADF095D-E0B0-4B5F-A5DF-1D97B6D6D312}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FED66FC9-BBA5-4F64-9D12-8B265CB6B617}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"TCP Query User{02AB873D-5AAF-4248-98CD-997976C43397}C:\program files\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\plugin-container.exe | 
"TCP Query User{4E481B4E-A98E-4195-8B0D-50C401A4DE98}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{5E7822A5-46AE-450D-92F8-0C32F26C0902}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"TCP Query User{AA1E99FB-C089-418F-8BDC-7B67EEAD5F0D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{D0F6623E-E864-445D-ACE9-BA572A72EE0B}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{FD5C40B6-36A1-423F-95A5-D3A998E27025}C:\users\xxx\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tessa\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{32591A0B-4CFF-4347-B802-61949636E3DB}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"UDP Query User{3C9AF46A-E60B-4928-A61A-245A36C727D4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9E6A64C4-FBCA-4929-AA6D-DDF4767B5472}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{C3BD57FD-1ADE-4635-9C36-4525F9B0A039}C:\program files\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\plugin-container.exe | 
"UDP Query User{CA096E7F-0A56-4A70-9EB9-7E71F97D13A5}C:\users\xxx\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tessa\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{ECDF8954-F153-4C48-A762-644C149A55B2}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59AD008F-9F2C-4E6F-8B10-C7CFCB304115}" = WSxM
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Cinergy T Stick RC" = Cinergy T Stick RC V10.0.0.0
"DVBViewer TERRATEC Edition_is1" = DVBViewer TERRATEC Edition
"LyX" = LyX 1.6.9-2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 11.60.1185" = Opera 11.60
"Picasa 3" = Picasa 3
"toolplugin" = toolplugin
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Game Organizer" = GameXN GO
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.09.2012 08:47:37 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.09.2012 10:20:39 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 11.09.2012 03:06:32 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 11.09.2012 04:28:36 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 11.09.2012 14:47:32 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16448 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 3cb0    Startzeit: 01cd9035b2634f99    Endzeit: 30    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 12.09.2012 02:37:53 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.09.2012 02:16:23 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.09.2012 03:46:11 | Computer Name = xxx | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: terratec.exe, Version: 8.0.31.1, 
Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49caf  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000c33bb  ID des fehlerhaften
 Prozesses: 0x10f4  Startzeit der fehlerhaften Anwendung: 0x01cd91826f24e2d7  Pfad der
 fehlerhaften Anwendung: C:\Program Files\DVBViewer TERRATEC Edition\terratec.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 157a610a-fd77-11e1-9820-00030d716548
 
Error - 14.09.2012 09:14:12 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.09.2012 17:21:23 | Computer Name = xxx | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.140 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cd4    Startzeit: 
01cd92be5269a4cc    Endzeit: 10    Anwendungspfad: C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID:
 1f1b8461-feb2-11e1-9bc0-00030d716548  
 
[ System Events ]
Error - 14.09.2012 16:46:40 | Computer Name = xxx | Source = DCOM | ID = 10005
Description = 
 
Error - 14.09.2012 16:46:40 | Computer Name = xx | Source = DCOM | ID = 10005
Description = 
 
Error - 14.09.2012 16:46:41 | Computer Name = x| Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.09.2012 16:46:41 | Computer Name = x | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.09.2012 16:46:41 | Computer Name = xxx | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.09.2012 16:46:41 | Computer Name = x | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.09.2012 16:46:41 | Computer Name = x | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.09.2012 16:46:41 | Computer Name = x | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.09.2012 16:48:40 | Computer Name = x | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 14.09.2012 16:48:51 | Computer Name = x | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
--- --- ---


Hier noch das Log-file vom gmer:GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-15 12:09:54
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD1600BEVS-07RST0 rev.04.01G04
Running: rsebvkb5.exe; Driver: C:\Users\xxx\AppData\Local\Temp\ugloipoc.sys


