| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 laut Avira - was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.10.2012, 10:22
| #1 |
 |  TR/ATRAPS.Gen2 laut Avira - was nun? Hallo, ich habe seit gestern abend folgendes Problem mit meinem Laptop: Fast minütlich zeigt mir Avira den Fund TR/ATRAPS.Gen2 an, der zwar in Quarantäne verschoben wird, aber immer wieder auftritt. Nach einiger Recherche via Google gehe ich davon aus, dass es sich um einen Trojaner handelt, und auch hier im Forum habe ich schon einige Themen gefunden, die dieses Thema behandeln. Da ich aber ein ziemlicher Laie bin, wollte ich nachfragen was nun genau in meinem Fall zu tun ist, bevor ich die Anweisungen aus anderen Themen befolge und evt mein System noch mehr schädige. Zu meinem Latop - läuft mit Windows7, hat 32Bit. Werde mich bemühen weitere Infos bereitzustellen, sofern dies notwendig ist. Ich hoffe, dass mir hier jemand weiterhelfen kann. Danke schon mal im Vorraus & freundliche Grüße, Conny |
|
09.10.2012, 10:30
| #2 |
| /// Helfer-Team    | TR/ATRAPS.Gen2 laut Avira - was nun? , beachte bitte diesen Link und arbeite diesen ab: http://www.trojaner-board.de/69886-a...-beachten.html Danach wird sich dir ein Helfer annehmen. Falls dennoch Fragen zu den einzelnen Schritten offen bleiben, einfach nachfragen. Zusätzlich wäre noch der Befund von Avira interessant. Dazu bei Avira unter Befunde/ Ereignisse die Informationen posten (ich habe leider kein Avira hier, um es detailliert zu beschreiben).
__________________ |
|
09.10.2012, 15:48
| #3 |
| | TR/ATRAPS.Gen2 laut Avira - was nun? habe jetzt soweit alles nach der anleitung durchgeführt
__________________OTL.TXTOTL Logfile: Code:
ATTFilter OTL logfile created on: 09.10.2012 12:54:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Conny\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1022,18 Mb Total Physical Memory | 522,73 Mb Available Physical Memory | 51,14% Memory free 2,00 Gb Paging File | 1,16 Gb Available in Paging File | 58,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,43 Gb Total Space | 28,62 Gb Free Space | 38,45% Space Free | Partition Type: NTFS Computer Name: CONNY-PC | User Name: Conny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.09 12:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011.06.28 15:08:48 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 23:58:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 04:14:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2010.02.18 13:28:44 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010.02.18 13:26:44 | 001,047,368 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.17 06:42:06 | 000,105,632 | ---- | M] (Corel) -- C:\Programme\Common Files\Corel\Standby\Standby.exe PRC - [2009.07.14 03:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2008.05.09 13:04:24 | 000,090,112 | ---- | M] (IDT, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe PRC - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006.10.26 20:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2006.09.28 21:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe ========== Modules (No Company Name) ========== MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL MOD - [2009.07.14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll ========== Services (SafeList) ========== SRV - [2012.09.21 15:14:14 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.06.28 15:08:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 23:58:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.08 18:10:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.08.08 16:34:45 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.02.18 13:26:44 | 001,047,368 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.02.18 13:22:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.05.09 13:04:24 | 000,090,112 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.06.28 15:08:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 15:08:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.08.08 15:46:53 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.05.09 13:05:36 | 000,650,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.11.08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2007.02.20 16:44:00 | 004,457,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Österreich: Hotmail, Messenger, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle und mehr bei MSN AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 D8 16 71 95 5A CB 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = Suche IE - HKCU\..