| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.10.2012, 18:43
| #1 |
 |  rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm? Hallo, seit ein paar Tagen habe ich einen Ersatznotebook da meins in Reparatur ist. Es macht folgende Probleme: Programme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden (auch schliesen und minimieren) manchmal friert dann der Bildschirm ein. Auch der Taskmanager friert ein, so dass ich keine Programme stoppen kann. Ich vermute einen Wurm, da ich auf der Suche nach der Ursache folgenden Prozess: csrss.exe, gefunden habe. Sie befindet sich nicht im Ordner C:\Windows\System32 (Habe gelesen, dass es dann ein Wurm ist) Malwarebyte und Avira haben nichts gefunden. Nachfolgend die Scans Danke schon mal für Hilfe pink96 OTL logfile created on: 17.10.2012 13:09:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helmut\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,56 Mb Total Physical Memory | 332,44 Mb Available Physical Memory | 32,80% Memory free 1,41 Gb Paging File | 0,43 Gb Available in Paging File | 30,38% Paging File free Paging file location(s): c:\pagefile.sys 200 1519 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,50 Gb Total Space | 64,87 Gb Free Space | 68,65% Space Free | Partition Type: NTFS Drive D: | 17,28 Gb Total Space | 11,00 Gb Free Space | 63,63% Space Free | Partition Type: FAT32 Computer Name: HELMUT-PC | User Name: Helmut | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.17 13:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe PRC - [2012.10.11 03:04:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2010.03.02 17:01:01 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.03.02 16:20:48 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2006.11.02 14:34:33 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows NT\Accessories\wordpad.exe PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (No Company Name) ========== MOD - [2012.10.11 03:04:42 | 002,294,240 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV - [2012.10.14 15:23:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.11 03:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2012.09.24 14:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.07.17 15:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Disabled | Stopped] -- C:\Programme\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant) SRV - [2010.03.02 17:46:58 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL) SRV - [2006.11.02 14:36:18 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC) SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.10.17 12:09:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6974A36B-196A-4A28-879F-59726001C599}\MpKsld3ad063c.sys -- (MpKsld3ad063c) DRV - [2012.10.17 11:04:04 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6974A36B-196A-4A28-879F-59726001C599}\MpKsl983b2931.sys -- (MpKsl983b2931) DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.09.13 10:58:24 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.07.29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT706990&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.6 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: compatibility@addons.mozilla.org:1.1 FF - prefs.js..extensions.enabledAddons: trackmenot@mrl.nyu.edu:0.6.728 FF - prefs.js..extensions.enabledAddons: yesscript@userstyles.org:1.9 FF - prefs.js..extensions.enabledAddons: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2 FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.19 FF - prefs.js..network.proxy.http: "94.102.153.147" FF - prefs.js..network.proxy.http_port: 8888 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.14 14:29:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.15 13:12:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.10.14 14:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions [2012.10.15 16:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions [2012.10.15 16:14:38 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.10.15 16:14:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.10.15 16:14:38 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions\firefox@ghostery.com [2012.10.15 16:14:21 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions\foxyproxy@eric.h.jung [2012.03.30 12:08:44 | 000,164,722 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\compatibility@addons.mozilla.org.xpi [2012.10.15 16:14:03 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\spam@trashmail.net.xpi [2012.03.30 12:45:16 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\trackmenot@mrl.nyu.edu.xpi [2012.03.30 12:46:08 | 000,053,072 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\yesscript@userstyles.org.xpi [2012.03.30 12:41:02 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2012.10.15 16:14:39 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.03.30 12:58:30 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2012.10.15 16:14:39 | 000,061,406 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012.10.15 16:14:39 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.30 12:10:06 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.15 16:14:39 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2012.06.06 13:31:46 | 000,000,935 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\conduit.xml [2012.05.08 15:12:58 | 000,002,002 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\donnerwetter.xml [2012.06.13 16:25:38 | 000,001,610 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\ixquick-https---deutsch.xml [2012.05.02 18:00:38 | 000,001,105 