Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit)

TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit)


Log-Analyse und Auswertung: TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.10.2012, 13:12   #1
fernseher
 
TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit) - Standard

TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit)


Hoffe, das ich nicht schon zuviel gemacht habe. Es ist der Laptop meiner Tochter. Ich habe die Trojaner in die Quarantäne verschoben. Spybot Scan durchgeführt und den Babylon Toolbar gelöscht, Avira aktualisiert und aufgrund von Inkompabilitätswarnungen von Avira Spybot deinstalliert und Norton-Reste aus der Registry gelöscht. Danach bei euch gelesen wie man vorgehen soll und Anti-Malware laufen lassen. Hier wurde dann Trojan.Ransom.Gen gefunden, den habe ich dann in Quarantäne verschoben habe. Dann OTL installiert und nach euren Empfehlungen laufen lassen. Dann habe ich mir einen Admin Account eröffnet und meine Tochter zum normalen User degradiert. Den Rechner habe ich vom Netz getrennt. Eine Auswirkung der Trojaner auf die Bedienung, Programme und Dateien konnte ich bisher nicht feststellen.

Antivir-Ergebnisse
Code:
ATTFilter
Exportierte Ereignisse:

06.10.2012 14:52 [Guard] Malware gefunden
      In der Datei 'C:\Users\Kathrin\AppData\Local\Microsoft\Windows\Temporary 
      Internet Files\Content.IE5\37A93N01\setup[1].exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Yakes.bbyu' [trojan] gefunden.
      Ausgeführte Aktion: Datei in Quarantäne verschieben

06.10.2012 14:22 [Guard] Malware gefunden
      In der Datei 'C:\Users\Kathrin\AppData\Roaming\Xyoh\kypu.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen8' [trojan] gefunden.
      Ausgeführte Aktion: Datei in Quarantäne verschieben

06.10.2012 13:57 [Guard] Malware gefunden
      In der Datei 'C:\Users\Kathrin\AppData\Roaming\Ikreeg\loin.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen8' [trojan] gefunden.
      Ausgeführte Aktion: Datei in Quarantäne verschieben

06.10.2012 01:22 [Guard] Malware gefunden
      In der Datei 'C:\Users\Kathrin\AppData\Roaming\Ikreeg\loin.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen8' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

06.10.2012 01:20 [Guard] Malware gefunden
      In der Datei 'C:\Users\Kathrin\AppData\Roaming\Ikreeg\loin.exe'
      wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen8' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Hier der Malwarebytes-Log

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.06.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kathrin :: KATHRINS_LENOVO [Administrator]

Schutz: Aktiviert

06.10.2012 14:22:23
mbam-log-2012-10-06 (14-22-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 409180
Laufzeit: 2 Stunde(n), 13 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
c:\users\kathrin\appdata\local\microsoft\windows\temporary internet files\content.ie5\37a93n01\setup[1].exe (Trojan.Ransom.ANC) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Die OTL.txt

Code:
ATTFilter
OTL logfile created on: 06.10.2012 17:12:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kathrin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 67,13% Memory free
6,07 Gb Paging File | 4,95 Gb Available in Paging File | 81,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 421,80 Gb Total Space | 182,07 Gb Free Space | 43,16% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 27,64 Gb Free Space | 94,70% Space Free | Partition Type: NTFS
 
Computer Name: KATHRINS_LENOVO | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.06 14:08:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathrin\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2009.09.25 12:34:25 | 003,116,096 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\VeriFace\PManage.exe
PRC - [2009.08.19 10:53:30 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 10:52:28 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.25 18:46:08 | 005,064,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.24 01:49:38 | 004,097,864 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.27 20:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008.02.14 22:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IgrsSvcs.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.16 18:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2006.12.11 21:33:20 | 000,184,320 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfimon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.09.25 12:34:27 | 000,487,424 | ---- | M] () -- C:\Programme\Lenovo\VeriFace\ChooseLang.dll
MOD - [2009.09.25 12:34:22 | 001,404,928 | ---- | M] () -- C:\Windows\System32\IcnOvrly.dll
MOD - [2009.09.25 12:34:20 | 000,507,904 | ---- | M] () -- C:\Windows\System32\SimpleExt.dll
MOD - [2009.08.18 16:54:22 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.12.20 12:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.12.20 12:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.09.10 20:19:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.05.06 20:04:36 | 000,412,736 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV - [2009.05.06 20:04:36 | 000,379,968 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV - [2008.09.27 20:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008.02.15 01:40:18 | 000,098,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2008.02.14 22:33:14 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.04.11 18:59:18 | 000,270,336 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2006.10.26 23:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.10.06 14:19:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.01.16 00:15:13 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.25 12:34:12 | 000,048,192 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\funfrm.sys -- (funfrm)
DRV - [2009.06.30 00:06:38 | 000,047,432 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2009.05.22 19:33:10 | 001,273,640 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 04:51:32 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.03 01:15:24 | 000,008,832 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdkbdmou.sys -- (Wdkbdmou)
DRV - [2009.03.03 01:14:38 | 000,008,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WDMirror.sys -- (wdmirror)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.06 14:50:42 | 000,014,848 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.03.14 15:23:12 | 000,169,008 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.01.10 19:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2007.05.23 10:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7E5CCBCD-223D-4776-B76E-79B8529474E2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&FORM=LENIE
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searc---- | M] ()
IE - HKCU\..\SearchScopes\{7E5CCBCD-223D-4776-B76E-79B8529474E2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.21 22:20:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 20:19:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.10 20:19:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.01.15 00:11:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.19 16:14:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.10 20:19:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.10 20:19:04 | 000,000,000 | ---D | M]
 
