Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 17.10.2012, 18:43   #1
pink96
 
rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm? - Standard

rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm?



Hallo,
seit ein paar Tagen habe ich einen Ersatznotebook da meins in Reparatur ist. Es macht folgende Probleme: Programme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden (auch schliesen und minimieren) manchmal friert dann der Bildschirm ein. Auch der Taskmanager friert ein, so dass ich keine Programme stoppen kann. Ich vermute einen Wurm, da ich auf der Suche nach der Ursache folgenden Prozess: csrss.exe, gefunden habe. Sie befindet sich nicht im Ordner C:\Windows\System32 (Habe gelesen, dass es dann ein Wurm ist)
Malwarebyte und Avira haben nichts gefunden. Nachfolgend die Scans
Danke schon mal für Hilfe
pink96

OTL logfile created on: 17.10.2012 13:09:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helmut\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013,56 Mb Total Physical Memory | 332,44 Mb Available Physical Memory | 32,80% Memory free
1,41 Gb Paging File | 0,43 Gb Available in Paging File | 30,38% Paging File free
Paging file location(s): c:\pagefile.sys 200 1519 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,50 Gb Total Space | 64,87 Gb Free Space | 68,65% Space Free | Partition Type: NTFS
Drive D: | 17,28 Gb Total Space | 11,00 Gb Free Space | 63,63% Space Free | Partition Type: FAT32

Computer Name: HELMUT-PC | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.10.17 13:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
PRC - [2012.10.11 03:04:29 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010.03.02 17:01:01 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.03.02 16:20:48 | 001,232,896 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2006.11.02 14:34:33 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows NT\Accessories\wordpad.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe


========== Modules (No Company Name) ==========

MOD - [2012.10.11 03:04:42 | 002,294,240 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV - [2012.10.14 15:23:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.11 03:04:37 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.09.25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.09.24 14:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.09.24 14:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.17 15:25:28 | 000,580,648 | ---- | M] (WiseCleaner.com) [Disabled | Stopped] -- C:\Programme\Wise\Wise Care 365\BootTime.exe -- (WiseBootAssistant)
SRV - [2010.03.02 17:46:58 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.28 16:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2006.11.02 14:36:18 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.10.17 12:09:35 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6974A36B-196A-4A28-879F-59726001C599}\MpKsld3ad063c.sys -- (MpKsld3ad063c)
DRV - [2012.10.17 11:04:04 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6974A36B-196A-4A28-879F-59726001C599}\MpKsl983b2931.sys -- (MpKsl983b2931)
DRV - [2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 10:58:24 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.07.29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT706990&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.6
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: compatibility@addons.mozilla.org:1.1
FF - prefs.js..extensions.enabledAddons: trackmenot@mrl.nyu.edu:0.6.728
FF - prefs.js..extensions.enabledAddons: yesscript@userstyles.org:1.9
FF - prefs.js..extensions.enabledAddons: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0
FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.19
FF - prefs.js..network.proxy.http: "94.102.153.147"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.14 14:29:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.10.15 13:12:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2012.10.14 14:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Extensions
[2012.10.15 16:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions
[2012.10.15 16:14:38 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.10.15 16:14:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.10.15 16:14:38 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions\firefox@ghostery.com
[2012.10.15 16:14:21 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Helmut\AppData\Roaming\mozilla\Firefox\Profiles\iz72a6q5.default\extensions\foxyproxy@eric.h.jung
[2012.03.30 12:08:44 | 000,164,722 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\compatibility@addons.mozilla.org.xpi
[2012.10.15 16:14:03 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\spam@trashmail.net.xpi
[2012.03.30 12:45:16 | 000,067,428 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\trackmenot@mrl.nyu.edu.xpi
[2012.03.30 12:46:08 | 000,053,072 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\yesscript@userstyles.org.xpi
[2012.03.30 12:41:02 | 000,081,156 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi
[2012.10.15 16:14:39 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.03.30 12:58:30 | 000,022,573 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
[2012.10.15 16:14:39 | 000,061,406 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.10.15 16:14:39 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.30 12:10:06 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.10.15 16:14:39 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2012.06.06 13:31:46 | 000,000,935 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\conduit.xml
[2012.05.08 15:12:58 | 000,002,002 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\donnerwetter.xml
[2012.06.13 16:25:38 | 000,001,610 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\ixquick-https---deutsch.xml
[2012.05.02 18:00:38 | 000,001,105 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\metager.xml
[2012.06.10 13:43:32 | 000,002,102 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\wot-safe-search.xml
[2012.03.30 13:19:28 | 000,000,791 | ---- | M] () -- C:\Users\Helmut\AppData\Roaming\mozilla\firefox\profiles\iz72a6q5.default\searchplugins\woxikonde-synonyme.xml
[2012.10.14 14:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.11 03:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41E114CB-756D-4FE6-B41A-A453D2333717}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96C62BD1-B9A3-4254-96AA-886AF9A35B50}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.02 00:03:16 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.17 13:08:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2012.10.15 16:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.10.15 16:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2012.10.15 13:14:33 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Thunderbird
[2012.10.15 13:14:20 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Thunderbird
[2012.10.15 13:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012.10.15 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\MigWiz
[2012.10.15 11:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.10.15 11:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.10.15 11:37:22 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Avira
[2012.10.15 11:32:20 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Secunia PSI
[2012.10.15 11:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.10.15 11:09:48 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Malwarebytes
[2012.10.15 11:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.15 11:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.15 11:09:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.15 11:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.15 10:57:40 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Roaming\Wise Care 365
[2012.10.15 10:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
[2012.10.15 10:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2012.10.15 10:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.15 10:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.15 10:29:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.15 10:29:45 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.15 10:29:45 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.15 10:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.15 10:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.15 10:11:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2012.10.15 09:51:22 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.14 16:27:46 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Apps
[2012.10.14 14:31:00 | 000,000,000 | ---D | C] -- C:\Users\Helmut\AppData\Local\Mozilla
[2012.10.14 14:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.10.14 14:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.14 14:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012.10.17 13:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Helmut\Desktop\OTL.exe
[2012.10.17 13:05:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 13:05:22 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 12:59:18 | 000,000,000 | ---- | M] () -- C:\Users\Helmut\defogger_reenable
[2012.10.17 12:57:16 | 000,050,477 | ---- | M] () -- C:\Users\Helmut\Desktop\Defogger.exe
[2012.10.17 12:43:20 | 000,001,327 | ---- | M] () -- C:\Users\Helmut\Documents\Systemübersicht.rtf
[2012.10.17 12:25:54 | 000,001,430 | ---- | M] () -- C:\Users\Helmut\Documents\cc_20121017_122514.reg
[2012.10.17 12:13:35 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.17 12:13:35 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.17 12:13:35 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.17 12:13:35 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.17 12:05:42 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.17 12:05:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.17 12:04:58 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 11:49:32 | 000,000,680 | ---- | M] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat
[2012.10.16 17:50:38 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4150379D-EB6A-4F10-85B1-35D5B6BC8638}.job
[2012.10.15 16:00:24 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.10.15 15:14:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.15 15:13:57 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2012.10.15 15:01:40 | 000,001,537 | ---- | M] () -- C:\Users\Helmut\Desktop\Windows Explorer.lnk
[2012.10.15 13:17:01 | 000,000,854 | ---- | M] () -- C:\Users\Helmut\Desktop\psi.exe - Verknüpfung.lnk
[2012.10.15 13:13:34 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.10.15 13:07:41 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.10.15 11:09:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 10:57:18 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2012.10.15 10:47:51 | 000,006,602 | ---- | M] () -- C:\Users\Helmut\Documents\cc_20121015_104733.reg
[2012.10.15 10:44:42 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.15 10:30:45 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.14 15:14:23 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.10.14 14:30:34 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys

========== Files Created - No Company Name ==========

[2012.10.17 12:59:18 | 000,000,000 | ---- | C] () -- C:\Users\Helmut\defogger_reenable
[2012.10.17 12:57:14 | 000,050,477 | ---- | C] () -- C:\Users\Helmut\Desktop\Defogger.exe
[2012.10.17 12:43:20 | 000,001,327 | ---- | C] () -- C:\Users\Helmut\Documents\Systemübersicht.rtf
[2012.10.17 12:25:33 | 000,001,430 | ---- | C] () -- C:\Users\Helmut\Documents\cc_20121017_122514.reg
[2012.10.17 12:04:58 | 1063,444,480 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.17 11:49:32 | 000,000,680 | ---- | C] () -- C:\Users\Helmut\AppData\Local\d3d9caps.dat
[2012.10.15 16:00:24 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.10.15 15:01:40 | 000,001,537 | ---- | C] () -- C:\Users\Helmut\Desktop\Windows Explorer.lnk
[2012.10.15 13:16:56 | 000,000,854 | ---- | C] () -- C:\Users\Helmut\Desktop\psi.exe - Verknüpfung.lnk
[2012.10.15 13:13:34 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2012.10.15 13:13:30 | 000,001,806 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.10.15 13:07:39 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.10.15 11:31:59 | 000,000,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.10.15 11:09:22 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 11:05:12 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
[2012.10.15 10:57:18 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\Wise Care 365.lnk
[2012.10.15 10:47:46 | 000,006,602 | ---- | C] () -- C:\Users\Helmut\Documents\cc_20121015_104733.reg
[2012.10.15 10:44:42 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.15 10:30:45 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.14 14:30:34 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.14 14:30:33 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.03.28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.03.28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.03.28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.03.28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.09.06 11:16:17 | 000,001,084 | ---- | C] () -- C:\Users\Helmut\WINWORD - Verknüpfung.lnk
[2010.08.19 15:52:26 | 000,004,608 | ---- | C] () -- C:\Users\Helmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.03.02 17:10:14 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.03.02 16:45:05 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.10.15 16:40:09 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\FRITZ!
[2010.09.03 14:21:17 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\ProtectDisc
[2012.10.15 13:14:55 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Thunderbird
[2012.10.17 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\Helmut\AppData\Roaming\Wise Care 365

