| |
| |||||||
Log-Analyse und Auswertung: Virus Befall: e621ca05Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.09.2012, 17:36
| #1 |
 |  Virus Befall: e621ca05 Guten Tag, ich habe im forum schon gesucht und habe auch schon die schritte befolgt mein virus ist anscheinend diese e621ca05 exe den online scanner benutze ich gerade und werde die log file hier dann auch hochladen. Hoffe mir kann dann irgendwie geholfen werden,ansonsten würde ich windows 7 home premium 64bit neu installieren C:\Games\killingfloor\ZIP.dll Win32/PSW.Agent.NUY trojan C:\Users\ImperatorZwiebel\AppData\Local\Temp\adobe.exe IRC/SdBot trojan C:\Users\ImperatorZwiebel\AppData\Local\Temp\MyBabylonTB.exe Win32/Toolbar.Babylon application C:\Users\ImperatorZwiebel\AppData\Local\Temp\VidSaver_4.exe Win32/Toolbar.CrossRider application C:\Users\ImperatorZwiebel\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application C:\Users\ImperatorZwiebel\AppData\Local\Temp\ICReinstall\cnet_rctllus_zip.exe a variant of Win32/InstallCore.D application C:\Users\ImperatorZwiebel\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats C:\Users\ImperatorZwiebel\AppData\Roaming\6E9B.exe IRC/SdBot trojan C:\Users\ImperatorZwiebel\AppData\Roaming\DAB5.exe IRC/SdBot trojan C:\Users\ImperatorZwiebel\AppData\Roaming\Pptytn.exe Win32/Dorkbot.B worm I:\$RECYCLE.BIN.lnk Win32/Dorkbot.D worm I:\AdobReader 1.lnk Win32/Dorkbot.D worm I:\AdobReader.lnk Win32/Dorkbot.D worm I:\APOIM.lnk Win32/Dorkbot.D worm I:\Avira 1.lnk Win32/Dorkbot.D worm I:\Avira.lnk Win32/Dorkbot.D worm I:\Camtasia 1.lnk Win32/Dorkbot.D worm I:\Camtasia.lnk Win32/Dorkbot.D worm I:\Config.Msi.lnk Win32/Dorkbot.D worm I:\DAEMON Tools Lite.lnk Win32/Dorkbot.D worm I:\DayZCommander.lnk Win32/Dorkbot.D worm I:\DEAMON Tools Lite 1.lnk Win32/Dorkbot.D worm I:\DivX.lnk Win32/Dorkbot.D worm I:\Doc.lnk Win32/Dorkbot.D worm I:\Fraps 1.lnk Win32/Dorkbot.D worm I:\Fraps.lnk Win32/Dorkbot.D worm I:\Freemake 1.lnk Win32/Dorkbot.D worm I:\Freemake.lnk Win32/Dorkbot.D worm I:\hamachi 1.lnk Win32/Dorkbot.D worm I:\hamachi.lnk Win32/Dorkbot.D worm I:\java 1.lnk Win32/Dorkbot.D worm I:\JDownloader 1.lnk Win32/Dorkbot.D worm I:\Jdownloader.lnk Win32/Dorkbot.D worm I:\Mp3 Player.lnk Win32/Dorkbot.D worm I:\nss171C.tmp.lnk Win32/Dorkbot.D worm I:\Open office 1.lnk Win32/Dorkbot.D worm I:\Open Office.lnk Win32/Dorkbot.D worm I:\Playstation 3.lnk Win32/Dorkbot.D worm I:\plugins.lnk Win32/Dorkbot.D worm I:\Program.lnk Win32/Dorkbot.D worm I:\ps3.lnk Win32/Dorkbot.D worm I:\searchplugins.lnk Win32/Dorkbot.D worm I:\sixupdater.lnk Win32/Dorkbot.D worm I:\Sound Blaster Tactic(3D) Control Panel.lnk Win32/Dorkbot.D worm I:\Sound Blaster.lnk Win32/Dorkbot.D worm I:\Steam 1.lnk Win32/Dorkbot.D worm I:\Steam.lnk Win32/Dorkbot.D worm I:\System Volume Information.lnk Win32/Dorkbot.D worm I:\Ts3 1.lnk Win32/Dorkbot.D worm I:\Ts3.lnk Win32/Dorkbot.D worm I:\Vlc Player.lnk Win32/Dorkbot.D worm I:\VlcPlayer 1.lnk Win32/Dorkbot.D worm I:\Winamp.lnk Win32/Dorkbot.D worm I:\WinRar.lnk Win32/Dorkbot.D worm I:\RECYCLER\e621ca05.exe Win32/Dorkbot.B worm Es sollte so aussehen hoffe ich mal,ich werde nachher auf abschlussfahrt fahren und werde am samstag abend wieder kommen sie können sich also zeit lassen hiermit ^^ Geändert von Onion99 (30.09.2012 um 17:43 Uhr) |
|
02.10.2012, 06:59
| #2 | |
| /// the machine /// TB-Ausbilder    | Virus Befall: e621ca05 Hi,
__________________Von den Funden nix löschen lassen! Die brauch ich noch  Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
06.10.2012, 10:18
| #3 |
| | Virus Befall: e621ca05 Combofix Logfile:
__________________Code:
ATTFilter ComboFix 12-10-04.02 - ImperatorZwiebel 06.10.2012 12:12:26.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.1847 [GMT 2:00]
ausgeführt von:: c:\users\ImperatorZwiebel\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-06 bis 2012-10-06 ))))))))))))))))))))))))))))))
.
.