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\metager.xml [2012.06.10 13:43:32 | 000,002,102 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\wot-safe-search.xml [2012.03.30 13:19:28 | 000,000,791 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\woxikonde-synonyme.xml [2012.10.14 14:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41E114CB-756D-4FE6-B41A-A453D2333717}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96C62BD1-B9A3-4254-96AA-886AF9A35B50}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.03.02 00:03:16 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.17 13:08:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2012.10.15 16:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2012.10.15 16:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup [2012.10.15 13:14:33 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Thunderbird [2012.10.15 13:14:20 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Thunderbird [2012.10.15 13:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2012.10.15 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\MigWiz [2012.10.15 11:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.10.15 11:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.10.15 11:37:22 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Avira [2012.10.15 11:32:20 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Secunia PSI [2012.10.15 11:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2012.10.15 11:09:48 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Malwarebytes [2012.10.15 11:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.15 11:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.15 11:09:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.15 11:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.15 10:57:40 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Wise Care 365 [2012.10.15 10:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365 [2012.10.15 10:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wise [2012.10.15 10:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.10.15 10:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.15 10:29:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.10.15 10:29:45 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.10.15 10:29:45 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.10.15 10:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.15 10:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.10.15 10:11:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64 [2012.10.15 09:51:22 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.10.14 16:27:46 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Apps [2012.10.14 14:31:00 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Mozilla [2012.10.14 14:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.10.14 14:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.10.14 14:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.10.17 13:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe [2012.10.17 13:05:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.17 13:05:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.17 12:59:18 | 000,000,000 | ---- | M] () -- C:\Users\Helmut\defogger_reenable [2012.10.17 12:57:16 | 000,050,477 | ---- | M] () -- C:\Users\Helmut\Desktop\Defogger.exe [2012.10.17 12:43:20 | 000,001,327 | ---- | M] () -- C:\Users\Helmut\Documents\Systemübersicht.rtf [2012.10.17 12:25:54 | 000,001,430 | ---- | M] () -- C:\Users\Helmut\Documents\cc_20121017_122514.reg [2012.10.17 12:13:35 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.17 12:13:35 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.17 12:13:35 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.17 12:13:35 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.17 12:05:42 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.17 12:05:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.17 12:04:58 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys [2012.10.17 11:49:32 | 000,000,680 | ---- | M] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat [2012.10.16 17:50:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4150379D-EB6A-4F10-85B1-35D5B6BC8638}.job [2012.10.15 16:00:24 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk [2012.10.15 15:14:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.15 15:13:57 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job [2012.10.15 15:01:40 | 000,001,537 | ---- | M] () -- C:\Users\Helmut\Desktop\Windows Explorer.lnk [2012.10.15 13:17:01 | 000,000,854 | ---- | M] () -- C:\Users\Helmut\Desktop\psi.exe - Verknüpfung.lnk [2012.10.15 13:13:34 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.10.15 13:07:41 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.10.15 11:09:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.15 10:57:18 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk [2012.10.15 10:47:51 | 000,006,602 | ---- | M] () -- C:\Users\Helmut\Documents\cc_20121015_104733.reg [2012.10.15 10:44:42 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.15 10:30:45 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.14 15:14:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.10.14 14:30:34 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2012.10.17 12:59:18 | 000,000,000 | ---- | C] () -- C:\Users\Helmut\defogger_reenable [2012.10.17 12:57:14 | 000,050,477 | ---- | C] () -- C:\Users\Helmut\Desktop\Defogger.exe [2012.10.17 12:43:20 | 000,001,327 | ---- | C] () -- C:\Users\Helmut\Documents\Systemübersicht.rtf [2012.10.17 