\SearchScopes,DefaultScope = {48639E64-816C-1E71-A11F-AF2D7041DC94} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.27 22:47:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.16 18:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions [2010.10.16 18:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.09 01:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: news.ORF.at CHR - Extension: Skype Click to Call = C:\Users\Conny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Programme\Search Toolbar\SearchToolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Programme\Search Toolbar\SearchToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Programme\Search Toolbar\SearchToolbar.dll () O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [dmctut] C:\Users\Conny\AppData\Roaming\dmctut.dll (Ray Hinchliffe) O4 - HKLM..\Run: [HKLM] C:\Windows\System32\firefox\firefox.exe (Microsoft Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [shlbme] rundll32.exe File not found O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel) O4 - HKLM..\Run: [uadup] rundll32.exe File not found O4 - HKCU..\Run: [HKCU] C:\Windows\System32\firefox\firefox.exe (Microsoft Corporation) O4 - Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\firefox\firefox.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\firefox\firefox.exe (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32670B16-D541-40F7-885B-B09C62CBE8D8}: DhcpNameServer = 10.0.0.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF991DB5-4927-4658-80EF-FB7C3AAD8598}: DhcpNameServer = 192.168.100.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.09 12:53:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe [2012.10.09 12:49:53 | 000,000,000 | ---D | C] -- C:\Users\Conny\Desktop\Files für TB [2012.10.08 11:31:48 | 000,177,664 | ---- | C] (Ray Hinchliffe) -- C:\Users\Conny\AppData\Roaming\dmctut.dll [2012.09.21 15:48:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\firefox [2012.09.21 15:48:37 | 001,075,200 | ---- | C] (WinZip Computing, S.L.) -- C:\Users\Conny\AppData\Roaming\zip.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.09 12:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe [2012.10.09 12:50:59 | 000,000,000 | ---- | M] () -- C:\Users\Conny\defogger_reenable [2012.10.09 12:38:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.09 12:15:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.09 12:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.09 10:56:10 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.09 10:56:10 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.09 10:51:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.09 10:50:46 | 803,872,768 | -HS- | M] () -- C:\hiberfil.sys [2012.10.08 11:31:48 | 000,177,664 | ---- | M] (Ray Hinchliffe) -- C:\Users\Conny\AppData\Roaming\dmctut.dll [2012.09.21 16:54:12 | 000,000,792 | ---- | M] () -- C:\Users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs [2012.09.21 15:48:46 | 000,154,283 | -H-- | M] () -- C:\Users\Conny\AppData\Roaming\Conny-wchelper.dll [2012.09.21 15:48:37 | 001,075,200 | ---- | M] (WinZip Computing, S.L.) -- C:\Users\Conny\AppData\Roaming\zip.exe [2012.09.21 15:48:36 | 000,101,955 | ---- | M] () -- C:\Users\Conny\AppData\Roaming\me.jpg [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.09 12:50:59 | 000,000,000 | ---- | C] () -- C:\Users\Conny\defogger_reenable [2012.09.21 16:54:12 | 000,000,792 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs [2012.09.21 15:48:46 | 000,154,283 | -H-- | C] () -- C:\Users\Conny\AppData\Roaming\Conny-wchelper.dll [2012.09.21 15:48:36 | 000,101,955 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\me.jpg [2012.07.11 15:58:51 | 000,124,928 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\uadup.dll [2012.06.13 22:34:05 | 000,139,776 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\shlbme.dll [2011.06.19 19:39:29 | 000,000,000 | ---- | C] () -- C:\Users\Conny\AppData\Local\{C0CA2758-088B-4F9C-BC10-F4006C93096B} [2011.06.19 19:23:02 | 000,000,000 | ---- | C] () -- C:\Users\Conny\AppData\Local\{7739FDA9-E4C6-4111-A493-5CECDEC9604B} [2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\Users\Conny\AppData\Local\i2152v11p7d4sg8 [2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\ProgramData\i2152v11p7d4sg8 [2011.03.07 18:33:49 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.03.07 18:33:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.10.16 18:47:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.09.14 12:19:47 | 000,000,088 | RHS- | C] () -- C:\ProgramData\ED5232CE4B.sys [2010.09.14 12:19:45 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.08.08 19:04:27 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2012.10.09 10:51:14 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1256000398-2896390412-820788443-1000\$5a4e273500eb688096663104a53ef100\n. -- File not found [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\$Recycle.Bin\S-1-5-18\$5a4e273500eb688096663104a53ef100\n. -- File not found "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.21 15:54:44 | 000,000,000 | -H-D | M] -- C:\Users\Conny\AppData\Roaming\CC0D762A [2011.08.07 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\DVDVideoSoft [2011.08.07 15:41:52 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.14 17:39:37 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\IrfanView [2011.09.21 13:05:44 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\LimeWire [2010.10.16 18:47:10 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\Thunderbird [2010.08.08 16:34:38 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\TuneUp Software [2010.09.14 15:39:41 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\Ulead Systems [2012.07.13 14:28:55 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\xsecva ========== Purity Check ========== < End of report > EXTRA.TXTOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.10.2012 12:54:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Conny\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1022,18 Mb Total Physical Memory | 522,73 Mb Available Physical Memory | 51,14% Memory free
2,00 Gb Paging File | 1,16 Gb Available in Paging File | 58,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 28,62 Gb Free Space | 38,45% Space Free | Partition Type: NTFS
Computer Name: CONNY-PC | User Name: Conny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = PC Camera (0022.2009.1125.1004)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire 5.5.13
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PPTmovie" = PPTexpert PPTmovie
"Search Toolbar" = Search Toolbar
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.10.2012 06:53:18 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xea8 Startzeit der fehlerhaften Anwendung: 0x01cda60c4a751263 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 8847c3dd-11ff-11e2-a1b8-0013a907be37
Error - 09.10.2012 06:54:18 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x514 Startzeit der fehlerhaften Anwendung: 0x01cda60c6e78b7e1 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: ac2a086f-11ff-11e2-a1b8-0013a907be37
Error - 09.10.2012 06:55:18 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x84c Startzeit der fehlerhaften Anwendung: 0x01cda60c925637bf Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: d007884d-11ff-11e2-a1b8-0013a907be37
Error - 09.10.2012 06:56:19 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xf1c Startzeit der fehlerhaften Anwendung: 0x01cda60cb63d4105 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: f3ec2f39-11ff-11e2-a1b8-0013a907be37
Error - 09.10.2012 06:57:19 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xaa8 Startzeit der fehlerhaften Anwendung: 0x01cda60cda1b0d2e Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 17cc5dbc-1200-11e2-a1b8-0013a907be37
Error - 09.10.2012 06:58:19 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x780 Startzeit der fehlerhaften Anwendung: 0x01cda60cfdfd51c0 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 3bb104a8-1200-11e2-a1b8-0013a907be37
Error - 09.10.2012 06:59:20 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xfc Startzeit der fehlerhaften Anwendung: 0x01cda60d21e45b06 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 5fd1465e-1200-11e2-a1b8-0013a907be37
Error - 09.10.2012 07:00:20 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xa50 Startzeit der fehlerhaften Anwendung: 0x01cda60d45ffd808 Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 83b12896-1200-11e2-a1b8-0013a907be37
Error - 09.10.2012 07:01:20 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xe78 Startzeit der fehlerhaften Anwendung: 0x01cda60d69e6e14e Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: a7d62f00-1200-11e2-a1b8-0013a907be37
Error - 09.10.2012 07:02:21 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0xfe4 Startzeit der fehlerhaften Anwendung: 0x01cda60d8e04c0aa Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: cbb61138-1200-11e2-a1b8-0013a907be37
Error - 09.10.2012 07:03:21 | Computer Name = Conny-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften
Prozesses: 0x238 Startzeit der fehlerhaften Anwendung: 0x01cda60db1e7053c Pfad der
fehlerhaften Anwendung: C:\Windows\System32\svchost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: efcf2be0-1200-11e2-a1b8-0013a907be37
[ System Events ]
Error - 08.10.2012 18:26:25 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Tosrfcom
Error - 08.10.2012 18:27:00 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 08.10.2012 18:27:00 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 08.10.2012 18:27:00 | Computer Name = Conny-PC | Source = DCOM | ID = 10005
Description =
Error - 09.10.2012 04:50:54 | Computer Name = Conny-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?10.?2012 um 10:18:31 unerwartet heruntergefahren.