2012-10-06 10:14 . 2012-10-06 10:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-06 10:10 . 2012-10-06 10:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-06 10:04 . 2012-10-06 10:04 -------- d-----w- c:\program files\WinRAR
2012-10-06 09:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-06 09:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-06 09:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-06 09:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-06 09:51 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-06 09:51 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-06 09:40 . 2012-10-06 09:40 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-06 09:40 . 2012-10-06 09:40 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-06 09:40 . 2012-10-06 09:40 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-06 09:40 . 2012-10-06 09:40 -------- d-----w- c:\windows\system32\Macromed
2012-10-06 09:04 . 2012-10-06 09:04 -------- d-----w- c:\programdata\Tunngle
2012-10-06 09:04 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-10-06 08:58 . 2012-10-06 09:28 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-06 08:57 . 2012-10-06 08:57 -------- d-----w- C:\Spiele
2012-10-06 08:57 . 2012-10-06 09:28 -------- d-----w- C:\Steam
2012-10-06 08:44 . 2012-10-06 09:45 -------- d-----w- c:\program files (x86)\SweetIM
2012-10-06 08:36 . 2012-10-06 10:10 -------- d-----w- c:\programdata\Skype
2012-10-05 23:00 . 2012-10-05 22:25 -------- d-----w- c:\windows\Panther
2012-10-05 22:53 . 2012-10-05 22:53 -------- d-----w- c:\users\UpdatusUser
2012-10-05 22:52 . 2012-10-06 09:27 -------- d-----w- c:\programdata\NVIDIA
2012-10-05 22:52 . 2012-10-05 22:53 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-05 22:52 . 2012-08-30 16:18 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-05 22:52 . 2012-08-30 16:18 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-05 22:52 . 2012-08-30 16:18 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-05 22:52 . 2012-08-30 16:18 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-05 22:52 . 2012-08-30 16:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-05 22:52 . 2012-08-30 16:17 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-05 22:51 . 2012-10-05 22:51 -------- d-----w- C:\temp
2012-10-05 22:51 . 2012-08-30 19:14 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-05 22:51 . 2012-08-30 19:14 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-05 22:51 . 2012-10-05 22:51 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-05 22:49 . 2012-10-05 22:53 -------- d-----w- c:\program files\NVIDIA Corporation
2012-10-05 22:48 . 2012-10-05 22:48 -------- d-----w- C:\NVIDIA
2012-10-05 22:45 . 2012-10-05 22:45 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-05 22:45 . 2012-10-05 22:45 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-05 22:45 . 2012-10-05 22:45 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-05 22:45 . 2012-10-05 22:45 188904 ----a-w- c:\windows\system32\java.exe
2012-10-05 22:44 . 2012-10-01 15:14 129576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-05 22:44 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-05 22:44 . 2012-09-13 13:52 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-05 22:44 . 2012-10-05 22:44 -------- d-----w- c:\programdata\Avira
2012-10-05 22:38 . 2012-10-06 10:10 -------- d-sh--w- c:\windows\Installer
2012-10-05 22:38 . 2012-10-05 22:38 -------- d-----w- c:\program files (x86)\Google
2012-10-05 22:26 . 2012-10-05 22:26 -------- d-----w- c:\program files (x86)\EPSON
2012-10-05 22:25 . 2012-10-06 08:58 -------- d-----w- c:\users\ImperatorZwiebel
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\Steam.exe" [2012-10-06 1353080]
"Skype"="i:\skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="i:\avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R2 SkypeUpdate;Skype Updater;i:\skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 250288]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;i:\tunngle\TnglCtrl.exe [2012-10-02 743320]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;i:\avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 09:40]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-06 12:15:50
ComboFix-quarantined-files.txt 2012-10-06 10:15
ComboFix2.txt 2012-10-06 09:33
.
Vor Suchlauf: 14 Verzeichnis(se), 944.174.792.704 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 943.772.057.600 Bytes frei
.
- - End Of File - - 1DEB36D3E93A86653F781F9CDD079BF7
so das ist jetzt das richtige Combofix Logfile: Code:
ATTFilter ComboFix 12-10-04.02 - ImperatorZwiebel 06.10.2012 12:30:18.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.2033 [GMT 2:00]
ausgeführt von:: c:\users\ImperatorZwiebel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-06 bis 2012-10-06 ))))))))))))))))))))))))))))))
.
.