[2010.01.15 00:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Extensions
[2010.01.15 00:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.10.06 14:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Firefox\Profiles\dqsxygvs.default\extensions
[2012.10.06 14:16:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Firefox\Profiles\dqsxygvs.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.07.26 20:30:41 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\dqsxygvs.default\extensions\stealthyextension@gmail.com.xpi
[2012.06.26 20:18:31 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\dqsxygvs.default\extensions\youtube2mp3@mondayx.de.xpi
[2010.01.15 00:01:16 | 000,004,153 | ---- | M] () -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\dqsxygvs.default\searchplugins\youtube.xml
[2012.09.10 20:19:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.10 20:19:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.08.21 22:20:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.09.10 20:19:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.09.10 20:19:12 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.01 22:57:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.15 21:27:56 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.01 23:01:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.01 22:57:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.01 22:57:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.01 22:57:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.01 22:57:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.01.15 00:49:49 | 000,373,478 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 12873 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [Unattend0000000001{70EB91E7-FAAB-44A4-BA19-C0A45B228BC0}] C:\Windows\test.bat File not found
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Programme\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Degaq] C:\Users\Kathrin\AppData\Roaming\Ikreeg\loin.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kathrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.182 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435BFF4E-1632-48A8-A2A6-F071A1C3987D}: DhcpNameServer = 80.69.100.182 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6ABAEE00-D54A-4833-BD1D-3D043AFC4F98}: DhcpNameServer = 80.69.100.182 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{52b9390c-1f25-11e0-b67e-002622c8eb31}\Shell - "" = AutoRun
O33 - MountPoints2\{52b9390c-1f25-11e0-b67e-002622c8eb31}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.06 15:10:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathrin\Desktop\OTL.exe
[2012.10.06 14:06:26 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.06 14:06:25 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Malwarebytes
[2012.10.06 14:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 14:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.06 14:06:17 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.06 14:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.01 21:56:42 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Xyoh
[2012.10.01 21:56:42 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Obedfo
[2012.10.01 21:56:42 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Ipupx
[2012.09.28 21:20:19 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Pasaby
[2012.09.28 21:20:19 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Ikreeg
[2012.09.28 21:20:19 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\Icaf
[2012.09.15 13:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.15 13:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.15 13:01:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.10 20:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.06 17:08:38 | 000,685,956 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.06 17:08:38 | 000,642,948 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.06 17:08:38 | 000,150,224 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.06 17:08:38 | 000,121,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.06 17:02:11 | 000,000,056 | -HS- | M] () -- C:\_PartitionInfo
[2012.10.06 17:02:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.06 17:02:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.06 17:02:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.06 17:01:58 | 3150,553,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.06 16:52:38 | 000,000,000 | ---- | M] () -- C:\Users\Kathrin\defogger_reenable
[2012.10.06 14:19:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.06 14:08:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathrin\Desktop\OTL.exe
[2012.10.06 14:06:20 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.04 16:59:26 | 000,009,381 | ---- | M] () -- C:\Users\Kathrin\Desktop\Geschenkidee Weihnachten und 6 Monate.odt
[2012.09.16 12:50:11 | 000,021,609 | ---- | M] () -- C:\Users\Kathrin\Documents\Sowi Nokia.odt
[2012.09.16 12:21:38 | 000,011,282 | ---- | M] () -- C:\Users\Kathrin\Documents\Deutsch Charakterisierung Kammerdiener + Wurm.odt
[2012.09.15 13:01:42 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.10.06 16:52:38 | 000,000,000 | ---- | C] () -- C:\Users\Kathrin\defogger_reenable
[2012.10.06 14:06:20 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.30 01:45:49 | 000,009,381 | ---- | C] () -- C:\Users\Kathrin\Desktop\Geschenkidee Weihnachten und 6 Monate.odt
[2012.09.16 12:50:09 | 000,021,609 | ---- | C] () -- C:\Users\Kathrin\Documents\Sowi Nokia.odt
[2012.09.16 12:21:36 | 000,011,282 | ---- | C] () -- C:\Users\Kathrin\Documents\Deutsch Charakterisierung Kammerdiener + Wurm.odt
[2012.09.15 13:01:42 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.08.20 16:16:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.04.07 00:28:05 | 000,000,580 | ---- | C] () -- C:\Windows\eReg.dat
[2010.01.22 20:10:03 | 000,072,192 | ---- | C] () -- C:\Users\Kathrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.22 19:32:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.14 23:38:09 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.07 12:16:38 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Audacity
[2012.10.06 17:04:47 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Dropbox
[2011.08.05 21:23:01 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\DVDVideoSoft
[2011.04.02 21:53:27 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.01.14 23:38:45 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\EasyCapture
[2010.01.20 21:38:33 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Engelmann Media
[2012.10.05 14:33:23 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Icaf
[2011.11.01 23:34:14 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\ICQ
[2012.10.06 13:57:20 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Ikreeg
[2012.10.01 21:56:43 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Ipupx
[2010.02.05 16:16:07 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\NCH Swift Sound
[2012.10.01 21:56:42 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Obedfo
[2010.01.17 00:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\OpenOffice.org
[2012.09.28 21:20:19 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Pasaby
[2011.09.27 19:14:14 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\PopSoft
[2010.01.15 00:11:55 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Thunderbird
[2012.10.06 14:22:14 | 000,000,000 | ---D | M] -- C:\Users\Kathrin\AppData\Roaming\Xyoh
 