Error - 09.10.2012 04:51:07 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 09.10.2012 04:51:07 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 09.10.2012 04:51:07 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 09.10.2012 04:51:58 | Computer Name = Conny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Tosrfcom
Error - 09.10.2012 06:38:30 | Computer Name = Conny-PC | Source = DCOM | ID = 10010
Description =
[ TuneUp Events ]
Error - 08.04.2011 15:10:21 | Computer Name = Conny-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
GMER.TXT GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-10-09 16:32:10
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 HTS541080G9SA00 rev.MB4OC65D
Running: 6dmm24cz.exe; Driver: C:\Users\Conny\AppData\Local\Temp\fgloqpog.sys
---- System - GMER 1.0.15 ----
SSDT 8BF90076 ZwCreateSection
SSDT 8BF9007B ZwSetContextThread
SSDT 8BF90017 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7E579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 340 82AAA840 4 Bytes [76, 00, F9, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 82AAABE0 4 Bytes [7B, 00, F9, 8B]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82AAACB8 4 Bytes [17, 00, F9, 8B]
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C426340, 0x295597, 0xE8000020]
.text autochk.exe 00771204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 0077120C 1 Byte [00]
.text autochk.exe 00771210 6 Bytes [BC, E6, 77, 46, 00, 00]
.text autochk.exe 00771217 3 Bytes [80, F2, 0C] {XOR DL, 0xc}
.text autochk.exe 0077121C 1 Byte [00]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[676] ADVAPI32.dll!RegSetValueExA 76741B96 5 Bytes JMP 10161C00 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] ADVAPI32.dll!RegSetValueExW 76741C82 5 Bytes JMP 10161CC0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] ADVAPI32.dll!RegSetValueW 7675FA72 5 Bytes JMP 10161B40 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] ADVAPI32.dll!RegSetValueA 7678F529 5 Bytes JMP 10161A80 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!CreateDialogParamW 77B79BFF 5 Bytes JMP 10161E90 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!CreateWindowExW 77B80E51 5 Bytes JMP 6CD17AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!CreateDialogParamA 77B93E79 5 Bytes JMP 10162010 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxIndirectParamW 77BA4AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxIndirectParamW 77BA4AA7 5 Bytes JMP 6CE658AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!TrackPopupMenu 77BA4B3B 5 Bytes JMP 10161170 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxParamW 77BA564A 5 Bytes JMP 101621F0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!TrackPopupMenuEx 77BA5F72 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!TrackPopupMenuEx 77BA5F72 5 Bytes JMP 101612D0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxParamA 77BBCF6A 5 Bytes JMP 10162100 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!DialogBoxIndirectParamA 77BBD29C 5 Bytes JMP 6CE6590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxIndirectA 77BCE8C9 5 Bytes JMP 6CE657DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxIndirectW 77BCE9C3 5 Bytes JMP 6CE65772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxExA 77BCEA29 5 Bytes JMP 6CE65710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxExW 77BCEA4D 5 Bytes JMP 6CE656AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxA 77BCEA71 5 Bytes JMP 10162370 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] USER32.dll!MessageBoxW 77BCEABF 5 Bytes JMP 10162450 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[676] ole32.dll!OleLoadFromStream 76175B88 5 Bytes JMP 6CE65B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] ADVAPI32.dll!RegSetValueExA 76741B96 5 Bytes JMP 057C1C00 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] ADVAPI32.dll!RegSetValueExW 76741C82 5 Bytes JMP 057C1CC0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] ADVAPI32.dll!RegSetValueW 7675FA72 5 Bytes JMP 057C1B40 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] ADVAPI32.dll!RegSetValueA 7678F529 5 Bytes JMP 057C1A80 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateDialogParamW 77B79BFF 5 Bytes JMP 057C1E90 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!UnhookWindowsHookEx 77B7CC7B 5 Bytes JMP 6CD27E18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CallNextHookEx 77B7CC8F 5 Bytes JMP 6CD094EC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateWindowExW 77B80E51 5 Bytes JMP 6CD17AA7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!SetWindowsHookExW 77B8210A 5 Bytes JMP 6CCC4243 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!CreateDialogParamA 