2012-10-06 10:32 . 2012-10-06 10:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-06 10:10 . 2012-10-06 10:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-06 10:04 . 2012-10-06 10:04 -------- d-----w- c:\program files\WinRAR
2012-10-06 09:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-06 09:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-06 09:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-06 09:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-06 09:51 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-06 09:51 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-06 09:40 . 2012-10-06 09:40 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-06 09:40 . 2012-10-06 09:40 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-06 09:40 . 2012-10-06 09:40 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-06 09:40 . 2012-10-06 09:40 -------- d-----w- c:\windows\system32\Macromed
2012-10-06 09:04 . 2012-10-06 09:04 -------- d-----w- c:\programdata\Tunngle
2012-10-06 09:04 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-10-06 08:58 . 2012-10-06 09:28 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-06 08:57 . 2012-10-06 08:57 -------- d-----w- C:\Spiele
2012-10-06 08:57 . 2012-10-06 09:28 -------- d-----w- C:\Steam
2012-10-06 08:44 . 2012-10-06 09:45 -------- d-----w- c:\program files (x86)\SweetIM
2012-10-06 08:36 . 2012-10-06 10:10 -------- d-----w- c:\programdata\Skype
2012-10-05 23:00 . 2012-10-05 22:25 -------- d-----w- c:\windows\Panther
2012-10-05 22:53 . 2012-10-05 22:53 -------- d-----w- c:\users\UpdatusUser
2012-10-05 22:52 . 2012-10-06 09:27 -------- d-----w- c:\programdata\NVIDIA
2012-10-05 22:52 . 2012-10-05 22:53 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-05 22:52 . 2012-08-30 16:18 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-05 22:52 . 2012-08-30 16:18 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-05 22:52 . 2012-08-30 16:18 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-05 22:52 . 2012-08-30 16:18 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-05 22:52 . 2012-08-30 16:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-05 22:52 . 2012-08-30 16:17 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-05 22:51 . 2012-10-05 22:51 -------- d-----w- C:\temp
2012-10-05 22:51 . 2012-08-30 19:14 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-05 22:51 . 2012-08-30 19:14 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-05 22:51 . 2012-10-05 22:51 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-05 22:49 . 2012-10-05 22:53 -------- d-----w- c:\program files\NVIDIA Corporation
2012-10-05 22:48 . 2012-10-05 22:48 -------- d-----w- C:\NVIDIA
2012-10-05 22:45 . 2012-10-05 22:45 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-05 22:45 . 2012-10-05 22:45 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-05 22:45 . 2012-10-05 22:45 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-05 22:45 . 2012-10-05 22:45 188904 ----a-w- c:\windows\system32\java.exe
2012-10-05 22:44 . 2012-10-01 15:14 129576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-05 22:44 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-05 22:44 . 2012-09-13 13:52 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-05 22:44 . 2012-10-05 22:44 -------- d-----w- c:\programdata\Avira
2012-10-05 22:38 . 2012-10-06 10:10 -------- d-sh--w- c:\windows\Installer
2012-10-05 22:38 . 2012-10-05 22:38 -------- d-----w- c:\program files (x86)\Google
2012-10-05 22:26 . 2012-10-05 22:26 -------- d-----w- c:\program files (x86)\EPSON
2012-10-05 22:25 . 2012-10-06 08:58 -------- d-----w- c:\users\ImperatorZwiebel
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\Steam.exe" [2012-10-06 1353080]
"Skype"="i:\skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="i:\avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R2 SkypeUpdate;Skype Updater;i:\skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 250288]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;i:\tunngle\TnglCtrl.exe [2012-10-02 743320]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;i:\avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 09:40]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-06 12:33:14
ComboFix-quarantined-files.txt 2012-10-06 10:33
ComboFix2.txt 2012-10-06 10:15
ComboFix3.txt 2012-10-06 09:33
.
Vor Suchlauf: 15 Verzeichnis(se), 943.817.572.352 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 943.766.777.856 Bytes frei
.
- - End Of File - - E86DDF616918D5606BA22990219CDA33
Geändert von Onion99 (06.10.2012 um 11:17 Uhr) |
|
07.10.2012, 09:42
| #4 |
| /// the machine /// TB-Ausbilder | Virus Befall: e621ca05 Hi, C:\Qoobox\ In dem Ordner sind Combofix2 und 3.txt, beide bitte posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.10.2012, 09:45
| #5 |
| | Virus Befall: e621ca05 2. Combofix Logfile: Code:
ATTFilter ComboFix 12-10-04.02 - ImperatorZwiebel 06.10.2012 12:12:26.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.1847 [GMT 2:00]
ausgeführt von:: c:\users\ImperatorZwiebel\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-06 bis 2012-10-06 ))))))))))))))))))))))))))))))
.
.
2012-10-06 10:14 . 2012-10-06 10:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-06 10:10 . 2012-10-06 10:10 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-06 10:04 . 2012-10-06 10:04 -------- d-----w- c:\program files\WinRAR
2012-10-06 09:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-06 09:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-06 09:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-06 09:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-06 09:51 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-06 09:51 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-10-06 09:40 . 2012-10-06 09:40 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-06 09:40 . 2012-10-06 09:40 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-06 09:40 . 2012-10-06 09:40 -------- d-----w- c:\windows\SysWow64\Macromed
2012-10-06 09:40 . 2012-10-06 09:40 -------- d-----w- c:\windows\system32\Macromed
2012-10-06 09:04 . 2012-10-06 09:04 -------- d-----w- c:\programdata\Tunngle
2012-10-06 09:04 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-10-06 08:58 . 2012-10-06 09:28 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-06 08:57 . 2012-10-06 08:57 -------- d-----w- C:\Spiele
2012-10-06 08:57 . 2012-10-06 09:28 -------- d-----w- C:\Steam
2012-10-06 08:44 . 2012-10-06 09:45 -------- d-----w- c:\program files (x86)\SweetIM
2012-10-06 08:36 . 2012-10-06 10:10 -------- d-----w- c:\programdata\Skype
2012-10-05 23:00 . 2012-10-05 22:25 -------- d-----w- c:\windows\Panther
2012-10-05 22:53 . 2012-10-05 22:53 -------- d-----w- c:\users\UpdatusUser
2012-10-05 22:52 . 2012-10-06 09:27 -------- d-----w- c:\programdata\NVIDIA
2012-10-05 22:52 . 2012-10-05 22:53 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-05 22:52 . 2012-08-30 16:18 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-05 22:52 . 2012-08-30 16:18 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-05 22:52 . 2012-08-30 16:18 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-05 22:52 . 2012-08-30 16:18 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-05 22:52 . 2012-08-30 16:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-05 22:52 . 2012-08-30 16:17 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-05 22:51 . 2012-10-05 22:51 -------- d-----w- C:\temp
2012-10-05 22:51 . 2012-08-30 19:14 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-05 22:51 . 2012-08-30 19:14 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-05 22:51 . 2012-10-05 22:51 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-05 22:49 . 2012-10-05 22:53 -------- d-----w- c:\program files\NVIDIA Corporation
2012-10-05 22:48 . 2012-10-05 22:48 -------- d-----w- C:\NVIDIA
2012-10-05 22:45 . 2012-10-05 22:45 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-05 22:45 . 2012-10-05 22:45 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-05 22:45 . 2012-10-05 22:45 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-05 22:45 . 2012-10-05 22:45 188904 ----a-w- c:\windows\system32\java.exe
2012-10-05 22:44 . 2012-10-01 15:14 129576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-05 22:44 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-05 22:44 . 2012-09-13 13:52 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-05 22:44 . 2012-10-05 22:44 -------- d-----w- c:\programdata\Avira
2012-10-05 22:38 . 2012-10-06 10:10 -------- d-sh--w- c:\windows\Installer
2012-10-05 22:38 . 2012-10-05 22:38 -------- d-----w- c:\program files (x86)\Google
2012-10-05 22:26 . 2012-10-05 22:26 -------- d-----w- c:\program files (x86)\EPSON
2012-10-05 22:25 . 2012-10-06 08:58 -------- d-----w- c:\users\ImperatorZwiebel
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\steam\Steam.exe" [2012-10-06 1353080]
"Skype"="i:\skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="i:\avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R2 SkypeUpdate;Skype Updater;i:\skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 250288]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;i:\tunngle\TnglCtrl.exe [2012-10-02 743320]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;i:\avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-06 09:40]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-06 12:15:50
ComboFix-quarantined-files.txt 2012-10-06 10:15
ComboFix2.txt 2012-10-06 09:33
.