========== Purity Check ==========
 
 

< End of report >
Die Extras txt

Code:
ATTFilter
OTL Extras logfile created on: 06.10.2012 17:12:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kathrin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 67,13% Memory free
6,07 Gb Paging File | 4,95 Gb Available in Paging File | 81,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 421,80 Gb Total Space | 182,07 Gb Free Space | 43,16% Space Free | Partition Type: NTFS
Drive D: | 29,19 Gb Total Space | 27,64 Gb Free Space | 94,70% Space Free | Partition Type: NTFS
 
Computer Name: KATHRINS_LENOVO | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2CC4EA16-9A9A-4244-B3A2-754984428BDD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{42D211D2-8A1A-401B-9268-A749D2AA793E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{43DCCEE1-A1B1-4232-83B1-590936757DE6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4E965E92-55EA-464C-80B3-1C67338AB0EB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{51E8766A-4399-4237-BDA0-BE8DDC662DB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{52B41CEE-646C-4FB6-A891-B7B3D6E59A9F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6A1783D3-FBBA-4D0F-BC56-B8BBD02F88EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{8A232157-24BD-4D1A-89B8-72F01478F0FD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C2FBC450-3E54-49B9-AED0-871104B72E52}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CC014A54-7F3F-4CA9-BDD1-FCA78CE34267}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DC8E7DAC-5054-4F81-94F0-E49DDE7BE183}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F2C1E6A5-5C01-4221-B574-DD7E66FB5365}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F79EC454-9381-43C2-BB2B-2751DD9ED09D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010A797C-CACA-47FB-9E8A-38B5399E3A8F}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{0641A82C-4B7A-44E7-ABBF-04C6DD519C9F}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{0F6D8823-F7F7-43DC-9A32-90199367695C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2077F8E3-B900-4342-8F8C-FDE76D38537C}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{24E06705-B576-4146-BC76-95089B50772D}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{275462DB-D141-45DD-A981-1F525B3C8160}" = dir=in | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{36606725-82A3-4D51-8C5B-DBB01669646A}" = dir=in | app=c:\windows\system32\igrssvcs.exe | 
"{3E6B5BD9-EACA-4946-9B5E-8491FA5B3D0D}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{41BB3EE1-0AD8-4477-AC73-B0E14291019C}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{50C30B1B-896F-4E22-99A6-DFCC09C2545B}" = protocol=6 | dir=in | app=c:\users\kathrin\desktop\downloads\flvplayer_setup.exe | 
"{5A6C53A6-DFE4-4D8D-83DE-C6700A1B0749}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{6D02628A-AC17-411A-A007-AC6698D42943}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{70B09F55-E31C-4186-AAAF-E2ECEB7CE176}" = protocol=17 | dir=in | app=c:\users\kathrin\desktop\downloads\flvplayer_setup.exe | 
"{70C787D5-2C8E-436C-BD00-DE15201209FA}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{7581BA1B-CA07-4F52-861E-A725332C4D06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{82B37F69-3D22-4D2D-AE63-155388C3060F}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{8C43CACA-1C91-4087-9252-D30F48EFBFB3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8D630857-622E-4873-BCCB-E0FD38C2EE87}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{9E812FA2-34DD-4EF0-A1C6-ADD8D8672DFD}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe | 
"{9F40AA93-775B-44F3-BF7F-FDCAA57EEDC7}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{A1C8C9FE-8841-42C4-AF11-FC16D6E05D63}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{A96C317D-6A3C-47E7-9F54-ACBF04DB74B9}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{AE5E457F-0155-4F21-A950-735CC21B7327}" = dir=out | app=c:\program files\lenovo\readycomm\common\igrs.exe | 
"{B145E2F0-B095-4E84-9583-5A7B46CBF686}" = dir=in | app=c:\program files\lenovo\readycomm\threegservice.exe | 