77B93E79 5 Bytes JMP 057C2010 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxIndirectParamW 77BA4AA7 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxIndirectParamW 77BA4AA7 5 Bytes JMP 6CE658AB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!TrackPopupMenu 77BA4B3B 5 Bytes JMP 057C1170 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxParamW 77BA564A 5 Bytes JMP 057C21F0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!TrackPopupMenuEx 77BA5F72 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!TrackPopupMenuEx 77BA5F72 5 Bytes JMP 057C12D0 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxParamA 77BBCF6A 5 Bytes JMP 057C2100 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!DialogBoxIndirectParamA 77BBD29C 5 Bytes JMP 6CE6590E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxIndirectA 77BCE8C9 5 Bytes JMP 6CE657DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxIndirectW 77BCE9C3 5 Bytes JMP 6CE65772 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxExA 77BCEA29 5 Bytes JMP 6CE65710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxExW 77BCEA4D 5 Bytes JMP 6CE656AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxA 77BCEA71 5 Bytes JMP 057C2370 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] USER32.dll!MessageBoxW 77BCEABF 5 Bytes JMP 057C2450 C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] ole32.dll!OleLoadFromStream 76175B88 5 Bytes JMP 6CE65B74 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2840] ole32.dll!CoCreateInstance 761C57FC 5 Bytes JMP 6CD18595 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\y (*** hidden *** ) @ C:\Windows\system32\svchost.exe [912] 0x00E40000
Library c:\windows\system32\y (*** hidden *** ) @ C:\Windows\Explorer.EXE [1728] 0x02390000
---- EOF - GMER 1.0.15 ----
AVIRA-MELDUNG Funde Objekt: 80000032.@ Fund: TR/ATRAPS.Gen2 Aktion: In Quarantäne verschieben Zusammenfassung: Name: TR/ATRAPS.Gen2 Entdeckt am: 08/05/2008 Art: Trojan In freier Wildbahn: Ja Gemeldete Infektionen: Niedrig Verbreitungspotenzial: Niedrig Schadenspotenzial: Niedrig Statische Datei: Nein Engine Version: 7.08.00.16 Allgemein Alias: Ähnliche Erkennung: • TR/ATRAPS.Gen |
|
15.10.2012, 07:53
| #4 | |
| /// the machine /// TB-Ausbilder   | TR/ATRAPS.Gen2 laut Avira - was nun? Hi, Sorry dass Du vergessen wurdest  Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.10.2012, 18:45
| #5 |
| | TR/ATRAPS.Gen2 laut Avira - was nun? Combofix Logfile: Code:
ATTFilter ComboFix 12-10-17.05 - Conny 17.10.2012 19:11:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.1022.258 [GMT 2:00]
ausgeführt von:: c:\users\Conny\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\ED5232CE4B.sys
c:\programdata\lsass.exe
c:\programdata\netdislw.pad
c:\users\Conny\AppData\Roaming\Conny-wchelper.dll
c:\users\Conny\AppData\Roaming\dmctut.dll
c:\users\Conny\AppData\Roaming\shlbme.dll
c:\users\Conny\AppData\Roaming\uadup.dll
c:\users\Conny\AppData\Roaming\zip.exe
c:\windows\system32\firefox
c:\windows\system32\firefox\firefox.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-17 bis 2012-10-17 ))))))))))))))))))))))))))))))
.
.
2012-09-21 14:54 . 2012-09-21 14:54 792 ----a-w- c:\users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 13:14 . 2012-05-28 03:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 13:14 . 2012-05-28 03:28 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-20 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-20 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-04-02 1234216]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 13:14]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 00:33]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 00:33]
.
2012-03-10 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance.job
- c:\program files\TuneUp Utilities 2010\OneClick.exe [2010-02-18 11:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.250
TCP: Interfaces\{32670B16-D541-40F7-885B-B09C62CBE8D8}: DhcpNameServer = 10.0.0.250
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-shlbme - (no file)
HKLM-Run-uadup - (no file)
HKLM-Run-dmctut - c:\users\Conny\AppData\Roaming\dmctut.dll
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2548)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-17 19:35:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-17 17:35
.
Vor Suchlauf: 9 Verzeichnis(se), 31.604.740.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 32.106.774.528 Bytes frei
.
- - End Of File - - AFE93A7B5D46691EDB41348187BCB5CA
|
|
18.10.2012, 06:07
| #6 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 laut Avira - was nun? Hi, Downloade Dir bitte AdwCleaner auf deinen Desktop.