Vor Suchlauf: 14 Verzeichnis(se), 944.174.792.704 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 943.772.057.600 Bytes frei
.
- - End Of File - - 1DEB36D3E93A86653F781F9CDD079BF7
3. Combofix Logfile: Code:
ATTFilter ComboFix 12-10-04.02 - ImperatorZwiebel 06.10.2012 11:30:11.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4087.2882 [GMT 2:00]
ausgeführt von:: c:\users\ImperatorZwiebel\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-06 bis 2012-10-06 ))))))))))))))))))))))))))))))
.
.
2012-10-06 09:32 . 2012-10-06 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-06 09:04 . 2012-10-06 09:04 -------- d-----w- c:\programdata\Tunngle
2012-10-06 09:04 . 2009-09-16 06:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2012-10-06 08:58 . 2012-10-06 09:28 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-10-06 08:57 . 2012-10-06 08:57 -------- d-----w- C:\Spiele
2012-10-06 08:57 . 2012-10-06 09:28 -------- d-----w- C:\Steam
2012-10-06 08:44 . 2012-10-06 08:44 -------- d-----w- c:\programdata\SweetIM
2012-10-06 08:44 . 2012-10-06 08:44 -------- d-----w- c:\program files (x86)\SweetIM
2012-10-06 08:36 . 2012-10-06 08:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-06 08:36 . 2012-10-06 08:36 -------- d-----w- c:\programdata\Skype
2012-10-05 23:00 . 2012-10-05 22:25 -------- d-----w- c:\windows\Panther
2012-10-05 22:53 . 2012-10-05 22:53 -------- d-----w- c:\users\UpdatusUser
2012-10-05 22:52 . 2012-10-06 09:27 -------- d-----w- c:\programdata\NVIDIA
2012-10-05 22:52 . 2012-10-05 22:53 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-10-05 22:52 . 2012-08-30 16:18 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-05 22:52 . 2012-08-30 16:18 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-05 22:52 . 2012-08-30 16:18 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-05 22:52 . 2012-08-30 16:18 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-05 22:52 . 2012-08-30 16:18 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-05 22:52 . 2012-08-30 16:17 6198120 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-05 22:51 . 2012-10-05 22:51 -------- d-----w- C:\temp
2012-10-05 22:51 . 2012-08-30 19:14 60776 ----a-w- c:\windows\system32\OpenCL.dll
2012-10-05 22:51 . 2012-08-30 19:14 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-05 22:51 . 2012-10-05 22:51 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-10-05 22:49 . 2012-10-05 22:53 -------- d-----w- c:\program files\NVIDIA Corporation
2012-10-05 22:48 . 2012-10-05 22:48 -------- d-----w- C:\NVIDIA
2012-10-05 22:45 . 2012-10-05 22:45 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-05 22:45 . 2012-10-05 22:45 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 22:45 . 2012-10-05 22:45 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-05 22:45 . 2012-10-05 22:45 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-05 22:45 . 2012-10-05 22:45 188904 ----a-w- c:\windows\system32\java.exe
2012-10-05 22:44 . 2012-10-01 15:14 129576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-05 22:44 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-05 22:44 . 2012-09-13 13:52 99248 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-05 22:44 . 2012-10-05 22:44 -------- d-----w- c:\programdata\Avira
2012-10-05 22:38 . 2012-10-06 08:58 -------- d-sh--w- c:\windows\Installer
2012-10-05 22:38 . 2012-10-05 22:38 -------- d-----w- c:\program files (x86)\Google
2012-10-05 22:26 . 2012-10-05 22:26 -------- d-----w- c:\program files (x86)\EPSON
2012-10-05 22:25 . 2012-10-06 08:58 -------- d-----w- c:\users\ImperatorZwiebel
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 08:40 . 2012-08-30 08:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="i:\skype\Phone\Skype.exe" [2010-05-10 26959144]
"Steam"="c:\steam\Steam.exe" [2012-10-06 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="i:\avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 116648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;i:\tunngle\TnglCtrl.exe [2012-10-02 743320]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AntiVirSchedulerService;Avira Planer;i:\avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-08-30 1258856]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 22:38]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-06 11:33:27
ComboFix-quarantined-files.txt 2012-10-06 09:33
.