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 17.10.2012 13:09:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Helmut\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013,56 Mb Total Physical Memory | 332,44 Mb Available Physical Memory | 32,80% Memory free
1,41 Gb Paging File | 0,43 Gb Available in Paging File | 30,38% Paging File free
Paging file location(s): c:\pagefile.sys 200 1519 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,50 Gb Total Space | 64,87 Gb Free Space | 68,65% Space Free | Partition Type: NTFS
Drive D: | 17,28 Gb Total Space | 11,00 Gb Free Space | 63,63% Space Free | Partition Type: FAT32

Computer Name: HELMUT-PC | User Name: Helmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3187988889-387010367-53492674-1000]
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E91CE3-8CE8-47E7-9874-D8036C1EBFBD}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C4D619A-D9F9-465E-BEDB-0F5A425F76FA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{548FEF0F-4AB2-4F19-8BF8-4A364E6D85A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{74C69D40-5AA6-414D-821E-0908B61042FE}" = lport=445 | protocol=6 | dir=in | app=system |
"{8793FF19-AA22-4ABB-A8BA-439B6173A106}" = lport=137 | protocol=17 | dir=in | app=system |
"{A2393435-103E-4BD0-9F13-A38ADA98EA0A}" = rport=138 | protocol=17 | dir=out | app=system |
"{B06C317C-0709-4C90-ADCD-49657DE8C3D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3A2BC17-2678-41D9-8F0C-911716365EC5}" = rport=445 | protocol=6 | dir=out | app=system |
"{CE8A1162-1386-422C-9A6E-027067D493EB}" = rport=137 | protocol=17 | dir=out | app=system |
"{E9818C26-1E16-47A7-BEDA-A757E8661E2E}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B61DD26-AC8E-48A3-9ABA-FE402BBCEBCE}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{1540BE08-A67B-4427-A93C-B23E2D1B9135}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{23DCA49F-E0A4-46D0-B9C2-E2B7F6C5C289}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{38BE21FE-C25E-4BFF-AFFE-053013A32408}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{3E38FF2E-1F09-4D25-B921-C1052814374D}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe |
"{457CCEC7-9A0B-4210-AA18-60422D77A261}" = protocol=6 | dir=in | app=c:\program files\mozbackup\mozbackup.exe |
"{47F547C1-FF38-4605-9B25-12E5E1EFB2E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4CCDDE92-87E2-4F06-AA30-A557D75C5154}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{4D3AF787-3A51-45DF-B00A-2CD1213009B1}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe |
"{4D5DC04D-75EF-43FC-85BD-007A6904867E}" = protocol=17 | dir=in | app=c:\program files\secunia\psi\psi.exe |
"{54BC24DC-C54D-4D06-B48A-5AF7CFB9F6F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{57A58307-57AD-44BC-9672-F07EBDF56E62}" = protocol=17 | dir=in | app=c:\program files\mozbackup\mozbackup.exe |
"{5A03946E-4463-4894-A630-2706AD3B2053}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5EDF98D5-2C8F-488F-BD2B-680B8766665A}" = protocol=6 | dir=in | app=c:\program files\secunia\psi\psi.exe |
"{6973DE0B-4486-4E79-B5B8-1792FE2A605E}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{6B5A23E7-CC1B-489E-A423-9CE52C2157EF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7F66AFFE-A8C5-48D6-A61E-FBF11D538367}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7F70C4A6-2B96-4DCE-99AD-D7224035F219}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{8179761D-5564-4A59-A80D-D1CCBD633750}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{83E6D609-9294-4A70-9F52-104DD758312B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe |
"{950EAFD8-42CB-4D18-BF54-C4BF00AD8D9C}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |
"{9B7B38D2-A4B0-4B53-9D27-D02C364EA0E1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9D2E77D5-C0D0-4C33-852E-42BF5D8D9CDE}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{A2683BA3-B97F-43B7-A923-E6E16BCC3E5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A92DA9C8-B913-4E3A-8940-8F504540CCB5}" = protocol=6 | dir=in | app=c:\program files\wise\wise care 365\wisecare365.exe |
"{B7045562-B4AE-49B0-9359-60988B258AEF}" = protocol=17 | dir=in | app=c:\program files\wise\wise care 365\wisecare365.exe |
"{B8A7B395-BE63-4C6B-9D08-23546427EE0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BEC46463-DE90-41C1-A947-430C02245F57}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{CC4F1104-A93F-405F-9059-794AEEBBA94B}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{D11C58E3-BD59-41B9-A856-6C22ED3AF242}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{E2EF4D21-22EB-4500-B244-5CBEF0BB4124}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{E5138932-9852-436E-AA53-BB4D6F26881E}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"{E944B1BE-CC26-4A07-8DF0-8F6E26BA318B}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{FBFF736C-59A9-4B49-A636-E54E704DEA78}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1" = Wise Care 365 version 2.03
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Secunia PSI" = Secunia PSI (3.0.0.4001)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15.10.2012 07:18:46 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15.10.2012 07:20:58 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15.10.2012 07:52:52 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15.10.2012 07:56:13 | Computer Name = Helmut-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 15.10.2012 09:05:40 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16771 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 75c Anfangszeit: 01cdaad44f16268b Zeitpunkt
der Beendigung: 0