Malwarebytes' Anti-Malware
ESET Online Scanner
Und ein frisches OTL logfile bitte.
__________________ --> TR/ATRAPS.Gen2 laut Avira - was nun? |
|
18.10.2012, 18:35
| #7 |
| | TR/ATRAPS.Gen2 laut Avira - was nun? # AdwCleaner v2.005 - Datei am 18/10/2012 um 19:34:45 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Windows 7 Ultimate (32 bits) # Benutzer : Conny - CONNY-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Conny\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files\Conduit Ordner Gefunden : C:\Program Files\DVDVideoSoftTB Ordner Gefunden : C:\Users\Conny\AppData\Local\Conduit Ordner Gefunden : C:\Users\Conny\AppData\LocalLow\Conduit Ordner Gefunden : C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB Ordner Gefunden : C:\Users\Conny\AppData\LocalLow\PriceGong ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{315E6370-55B1-43EA-B02C-C9E1D336B061} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFC3EA2A-3047-447C-B9C8-AEEDFE3C20B1} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Schlüssel Gefunden : HKLM\SOFTWARE\Software Schlüssel Gefunden : HKU\S-1-5-21-1256000398-2896390412-820788443-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKU\S-1-5-21-1256000398-2896390412-820788443-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7600.16385 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v5.0.375.125 Datei : C:\Users\Conny\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3845 octets] - [18/10/2012 19:34:45] ########## EOF - C:\AdwCleaner[R1].txt - [3905 octets] ########## # AdwCleaner v2.005 - Datei am 18/10/2012 um 19:36:55 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Windows 7 Ultimate (32 bits) # Benutzer : Conny - CONNY-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Conny\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files\Conduit Ordner Gelöscht : C:\Program Files\DVDVideoSoftTB Ordner Gelöscht : C:\Users\Conny\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Conny\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Conny\AppData\LocalLow\DVDVideoSoftTB Ordner Gelöscht : C:\Users\Conny\AppData\LocalLow\PriceGong ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{315E6370-55B1-43EA-B02C-C9E1D336B061} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFC3EA2A-3047-447C-B9C8-AEEDFE3C20B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1E5B314A-6B11-46D8-8CD1-8849041F2A7F} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Software Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7600.16385 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v5.0.375.125 Datei : C:\Users\Conny\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [3974 octets] - [18/10/2012 19:34:45] AdwCleaner[S1].txt - [3585 octets] - [18/10/2012 19:36:55] ########## EOF - C:\AdwCleaner[S1].txt - [3645 octets] ########## |
|
18.10.2012, 19:50
| #8 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 laut Avira - was nun? Dann noch den Rest bitte 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.10.2012, 20:22
| #9 |
| | TR/ATRAPS.Gen2 laut Avira - was nun? kommt schon noch.. AVG ist immer noch nicht fertig mit dem Scan  |
|
18.10.2012, 20:32
| #10 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 laut Avira - was nun? AVG? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.10.2012, 07:15
| #11 |
| | TR/ATRAPS.Gen2 laut Avira - was nun? bin über den download-link zur malwarebytes - antimalware bei avg gelandet. hab mich auch noch gewundert, warum das notwendig sein soll. werbeslogan wurde offenbar gut in die seite eingebaut.. whatever, also nochmal vorn vorn. Malwarebytes Anti-Malware (Test) 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.10.19.03 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Conny :: CONNY-PC [Administrator] Schutz: Aktiviert 19.10.2012 08:32:20 mbam-log-2012-10-19 (08-32-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 382698 Laufzeit: 1 Stunde(n), 21 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\dmctut.dll.vir (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\shlbme.dll.vir (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\uadup.dll.vir (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\assembly\GAC\Desktop.ini (Rootkit.0access) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
19.10.2012, 16:31
| #12 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 laut Avira - was nun? Dann noch das frische OTL logfile bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.10.2012, 00:54
| #13 |
| | TR/ATRAPS.Gen2 laut Avira - was nun? C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo application C:\Qoobox\Quarantine\C\Users\Conny\AppData\Roaming\zip.exe.vir a variant of MSIL/Injector.AOB trojan C:\Users\Conny\Downloads\C60F.tmp Win32/Toolbar.SearchSuite application C:\Users\Conny\Downloads\just_tired_fotos.jpg.zipped.exe a variant of MSIL/Injector.AOB trojan OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.10.2012 01:45:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Conny\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 1022,18 Mb Total Physical Memory | 366,91 Mb Available Physical Memory | 35,89% Memory free 2,00 Gb Paging File | 0,99 Gb Available in Paging File | 49,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,43 Gb Total Space | 27,79 Gb Free Space | 37,33% Space Free | Partition Type: NTFS Computer Name: CONNY-PC | User Name: Conny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.09 12:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2011.06.28 15:08:48 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 23:58:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.04 04:14:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2010.02.18 13:28:44 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010.02.18 13:26:44 | 001,047,368 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.17 06:42:06 | 000,105,632 | ---- | M] (Corel) -- C:\Programme\Common Files\Corel\Standby\Standby.