Vor Suchlauf: 14 Verzeichnis(se), 946.341.568.512 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 946.278.461.440 Bytes frei
.
- - End Of File - - DC19F7C945B5A794F61E1A5AEC2B60CD
|
|
07.10.2012, 09:56
| #6 |
| /// the machine /// TB-Ausbilder | Virus Befall: e621ca05 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
__________________ --> Virus Befall: e621ca05 |
|
07.10.2012, 10:11
| #7 |
| | Virus Befall: e621ca05 OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.10.2012 11:05:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ImperatorZwiebel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 47,65% Memory free 7,98 Gb Paging File | 5,62 Gb Available in Paging File | 70,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 905,41 Gb Total Space | 863,91 Gb Free Space | 95,42% Space Free | Partition Type: NTFS Drive D: | 25,00 Gb Total Space | 16,55 Gb Free Space | 66,20% Space Free | Partition Type: NTFS Drive I: | 186,31 Gb Total Space | 185,62 Gb Free Space | 99,63% Space Free | Partition Type: NTFS Drive J: | 100,00 Mb Total Space | 71,20 Mb Free Space | 71,20% Space Free | Partition Type: NTFS Drive K: | 1397,26 Gb Total Space | 394,38 Gb Free Space | 28,23% Space Free | Partition Type: NTFS Computer Name: PAUL-COMPUTER | User Name: ImperatorZwiebel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.07 11:03:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ImperatorZwiebel\Desktop\OTL.exe PRC - [2012.09.25 11:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Avira\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Avira\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- I:\Avira\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe ========== Modules (No Company Name) ========== MOD - [2012.09.25 11:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll MOD - [2012.09.25 11:42:57 | 012,278,808 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll MOD - [2012.09.25 11:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll MOD - [2012.09.25 11:41:39 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libglesv2.dll MOD - [2012.09.25 11:41:38 | 000,123,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\libegl.dll MOD - [2012.09.25 11:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avutil-51.dll MOD - [2012.09.25 11:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avformat-54.dll MOD - [2012.09.25 11:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll ========== Services (SafeList) ========== SRV - [2012.10.06 11:40:06 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.06 10:58:56 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.02 21:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- I:\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- I:\Avira\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- I:\Avira\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.08.30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.08.30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- I:\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.15 01:26:34 | 000,012,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\trustms.sys -- (trustms) DRV:64bit: - [2010.04.07 12:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.07.31 03:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: I:\Java 64bit\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Stylish = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\ CHR - Extension: AdBlock = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\ CHR - Extension: Night Time In New York City = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\ CHR - Extension: YouTube = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Stylish = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\ CHR - Extension: AdBlock = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\ CHR - Extension: Night Time In New York City = C:\Users\ImperatorZwiebel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek\1.2_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Java 64bit\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Java 64bit\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [avgnt] I:\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [Steam] C:\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7FFE5B6-7D0F-4FF0-A2FA-36DAE669EAA8}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2012.10.07 11:03:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ImperatorZwiebel\Desktop\OTL.exe [2012.10.06 17:42:59 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\LolClient [2012.10.06 17:07:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.10.06 16:24:24 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\PMB Files [2012.10.06 16:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012.10.06 16:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2012.10.06 16:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.10.06 15:26:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.06 15:04:26 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Macromedia [2012.10.06 15:04:25 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Adobe [2012.10.06 12:33:16 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.06 12:28:41 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\ImperatorZwiebel\Desktop\ComboFix.exe [2012.10.06 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.10.06 12:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.10.06 12:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.10.06 12:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.10.06 12:04:11 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\WinRAR [2012.10.06 12:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.10.06 11:40:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.10.06 11:40:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.10.06 11:39:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.10.06 11:11:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.06 11:11:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.06 11:11:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.06 11:11:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.06 11:11:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.06 11:04:36 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys [2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle [2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\Documents\Tunngle [2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Tunngle [2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2012.10.06 11:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle [2012.10.06 10:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.10.06 10:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.10.06 10:57:34 | 000,000,000 | ---D | C] -- C:\Spiele [2012.10.06 10:57:29 | 000,000,000 | ---D | C] -- C:\Steam [2012.10.06 10:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2012.10.06 10:37:02 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Skype [2012.10.06 10:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.10.06 01:00:34 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.10.06 00:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.10.06 00:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.10.06 00:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2012.10.06 00:51:48 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.10.06 00:51:48 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.10.06 