"{B5BCEF93-F6AD-4284-AA11-7882951A5FB0}" = protocol=6 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{BA299DC0-C6BD-4035-A3BC-092844930E0D}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{BA4FC99A-AC0D-43F5-B2DF-8A6638ED7A96}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{C160ECD8-EEE8-402A-BD4F-86AC6706C50A}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{C20BC3F9-F1B2-494E-96C9-B07A505A95D1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C4DA7F48-8D10-41A9-AD00-F6B4A401252F}" = dir=out | app=c:\program files\lenovo\readycomm\threegservice.exe | 
"{C5FFAA9C-20EA-4206-B497-FF27CB814ED5}" = dir=out | app=c:\windows\system32\igrssvcs.exe | 
"{D8179B48-B76A-46B3-B5AF-A78CE9E243C3}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{DFEF621C-881A-479D-8CBC-0AAAD5A94C41}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"{F2141168-32D4-4389-817F-F0FCDF0A9DA0}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{F370A5D2-2AA0-4641-941F-8A0DC3115C6F}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{F97C96E8-522F-4615-96C0-1634591FDE3D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F9ABAB87-3AD4-4FCA-AF7E-5C4C76EC343F}" = protocol=17 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F9C50B33-0E96-42FA-9E15-336B4937D63E}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe | 
"{FE912933-57EC-427F-8696-12D032655F05}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{010553CA-1AB1-401C-A17D-CFC1ECA17742}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BD765A3F-57CD-4998-9746-74A9079905F0}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{BFC5B9DB-6F02-4323-9FC0-12A15198543B}C:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{CA7A978C-9A29-47FD-A3C3-030BBF5EE9CC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{EDA2B036-FCA8-4F91-851A-0893F442345D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{10961948-9E2E-46E0-BD3E-947314136FD5}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{66C3C406-4020-4AAF-97CF-B704D3B6E509}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{8FEE3FC2-A5B5-415B-8F15-25D9B93C897A}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{95CA0F3E-13B4-423E-A00B-EF2C3395F8EA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{ECDE76FB-325C-46FC-A638-2FCF6C653EFA}C:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe 
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5.0
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E325417-AE9C-4EE1-A158-13DF451A5987}" = Broadcom Gigabit Integrated Controller
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE3C8BD1-8656-408E-0001-7BB0830A561C}" = MovieSaver*2.0
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Die Gilde" = Die Gilde
"DivX Setup" = DivX-Setup
"DMXControl" = DMXControl 2.11
"EasyCapture3.5" = EasyCapture
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.6.727
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LEGOIsland" = Abenteuer Auf der LEGO Insel
"Magic 3D Easy View_is1" = Magic 3D Easy View
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"SMPlayer" = SMPlayer 0.6.8
"Switch" = Switch Sound File Converter
"Theme Park World" = Theme Park World
"Uninstall_is1" = Uninstall 1.0.0.1
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.0.3
"WavePad" = WavePad Sound Editor
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.05.2012 13:14:02 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.05.2012 13:14:02 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.05.2012 08:13:58 | Computer Name = Kathrins_Lenovo | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2012 08:14:16 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.05.2012 08:14:24 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.05.2012 08:14:24 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.05.2012 16:06:06 | Computer Name = Kathrins_Lenovo | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.05.2012 16:06:29 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.05.2012 16:06:32 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.05.2012 16:06:32 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 05.10.2012 19:06:35 | Computer Name = Kathrins_Lenovo | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 05.10.2012 19:07:39 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 05.10.2012 19:08:22 | Computer Name = Kathrins_Lenovo | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.0.114 über die
 Netzwerkkarte mit der Netzwerkadresse 002556BBCA25 ist verloren gegangen.
 