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2008.05.09 13:04:24 | 000,090,112 | ---- | M] (IDT, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe PRC - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe PRC - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2006.10.27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2006.10.26 20:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE PRC - [2006.09.28 21:21:04 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Programme\SlySoft\CloneCD\CloneCDTray.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2012.10.09 15:14:08 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.06.28 15:08:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 23:58:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.08 18:10:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.08.08 16:34:45 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.02.18 13:26:44 | 001,047,368 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.02.18 13:22:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.05.09 13:04:24 | 000,090,112 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV) SRV - [2007.07.24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2006.10.31 22:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006.10.27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Conny\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.10.19 08:30:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.06.28 15:08:59 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 15:08:59 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.08.08 15:46:53 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.05.09 13:05:36 | 000,650,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.11.08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2007.02.20 16:44:00 | 004,457,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2005.08.01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 D8 16 71 95 5A CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{48639E64-816C-1E71-A11F-AF2D7041DC94}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&pc=Z013&form=ZGAIDF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.08.27 22:47:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.16 18:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions [2010.10.16 18:47:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.09 01:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Conny\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: news.ORF.at CHR - Extension: Skype Click to Call = C:\Users\Conny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687\ O1 HOSTS File: ([2012.10.17 19:27:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel) O4 - Startup: C:\Users\Conny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32670B16-D541-40F7-885B-B09C62CBE8D8}: DhcpNameServer = 10.0.0.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF991DB5-4927-4658-80EF-FB7C3AAD8598}: DhcpNameServer = 192.168.100.254 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.19 08:29:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.19 08:23:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.19 08:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.19 08:17:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.18 22:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.18 19:55:13 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Roaming\AVG2013 [2012.10.18 19:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.10.18 19:47:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.10.18 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Local\MFAData [2012.10.18 19:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.10.18 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Local\Avg2013 [2012.10.17 19:28:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.10.17 19:24:35 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.10.17 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Conny\AppData\Local\temp [2012.10.17 19:08:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.10.17 19:08:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.10.17 19:08:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.10.17 19:07:53 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.10.17 19:07:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.10.17 18:59:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.10.09 12:53:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe [2012.10.09 12:49:53 | 000,000,000 | ---D | C] -- C:\Users\Conny\Desktop\Files für TB [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.20 01:31:45 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.20 01:31:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.20 01:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.19 16:30:57 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 16:30:57 