00:51:48 | 000,000,000 | ---D | C] -- C:\temp [2012.10.06 00:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.10.06 00:50:25 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Avira [2012.10.06 00:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.10.06 00:48:58 | 000,000,000 | ---D | C] -- C:\NVIDIA [2012.10.06 00:44:52 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.06 00:44:52 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.06 00:44:52 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.06 00:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.06 00:38:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.10.06 00:38:21 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.10.06 00:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.10.06 00:38:15 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Google [2012.10.06 00:38:03 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Apps [2012.10.06 00:38:02 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Deployment [2012.10.06 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\ElevatedDiagnostics [2012.10.06 00:34:53 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\Desktop\Games [2012.10.06 00:34:45 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\Desktop\Programme [2012.10.06 00:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EPSON [2012.10.06 00:25:33 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.10.06 00:25:33 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Searches [2012.10.06 00:25:33 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.10.06 00:25:27 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Identities [2012.10.06 00:25:25 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Contacts [2012.10.06 00:25:23 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\VirtualStore [2012.10.06 00:25:10 | 000,000,000 | --SD | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Videos [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Saved Games [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Pictures [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Music [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Links [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Favorites [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Downloads [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Documents [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\Desktop [2012.10.06 00:25:10 | 000,000,000 | R--D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Vorlagen [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Verlauf [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Temporary Internet Files [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Startmenü [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\SendTo [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Recent [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Netzwerkumgebung [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Lokale Einstellungen [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Documents\Eigene Videos [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Documents\Eigene Musik [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Eigene Dateien [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Documents\Eigene Bilder [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Druckumgebung [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Cookies [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Anwendungsdaten [2012.10.06 00:25:10 | 000,000,000 | -HSD | C] -- C:\Users\ImperatorZwiebel\Anwendungsdaten [2012.10.06 00:25:10 | 000,000,000 | -H-D | C] -- C:\Users\ImperatorZwiebel\AppData [2012.10.06 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Temp [2012.10.06 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Local\Microsoft [2012.10.06 00:25:10 | 000,000,000 | ---D | C] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Media Center Programs [2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.10.06 00:24:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.10.06 00:04:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.10.06 00:02:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch ========== Files - Modified Within 30 Days ========== [2012.10.07 11:03:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ImperatorZwiebel\Desktop\OTL.exe [2012.10.07 10:52:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.07 10:48:38 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.07 10:44:37 | 000,019,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 10:44:37 | 000,019,264 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.07 09:16:26 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.07 09:16:26 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.07 09:16:26 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.07 09:16:26 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.07 09:16:26 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.07 09:14:38 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.07 09:12:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.07 09:11:49 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys [2012.10.06 16:01:25 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.06 15:11:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.10.06 15:11:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.10.06 12:28:53 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\ImperatorZwiebel\Desktop\ComboFix.exe [2012.10.06 00:39:01 | 000,002,255 | ---- | M] () -- C:\Users\ImperatorZwiebel\Desktop\Google Chrome.lnk [2012.10.06 00:06:39 | 000,207,887 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.10.06 00:06:39 | 000,207,887 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.10.06 00:04:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2012.10.06 15:11:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.10.06 15:11:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.10.06 11:40:07 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.06 11:11:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.06 11:11:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.06 11:11:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.06 11:11:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.06 11:11:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.06 10:45:21 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.10.06 10:45:21 | 000,000,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.10.06 10:45:21 | 000,000,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.10.06 00:50:40 | 000,016,366 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.10.06 00:39:01 | 000,002,255 | ---- | C] () -- C:\Users\ImperatorZwiebel\Desktop\Google Chrome.lnk [2012.10.06 00:38:20 | 000,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.06 00:38:19 | 000,001,126 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.06 00:25:38 | 000,001,413 | ---- | C] () -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.10.06 00:25:34 | 000,001,447 | ---- | C] () -- C:\Users\ImperatorZwiebel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.10.06 00:06:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.10.06 00:06:18 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.10.06 00:04:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.10.06 00:01:22 | 3214,233,600 | -HS- | C] () -- C:\hiberfil.sys [2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.03.31 08:59:24 | 000,002,169 | ---- | C] () -- C:\Windows\XENcfg.