12:25:33 | 000,001,430 | ---- | C] () -- C:\Users\Helmut\Documents\cc_20121017_122514.reg [2012.10.17 12:04:58 | 1063,444,480 | -HS- | C] () -- C:\hiberfil.sys [2012.10.17 11:49:32 | 000,000,680 | ---- | C] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat [2012.10.15 16:00:24 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2012.10.15 15:01:40 | 000,001,537 | ---- | C] () -- C:\Users\Helmut\Desktop\Windows Explorer.lnk [2012.10.15 13:16:56 | 000,000,854 | ---- | C] () -- C:\Users\Helmut\Desktop\psi.exe - Verknüpfung.lnk [2012.10.15 13:13:34 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2012.10.15 13:13:30 | 000,001,806 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.10.15 13:07:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.10.15 11:31:59 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.10.15 11:09:22 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.15 11:05:12 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job [2012.10.15 10:57:18 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk [2012.10.15 10:47:46 | 000,006,602 | ---- | C] () -- C:\Users\Helmut\Documents\cc_20121015_104733.reg [2012.10.15 10:44:42 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.15 10:30:45 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.14 14:30:34 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.14 14:30:33 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.09.06 11:16:17 | 000,001,084 | ---- | C] () -- C:\Users\Helmut\WINWORD - Verknüpfung.lnk [2010.08.19 15:52:26 | 000,004,608 | ---- | C] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.03.02 17:10:14 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.03.02 16:45:05 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.15 16:40:09 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\FRITZ! [2010.09.03 14:21:17 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\ProtectDisc [2012.10.15 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Thunderbird [2012.10.17 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Wise Care 365 ========== Purity Check ========== < End of report > OTL Extras logfile created on: 17.10.2012 13:09:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helmut\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,56 Mb Total Physical Memory | 332,44 Mb Available Physical Memory | 32,80% Memory free 1,41 Gb Paging File | 0,43 Gb Available in Paging File | 30,38% Paging File free Paging file location(s): c:\pagefile.sys 200 1519 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 94,50 Gb Total Space | 64,87 Gb Free Space | 68,65% Space Free | Partition Type: NTFS Drive D: | 17,28 Gb Total Space | 11,00 Gb Free Space | 63,63% Space Free | Partition Type: FAT32 Computer Name: HELMUT-PC | User Name: Helmut | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3187988889-387010367-53492674-1000] "EnableNotificationsRef" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E91CE3-8CE8-47E7-9874-D8036C1EBFBD}" = lport=138 | protocol=17 | dir=in | app=system | "{3C4D619A-D9F9-465E-BEDB-0F5A425F76FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{548FEF0F-4AB2-4F19-8BF8-4A364E6D85A6}" = lport=139 | protocol=6 | dir=in | app=system | "{74C69D40-5AA6-414D-821E-0908B61042FE}" = lport=445 | protocol=6 | dir=in | app=system | "{8793FF19-AA22-4ABB-A8BA-439B6173A106}" = lport=137 | protocol=17 | dir=in | app=system | "{A2393435-103E-4BD0-9F13-A38ADA98EA0A}" = rport=138 | protocol=17 | dir=out | app=system | "{B06C317C-0709-4C90-ADCD-49657DE8C3D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B3A2BC17-2678-41D9-8F0C-911716365EC5}" = rport=445 | protocol=6 | dir=out | app=system | "{CE8A1162-1386-422C-9A6E-027067D493EB}" = rport=137 | protocol=17 | dir=out | app=system | "{E9818C26-1E16-47A7-BEDA-A757E8661E2E}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0B61DD26-AC8E-48A3-9ABA-FE402BBCEBCE}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "{1540BE08-A67B-4427-A93C-B23E2D1B9135}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{23DCA49F-E0A4-46D0-B9C2-E2B7F6C5C289}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{38BE21FE-C25E-4BFF-AFFE-053013A32408}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{3E38FF2E-1F09-4D25-B921-C1052814374D}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | "{457CCEC7-9A0B-4210-AA18-60422D77A261}" = protocol=6 | dir=in | app=c:\program files\mozbackup\mozbackup.exe | "{47F547C1-FF38-4605-9B25-12E5E1EFB2E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4CCDDE92-87E2-4F06-AA30-A557D75C5154}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{4D3AF787-3A51-45DF-B00A-2CD1213009B1}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | "{4D5DC04D-75EF-43FC-85BD-007A6904867E}" = protocol=17 | dir=in | app=c:\program files\secunia\psi\psi.exe | "{54BC24DC-C54D-4D06-B48A-5AF7CFB9F6F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{57A58307-57AD-44BC-9672-F07EBDF56E62}" = protocol=17 | dir=in | app=c:\program files\mozbackup\mozbackup.exe | "{5A03946E-4463-4894-A630-2706AD3B2053}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5EDF98D5-2C8F-488F-BD2B-680B8766665A}" = protocol=6 | dir=in | app=c:\program files\secunia\psi\psi.exe | "{6973DE0B-4486-4E79-B5B8-1792FE2A605E}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | "{6B5A23E7-CC1B-489E-A423-9CE52C2157EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{7F66AFFE-A8C5-48D6-A61E-FBF11D538367}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{7F70C4A6-2B96-4DCE-99AD-D7224035F219}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{8179761D-5564-4A59-A80D-D1CCBD633750}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{83E6D609-9294-4A70-9F52-104DD758312B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | "{950EAFD8-42CB-4D18-BF54-C4BF00AD8D9C}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | "{9B7B38D2-A4B0-4B53-9D27-D02C364EA0E1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9D2E77D5-C0D0-4C33-852E-42BF5D8D9CDE}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | "{A2683BA3-B97F-43B7-A923-E6E16BCC3E5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A92DA9C8-B913-4E3A-8940-8F504540CCB5}" = protocol=6 | dir=in | app=c:\program files\wise\wise care 365\wisecare365.exe | "{B7045562-B4AE-49B0-9359-60988B258AEF}" = protocol=17 | dir=in | app=c:\program files\wise\wise care 365\wisecare365.exe | "{B8A7B395-BE63-4C6B-9D08-23546427EE0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BEC46463-DE90-41C1-A947-430C02245F57}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe | "{CC4F1104-A93F-405F-9059-794AEEBBA94B}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{D11C58E3-BD59-41B9-A856-6C22ED3AF242}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | "{E2EF4D21-22EB-4500-B244-5CBEF0BB4124}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "{E5138932-9852-436E-AA53-BB4D6F26881E}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe | "{E944B1BE-CC26-4A07-8DF0-8F6E26BA318B}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe | "{FBFF736C-59A9-4B49-A636-E54E704DEA78}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003 "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.03 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "CCleaner" = CCleaner "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "MozBackup" = MozBackup 1.5.1 "Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de) "Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Secunia PSI" = Secunia PSI (3.0.0.4001) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.10.2012 07:18:46 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 15.10.2012 07:20:58 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 15.10.2012 07:52:52 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 15.10.2012 07:56:13 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 15.10.2012 09:05:40 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.0.6000.16771 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 75c Anfangszeit: 01cdaad44f16268b Zeitpunkt der Beendigung: 0 Error - 15.10.2012 11:40:44 | Computer Name = Helmut-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6000.16771, Zeitstempel 0x4907deda, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x450, Anwendungsstartzeit 01cdaae698fd982b. Error - 15.10.2012 11:41:02 | Computer Name = Helmut-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6000.16771, Zeitstempel 0x4907deda, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00061f2a, Prozess-ID 0x450, Anwendungsstartzeit 01cdaae698fd982b. Error - 16.10.2012 10:16:38 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002 Description = Programm avcenter.exe, Version 13.4.0.184 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: ffc Anfangszeit: 01cdaba7a5f3091c Zeitpunkt der Beendigung: 0 Error - 16.10.2012 10:24:31 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002 Description = Programm Taskmgr.exe, Version 6.0.6000.16386 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 1e0 Anfangszeit: 01cdaba8452d45ec Zeitpunkt der Beendigung: 827 Error - 17.10.2012 05:14:12 | Computer Name = Helmut-PC | Source = EventSystem | ID = 4609 Description = [ System Events ] Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = < End of report > GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-10-17 18:18:06 Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1200BEVS-22LAT0 rev.01.06M01 Running: yfpxx08o.exe; Driver: C:\Users\Helmut\AppData\Local\Temp\pwlyrpoc.sys ---- System - GMER 1.0.15 ---- SSDT 895D5214 ZwClose SSDT 895D521E ZwCreateSection SSDT 895D520F ZwDuplicateObject SSDT 895D51B0 ZwOpenProcess SSDT 895D51B5 ZwOpenThread SSDT 895D5228 ZwRequestWaitReplyPort SSDT 895D5223 ZwSetContextThread SSDT 895D522D ZwSetSecurityObject SSDT 895D5232 ZwSystemDebugControl SSDT 895D51BF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_alloca_probe + EC 81855E5C 4 Bytes [14, 52, 5D, 89] .text ntoskrnl.exe!_alloca_probe + 158 81855EC8 4 Bytes [1E, 52, 5D, 89] .text ntoskrnl.exe!_alloca_probe + 230 81855FA0 4 Bytes [0F, 52, 5D, 89] {RSQRTPS XMM3, DQWORD [EBP-0x77]} .text ntoskrnl.exe!_alloca_probe + 334 818560A4 4 Bytes [B0, 51, 5D, 89] .text ntoskrnl.exe!_alloca_probe + 350 818560C0 4 Bytes [B5, 51, 5D, 89] .text ... PAGE spsys.sys!?SPVersion@@3PADA + 1807 A36E603F 504 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1A00 A36E6238 434 Bytes [04, 3B, C1, 73, 05, 8B, 02, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1BB3 A36E63EB 120 Bytes [5D, 0C, EB, 03, 8B, 4D, 10, ...] PAGE spsys.sys!?SPVersion@@3PADA + 1C2C A36E6464 1379 Bytes [8B, 4E, 10, 31, 4D, D4, 8B, ...] PAGE spsys.sys!?SPVersion@@3PADA + 2190 A36E69C8 478 Bytes [87, 37, 0E, 00, 00, FF, 24, ...] PAGE ... .reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xA483D300, 0x25D4C, 0xE0000060] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
| Themen zu rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm? |
| antivir, avira, bildschirm, dsl, error, firefox, flash player, format, hijack, hijackthis, home, install.exe, intranet, logfile, mozilla, ntdll.dll, prozess, realtek, registry, rundll, secunia psi, security, software, spam, system, taskmanager, vista, windows, wurm, würmer |
Baum-Darstellung