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.19 16:26:51 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.10.19 16:25:53 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.19 16:25:26 | 803,872,768 | -HS- | M] () -- C:\hiberfil.sys [2012.10.19 08:30:31 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.10.19 08:17:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.17 19:27:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.10.09 15:26:54 | 000,020,824 | ---- | M] () -- C:\Users\Conny\Desktop\gmer-scan.rtf [2012.10.09 13:18:51 | 000,302,592 | ---- | M] () -- C:\Users\Conny\Desktop\6dmm24cz.exe [2012.10.09 13:17:56 | 000,002,034 | ---- | M] () -- C:\Users\Conny\Desktop\Avira-Meldung.rtf [2012.10.09 12:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Conny\Desktop\OTL.exe [2012.10.09 12:50:59 | 000,000,000 | ---- | M] () -- C:\Users\Conny\defogger_reenable [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.21 16:54:12 | 000,000,792 | ---- | M] () -- C:\Users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs [2012.09.21 15:48:36 | 000,101,955 | ---- | M] () -- C:\Users\Conny\AppData\Roaming\me.jpg [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.19 08:17:40 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.17 19:08:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.10.17 19:08:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.10.17 19:08:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.10.17 19:08:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.10.17 19:08:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.10.09 15:26:54 | 000,020,824 | ---- | C] () -- C:\Users\Conny\Desktop\gmer-scan.rtf [2012.10.09 13:18:51 | 000,302,592 | ---- | C] () -- C:\Users\Conny\Desktop\6dmm24cz.exe [2012.10.09 13:17:56 | 000,002,034 | ---- | C] () -- C:\Users\Conny\Desktop\Avira-Meldung.rtf [2012.10.09 12:50:59 | 000,000,000 | ---- | C] () -- C:\Users\Conny\defogger_reenable [2012.09.21 16:54:12 | 000,000,792 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\Connyv3.3.0.0.vbs [2012.09.21 15:48:36 | 000,101,955 | ---- | C] () -- C:\Users\Conny\AppData\Roaming\me.jpg [2011.06.19 19:39:29 | 000,000,000 | ---- | C] () -- C:\Users\Conny\AppData\Local\{C0CA2758-088B-4F9C-BC10-F4006C93096B} [2011.06.19 19:23:02 | 000,000,000 | ---- | C] () -- C:\Users\Conny\AppData\Local\{7739FDA9-E4C6-4111-A493-5CECDEC9604B} [2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\Users\Conny\AppData\Local\i2152v11p7d4sg8 [2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\ProgramData\i2152v11p7d4sg8 [2011.03.07 18:33:49 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.03.07 18:33:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.09.14 12:19:45 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.08.08 19:04:27 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.18 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\AVG2013 [2012.09.21 15:54:44 | 000,000,000 | -H-D | M] -- C:\Users\Conny\AppData\Roaming\CC0D762A [2011.08.07 15:42:56 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\DVDVideoSoft [2011.08.07 15:41:52 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.14 17:39:37 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\IrfanView [2011.09.21 13:05:44 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\LimeWire [2010.10.16 18:47:10 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\Thunderbird [2012.10.18 19:54:01 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\TuneUp Software [2010.09.14 15:39:41 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\Ulead Systems [2012.07.13 14:28:55 | 000,000,000 | ---D | M] -- C:\Users\Conny\AppData\Roaming\xsecva ========== Purity Check ========== < End of report > |
|
20.10.2012, 14:46
| #14 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 laut Avira - was nun? Hi, wie läuft der Rechner? Downloads-Ordner bitte leeren und anschliessend Papierkorb leeren. Fixen mit OTL
Code:
ATTFilter :OTL
[2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\Users\Conny\AppData\Local\i2152v11p7d4sg8
[2011.05.05 01:31:39 | 000,013,826 | -HS- | C] () -- C:\ProgramData\i2152v11p7d4sg8
:Commands
[emptytemp]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.10.2012, 21:09
| #15 |
| | TR/ATRAPS.Gen2 laut Avira - was nun? bisher kam die trojaner-meldung nicht mehr hier noch das file: All processes killed ========== OTL ========== C:\Users\Conny\AppData\Local\i2152v11p7d4sg8 moved successfully. C:\ProgramData\i2152v11p7d4sg8 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Conny ->Temp folder emptied: 942433 bytes ->Temporary Internet Files folder emptied: 58476496 bytes ->Java cache emptied: 184518 bytes ->Google Chrome cache emptied: 157630741 bytes ->Flash cache emptied: 23296 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 24 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 82 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 207,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 10212012_215917 Files\Folders moved on Reboot... File move failed. C:\Windows\S46FC2DEC.tmp scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
| Themen zu TR/ATRAPS.Gen2 laut Avira - was nun? |
| andere, anderen, avira, folge, folgendes, forum, fund, gestern, google, hoffe, infos, laptop, nachfrage, problem, quarantäne, schei, system, thema, theme, themen, tr/atraps.gen, trojaner, verschoben, weiterhelfen, windows |
.
Linear-Darstellung