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.06 17:42:59 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Roaming\LolClient [2012.10.06 11:04:59 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Roaming\Tunngle ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.06 15:26:29 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.03.11 20:49:34 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.09.11 08:50:19 | 000,000,000 | ---D | M] -- C:\Intel [2009.09.11 09:41:07 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.10.06 00:48:58 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.06 12:04:09 | 000,000,000 | R--D | M] -- C:\Program Files [2012.10.06 17:07:19 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.10.06 16:24:23 | 000,000,000 | ---D | M] -- C:\ProgramData [2012.03.11 20:49:34 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.06 12:33:16 | 000,000,000 | ---D | M] -- C:\Qoobox [2012.10.06 00:25:00 | 000,000,000 | ---D | M] -- C:\Recovery [2012.10.06 16:24:55 | 000,000,000 | ---D | M] -- C:\Spiele [2012.10.07 10:05:49 | 000,000,000 | ---D | M] -- C:\Steam [2012.10.07 11:06:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.06 00:51:48 | 000,000,000 | ---D | M] -- C:\temp [2012.10.06 00:53:12 | 000,000,000 | R--D | M] -- C:\Users [2012.10.06 16:53:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > [2012.10.06 10:58:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3} [2012.10.06 00:45:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F86417007FF} [2012.10.06 00:53:28 | 000,000,000 | ---D | M] -- C:\Windows\installer\{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8} [2012.10.06 12:10:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8} < %localappdata%\*. /5 > [2012.10.06 00:25:10 | 000,000,000 | -HSD | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Anwendungsdaten [2012.10.06 00:38:03 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Apps [2012.10.06 00:38:15 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Deployment [2012.10.06 00:37:01 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\ElevatedDiagnostics [2012.10.06 00:39:01 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Google [2012.10.06 00:41:39 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Microsoft [2012.10.06 20:59:11 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\PMB Files [2012.10.07 11:05:17 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Temp [2012.10.06 00:25:10 | 000,000,000 | -HSD | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Temporary Internet Files [2012.10.06 00:25:10 | 000,000,000 | -HSD | M] -- C:\Users\ImperatorZwiebel\AppData\Local\Verlauf [2012.10.06 00:25:23 | 000,000,000 | ---D | M] -- C:\Users\ImperatorZwiebel\AppData\Local\VirtualStore < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.10.2012 11:05:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ImperatorZwiebel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 47,65% Memory free
7,98 Gb Paging File | 5,62 Gb Available in Paging File | 70,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905,41 Gb Total Space | 863,91 Gb Free Space | 95,42% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 16,55 Gb Free Space | 66,20% Space Free | Partition Type: NTFS
Drive I: | 186,31 Gb Total Space | 185,62 Gb Free Space | 99,63% Space Free | Partition Type: NTFS
Drive J: | 100,00 Mb Total Space | 71,20 Mb Free Space | 71,20% Space Free | Partition Type: NTFS
Drive K: | 1397,26 Gb Total Space | 394,38 Gb Free Space | 28,23% Space Free | Partition Type: NTFS
Computer Name: PAUL-COMPUTER | User Name: ImperatorZwiebel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0549EFCD-21E4-486A-8CDF-B2EC4A6B8C5C}" = lport=445 | protocol=6 | dir=in | app=system |
"{33EE8E61-8612-4E86-9BD0-D60E316226A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46535614-116A-4E4A-A7F3-C4E0ACAB545F}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B92FD5B-A670-4C9B-BC91-3D0D97D9D081}" = rport=138 | protocol=17 | dir=out | app=system |
"{5BB130F3-1771-420E-BBB0-CF677C350D67}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6802B644-B61E-4544-B05A-8CAEF36E467C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69B0B5BD-6F5E-48B3-AEE2-FC30213661F7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A44314B-181B-440F-A2A2-7F7AF0438AB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{82BE2D1B-8EE8-4559-932F-0E577EC63A3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9588FF64-8C19-4890-BF9D-DDECF801DC82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9ECD393-786A-40B4-A707-639E7D8909A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFEFA69E-C7B2-438A-AA46-052934211862}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C09C7810-B4CD-41DB-A195-D9A6C6FF2B1F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C9361CF5-67BC-42CC-A3E9-20C7C712549E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CB8C2ACB-E0F2-4731-A2B0-57DF7833537E}" = lport=138 | protocol=17 | dir=in | app=system |
"{DDC99DA9-CB6A-453A-85C1-A6A9F3D79DCD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DF2DCB21-A58B-4937-A360-4EB0F67DA7B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{E28AED46-9BCF-411E-8D5F-4FAFC7482342}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E7AD2F24-4623-4206-9545-6E4653C8FF4A}" = lport=137 | protocol=17 | dir=in | app=system |
"{F528A60A-D88E-4403-887A-4C34DC004662}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F6235B31-7762-48F7-9B1B-332C82201A3E}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C326C0-67CC-4454-AE4D-581D0B285E5C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{05B4136D-602D-4B06-B301-9EC24B74EAC5}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{12150CAA-ED5C-45F2-888B-144CA5475BE9}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{1E7B0F03-278A-4D24-9600-33B7C1C79A66}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{20E1378F-EC59-453F-86F8-032F633B9FF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34D8188E-8854-4ACC-B05D-A0530E49724B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35FF6326-B9C2-4DE4-A7D6-87B483E52208}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{427659D9-2D9E-4A4D-AC4F-863DA4EDF55B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{459A6360-0450-41A8-9AD3-18E5D2BAC977}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4FD7B6DE-8F2C-4AB1-A087-8CA72A9C5A02}" = protocol=17 | dir=in | app=c:\steam\steam.exe |
"{51F46420-C405-45D0-A858-6C5A063B2BF8}" = protocol=6 | dir=in | app=i:\tunngle\tnglctrl.exe |
"{66BA28E5-22DF-4951-B4DA-061506279DC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B2FD684-2AED-4FBE-A604-E33DB2E33E3E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80CE6BB2-3FA8-442F-8894-06B0F093A69B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{84293778-7F1B-4B73-9D6A-2FFEC68F61E9}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{88D7B54D-06EA-4670-A4B7-C3F0E4BD7757}" = protocol=6 | dir=out | app=system |
"{97FBFB53-70AD-4677-BF89-E5F6E039CAE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9AB9D3C9-7AC3-4737-88EF-0CBCE86093FC}" = dir=in | app=i:\skype\phone\skype.exe |