---- System - GMER 1.0.15 ----

SSDT            8E890576                                   ZwCreateSection
SSDT            8E890580                                   ZwRequestWaitReplyPort
SSDT            8E89057B                                   ZwSetContextThread
SSDT            8E890585                                   ZwSetSecurityObject
SSDT            8E89058A                                   ZwSystemDebugControl
SSDT            8E890517                                   ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackTransaction + 13E9  82A90599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2     82AB5092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!RtlSidHashLookup + 340        82ABC990 4 Bytes  [76, 05, 89, 8E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 69C        82ABCCEC 4 Bytes  [80, 05, 89, 8E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 6E0        82ABCD30 4 Bytes  [7B, 05, 89, 8E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 75C        82ABCDAC 4 Bytes  [85, 05, 89, 8E]
.text           ntkrnlpa.exe!RtlSidHashLookup + 7B0        82ABCE00 4 Bytes  [8A, 05, 89, 8E]
.text           ...                                        
?               System32\drivers\pwtpwuag.sys              Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atikmdag.sys   section is writeable [0x8F00B000, 0x227A14, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3     fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3     rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

VIELEN DANK schonmal für eure Hilfe!
Geändert von pannenmann (15.09.2012 um 11:12 Uhr)

Alt 17.09.2012, 12:53   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verschlüsselungs-Trojaner - nachträgliche PC reinigung - Standard

Verschlüsselungs-Trojaner - nachträgliche PC reinigung


Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________
Antwort

Themen zu Verschlüsselungs-Trojaner - nachträgliche PC reinigung
antivir, autorun, avira, avira searchfree toolbar, babylon toolbar, babylontoolbar, bho, document, error, firefox, flash player, format, google, iexplore.exe, install.exe, locker, logfile, mozilla, ntdll.dll, object, plug-in, programm, realtek, registry, rundll, scan, security, senden, software, spotify web helper, spyware.onlinegames, stick, svchost.exe, udp, windows, windows reparieren


« BKA Virus wurde entfernt aber ist er zu 100% weg ? | Start: Problem beim Starten von C:\Users\...\AppData\Local\Temp\wpbt0.dll »


Ähnliche Themen: Verschlüsselungs-Trojaner - nachträgliche PC reinigung


  1. Reinigung + komisches Akamai
    Log-Analyse und Auswertung - 07.08.2015 (11)
  2. Danke an M-K-D-B (Reinigung von Lyrixeeker)
    Lob, Kritik und Wünsche - 26.10.2013 (1)
  3. Empörung über nachträgliche Änderung an Regierungsstellungnahme
    Nachrichten - 18.09.2013 (0)
  4. Datensicherung nach Trojaner - Reinigung nur kurzzeitig erfolgreich
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (21)
  5. Versuchte Reinigung von kontaminierter Services.exe bei W7/64
    Log-Analyse und Auswertung - 09.08.2013 (16)
  6. Grundlegende Reinigung des bestehenden Systems
    Log-Analyse und Auswertung - 02.08.2013 (13)
  7. Pc reinigung
    Plagegeister aller Art und deren Bekämpfung - 04.07.2013 (15)
  8. BKA-GVU Trojaner (?) - Systemwiederherstellung - Reinigung des Computers
    Log-Analyse und Auswertung - 19.12.2012 (1)
  9. GUV Trojaner Entfernung - vollständige PC Reinigung
    Log-Analyse und Auswertung - 07.10.2012 (29)
  10. BKA-Trojaner mit webcam --> endgültige Reinigung?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (19)
  11. Polizeitrojaner trotz Reinigung
    Log-Analyse und Auswertung - 05.07.2012 (2)
  12. prnet.tmp & prun.tmp - Reinigung Erfolgreich?
    Log-Analyse und Auswertung - 17.05.2009 (12)
  13. Recycler - Reinigung
    Plagegeister aller Art und deren Bekämpfung - 01.03.2009 (0)
  14. Nach Reinigung: Ist das Log frei?
    Log-Analyse und Auswertung - 26.11.2008 (1)
  15. Ständig Trojaner auf dem Rechner - auch nach Reinigung
    Mülltonne - 23.10.2008 (0)
  16. Nach Reinigung Troyaner!
    Log-Analyse und Auswertung - 09.03.2008 (1)
  17. c_1erf.dll infiziert, keine Reinigung möglich
    Log-Analyse und Auswertung - 17.04.2007 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verschlüsselungs-Trojaner - nachträgliche PC reinigung - Hallo liebe admins, eine Freundin hat sich den Verschlüsselungstrojaner eingefangen und ich habe den beseitigt, indem ich "windows reparieren" ausgeführt habe und im abgesicherten Modus die Daten im "Temp" ordner - Verschlüsselungs-Trojaner - nachträgliche PC reinigung...
Archiv
Du betrachtest: Verschlüsselungs-Trojaner - nachträgliche PC reinigung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131