Error - 06.10.2012 07:49:25 | Computer Name = Kathrins_Lenovo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.10.2012 07:49:25 | Computer Name = Kathrins_Lenovo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.10.2012 07:49:46 | Computer Name = Kathrins_Lenovo | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.10.2012 07:51:59 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.10.2012 11:02:14 | Computer Name = Kathrins_Lenovo | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.10.2012 11:02:29 | Computer Name = Kathrins_Lenovo | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.10.2012 11:05:21 | Computer Name = Kathrins_Lenovo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
Ich hoffe, ihr könnt mir weiterhelfen -Martin

 

Themen zu TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit)
antivirus, autorun, avira, babylon toolbar, bho, bingbar, converter, error, firefox, flash player, home, install.exe, internet, lenovo, logfile, microsoft office 2003, mozilla, mp3, office 2007, plug-in, realtek, registry, safer networking, scan, security, server, software, svchost.exe, tr/dropper.gen8, tr/yakes.bby, trojan.ransom.anc, trojan.ransom.gen, trojaner, usb, usb 2.0, virus, vista, windows


« Commerzbanking 100 TAN Trojaner | Bundespolizei Virus Pc Gesperrt.! »


Ähnliche Themen: TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit)


  1. Avira Free Antivirus: Systemprüfung: Warnungen. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 11.05.2015 (1)
  2. PUA/DownloadGuide.Gen von Avira-Free entdeckt brauche wohl eure Dienste
    Plagegeister aller Art und deren Bekämpfung - 10.04.2015 (9)
  3. Avira free antivirus meldet TR/Dropper.A.25752
    Plagegeister aller Art und deren Bekämpfung - 21.03.2015 (17)
  4. Windows Vista 32bit : Durchseuchung durch unsachgemäße Nutzung
    Plagegeister aller Art und deren Bekämpfung - 13.12.2014 (14)
  5. Avira Free Antivirus - Dieses Programm wurde durch eine Gruppenrichtline blockiert
    Log-Analyse und Auswertung - 16.09.2014 (15)
  6. Avira Free Antivirus startet nicht:Das Programm wurde durch Gruppenrichtlinien blockiert.
    Plagegeister aller Art und deren Bekämpfung - 17.06.2014 (13)
  7. Trojanerbefall - Avira Antivirus Free durch Gruppenrichtlinie blockiert!
    Log-Analyse und Auswertung - 15.05.2014 (7)
  8. Avira Free Antivirus - 6 Funde nach Systemscan
    Log-Analyse und Auswertung - 24.03.2014 (5)
  9. Windows Vista-PC: Avira free Antivirus findet APPL/Downloader.Gen
    Log-Analyse und Auswertung - 10.02.2014 (5)
  10. Avira Free Antivirus meldet Adware/InstallCore7
    Log-Analyse und Auswertung - 19.01.2014 (9)
  11. Virus TR/ATRAPS.Gen2 durch Avira entdeckt. Keine Lösung durch Avira
    Log-Analyse und Auswertung - 29.10.2013 (3)
  12. Laptop / Windows Vista Home 32bit/ System Care Antivirus Befall
    Log-Analyse und Auswertung - 20.08.2013 (13)
  13. Reicht AVG AntiVirus free zum entfernen der Trojaner Agent7.bc und Dropper.Generic8.AGYJ aus?
    Log-Analyse und Auswertung - 24.05.2013 (18)
  14. TR/ATRAPSGEN2-Meldungen erschienen auf meinem PC und nun ist AVIRA-Regenschirm auf Symbol von Avira Free Antivirus eingeklappt
    Log-Analyse und Auswertung - 27.09.2012 (5)
  15. AVG Free Antivirus vs. Avira AntiVir Personal - FREE Antivirus
    Antiviren-, Firewall- und andere Schutzprogramme - 17.05.2012 (23)
  16. Festplattenproblem nach Avira Free Antivirus-Meldung
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (46)
  17. Avira meldet TR/Dropper.Gen8 und HTML/Rce.Gen
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (22)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit) - Hoffe, das ich nicht schon zuviel gemacht habe. Es ist der Laptop meiner Tochter. Ich habe die Trojaner in die Quarantäne verschoben. Spybot Scan durchgeführt und den Babylon Toolbar gelöscht, - TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit)...
Archiv
Du betrachtest: TR/Dropper.Gen8 und TR/Yakes.bby durch Avira Free Antivirus entdeckt (Vista 32bit) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131