"{9E52B7FC-F4EF-4B60-8367-A0DB1ECC3FB0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A619BA6F-8B59-49AA-88ED-2894D9457F64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A65420B2-771E-49B2-812F-5B2AF2CC0B8B}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{A8EF1B16-81F4-4544-89C5-55B8FC6FAEA5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AB3CA8D9-5683-4147-A8D8-A290154D8735}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD95F708-F6EE-429F-85E3-65134E5F7D2C}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{B9586014-7B60-49E3-A6B1-AF8FF321875D}" = protocol=6 | dir=in | app=i:\tunngle\tunngle.exe |
"{BD9E021C-3A2D-4C1D-8E72-24A46235D17E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDF4B3F1-17DF-45B6-B86F-D9CF6CFB6C7D}" = protocol=6 | dir=in | app=c:\steam\steam.exe |
"{C4020652-309A-43A7-B97E-041CA8B608B5}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{D1256E8D-287D-49DE-B32F-987CEE1EC598}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D2A31B3E-D3C2-450F-9E51-ABAF6C7B66A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5BE3817-BBF4-4F90-9600-3FB36FA90904}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DD60616B-873A-4AB2-8980-3D9768756545}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE1C63F0-857F-4CAB-96C2-4F13F71D2827}" = protocol=17 | dir=in | app=i:\tunngle\tunngle.exe |
"{DF47A6E9-8BCF-4DB6-8C66-A6CF16A9F304}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFB81E2C-797D-4CD4-8E73-BE0E90DCD309}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E15D3877-FA12-4569-AB91-19F7CA4B194D}" = protocol=17 | dir=in | app=i:\tunngle\tnglctrl.exe |
"{E1F70EE2-AAA4-46AF-A2FF-10AF2BE24C00}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{177BDDF9-38E7-434F-86AC-5E660792BCF9}I:\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=i:\jdownloader\jre\bin\javaw.exe |
"UDP Query User{E1A9C2BB-F7B1-46CD-BD58-48D8875C8340}I:\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=i:\jdownloader\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 1250" = Killing Floor
"Tunngle beta_is1" = Tunngle beta
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.10.2012 05:04:48 | Computer Name = Paul-Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.10.2012 05:28:38 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description =
Error - 06.10.2012 09:12:06 | Computer Name = Paul-Computer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.10.2012 09:59:43 | Computer Name = Paul-Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: nvSCPAPISvr.exe, Version: 7.17.13.623,
Zeitstempel: 0x503f8803 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f56c9c ID des fehlerhaften
Prozesses: 0x304 Startzeit der fehlerhaften Anwendung: 0x01cda3a4dc6eab2d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 13a4c07c-0fbe-11e2-a36a-4061862d9a25
Error - 06.10.2012 09:59:50 | Computer Name = Paul-Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.10.8.0, Zeitstempel:
0x503f86dd Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f56c9c ID des fehlerhaften Prozesses:
0xf5c Startzeit der fehlerhaften Anwendung: 0x01cda3a534999b48 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 17ccc796-0fbe-11e2-a36a-4061862d9a25
Error - 06.10.2012 09:59:52 | Computer Name = Paul-Computer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sched.exe, Version: 13.4.0.184, Zeitstempel:
0x50616a94 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f56c9c ID des fehlerhaften Prozesses:
0x738 Startzeit der fehlerhaften Anwendung: 0x01cda3cadba43d03 Pfad der fehlerhaften
Anwendung: I:\Avira\Avira\AntiVir Desktop\sched.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 19558aa4-0fbe-11e2-a36a-4061862d9a25
Error - 06.10.2012 10:02:41 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description =
Error - 06.10.2012 10:50:50 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description =
Error - 06.10.2012 10:54:31 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description =
Error - 07.10.2012 03:13:40 | Computer Name = Paul-Computer | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 06.10.2012 10:02:31 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 06.10.2012 10:05:06 | Computer Name = Paul-Computer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Sicherheitsupdate für Internet Explorer 8 unter
Windows 7 für x64-basierte Systeme (KB2544521)
Error - 06.10.2012 10:05:06 | Computer Name = Paul-Computer | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80242016 fehlgeschlagen: Update für die Kompatibilitätsansichtsliste für
Internet Explorer*8 für Windows 7 für x64-basierte Systeme (KB2598845)
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = WMPNetworkSvc | ID = 866306
Description =
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "wscsvc" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sicherheitscenter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7038
Description = Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit
dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 06.10.2012 10:51:55 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 06.10.2012 10:51:58 | Computer Name = Paul-Computer | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet: %%-2147467243
< End of report >
|
|
07.10.2012, 17:42
| #8 |
| /// the machine /// TB-Ausbilder | Virus Befall: e621ca05 Hi, Was ist Dein Laufwerk I: ??
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.10.2012, 20:29
| #9 |
| | Virus Befall: e621ca05 I: ist meine Externe festplatte wo ich nur programme drauf mache C: die ganz normale K: ist auch eine Externe D: ist Recovery J: hatte ich vorher noch nie das ist seid ich windows neu aufgesetzt habe aufeinmal da  |
|
07.10.2012, 20:32
| #10 |
| /// the machine /// TB-Ausbilder | Virus Befall: e621ca05 Alles anklemmen was Du hast und dran lassen. Mach nen VollScan mit Malwarebytes Antimalware, guck dass alle Laufwerke angehakt sind.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.10.2012, 21:19
| #11 |
| | Virus Befall: e621ca05 Das Programm sagt mit das nichts infiziert ist  |
|
08.10.2012, 06:19
| #12 |
| /// the machine /// TB-Ausbilder | Virus Befall: e621ca05 Logfile? ESET Online Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2012, 14:59
| #13 |
| | Virus Befall: e621ca05 Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.07.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ImperatorZwiebel :: PAUL-COMPUTER [Administrator] 08.10.2012 15:31:03 mbam-log-2012-10-08 (15-31-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|J:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 325390 Laufzeit: 27 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
08.10.2012, 15:37
| #14 |
| /// the machine /// TB-Ausbilder | Virus Befall: e621ca05 Dann noch den Onlinescan, auch hier alle Platten anschliessen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.10.2012, 15:52
| #15 |
| | Virus Befall: e621ca05 Gerade fertig geworden K:\Filme.lnk Win32/Dorkbot.D worm K:\Musik.lnk Win32/Dorkbot.D worm K:\Navigon.Blitzer.06.2012.lnk Win32/Dorkbot.D worm K:\Navigon.lnk Win32/Dorkbot.D worm K:\NAVIGON.MAPS.Q2.2012.lnk Win32/Dorkbot.D worm K:\Paul.lnk Win32/Dorkbot.D worm K:\Sendungen.lnk Win32/Dorkbot.D worm K:\Sorglospaket.v8.lnk Win32/Dorkbot.D worm K:\Sound.lnk Win32/Dorkbot.D worm K:\System Volume Information.lnk Win32/Dorkbot.D worm |
|
| Themen zu Virus Befall: e621ca05 |
| 64bit, babylontoolbar, befall, file, forum, geholfen, gesuch, gesucht, guten, home, home premium, icreinstall, installiere, installieren, jdownloader, log, log file, neu, online, premium, scan, scanner, schei, schritte, virus, win32/installcore.d, windows, windows 7, würde |
Textbox.
Linear-Darstellung