Error - 15.10.2012 11:40:44 | Computer Name = Helmut-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6000.16771, Zeitstempel
0x4907deda, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0x450, Anwendungsstartzeit
01cdaae698fd982b.

Error - 15.10.2012 11:41:02 | Computer Name = Helmut-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6000.16771, Zeitstempel
0x4907deda, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x00061f2a, Prozess-ID 0x450, Anwendungsstartzeit
01cdaae698fd982b.

Error - 16.10.2012 10:16:38 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 13.4.0.184 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: ffc Anfangszeit: 01cdaba7a5f3091c Zeitpunkt der
Beendigung: 0

Error - 16.10.2012 10:24:31 | Computer Name = Helmut-PC | Source = Application Hang | ID = 1002
Description = Programm Taskmgr.exe, Version 6.0.6000.16386 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1e0 Anfangszeit: 01cdaba8452d45ec Zeitpunkt
der Beendigung: 827

Error - 17.10.2012 05:14:12 | Computer Name = Helmut-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 22.05.2011 12:07:43 | Computer Name = Helmut-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-17 18:18:06
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1200BEVS-22LAT0 rev.01.06M01
Running: yfpxx08o.exe; Driver: C:\Users\Helmut\AppData\Local\Temp\pwlyrpoc.sys


---- System - GMER 1.0.15 ----

SSDT 895D5214 ZwClose
SSDT 895D521E ZwCreateSection
SSDT 895D520F ZwDuplicateObject
SSDT 895D51B0 ZwOpenProcess
SSDT 895D51B5 ZwOpenThread
SSDT 895D5228 ZwRequestWaitReplyPort
SSDT 895D5223 ZwSetContextThread
SSDT 895D522D ZwSetSecurityObject
SSDT 895D5232 ZwSystemDebugControl
SSDT 895D51BF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_alloca_probe + EC 81855E5C 4 Bytes [14, 52, 5D, 89]
.text ntoskrnl.exe!_alloca_probe + 158 81855EC8 4 Bytes [1E, 52, 5D, 89]
.text ntoskrnl.exe!_alloca_probe + 230 81855FA0 4 Bytes [0F, 52, 5D, 89] {RSQRTPS XMM3, DQWORD [EBP-0x77]}
.text ntoskrnl.exe!_alloca_probe + 334 818560A4 4 Bytes [B0, 51, 5D, 89]
.text ntoskrnl.exe!_alloca_probe + 350 818560C0 4 Bytes [B5, 51, 5D, 89]
.text ...
PAGE spsys.sys!?SPVersion@@3PADA + 1807 A36E603F 504 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1A00 A36E6238 434 Bytes [04, 3B, C1, 73, 05, 8B, 02, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1BB3 A36E63EB 120 Bytes [5D, 0C, EB, 03, 8B, 4D, 10, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 1C2C A36E6464 1379 Bytes [8B, 4E, 10, 31, 4D, D4, 8B, ...]
PAGE spsys.sys!?SPVersion@@3PADA + 2190 A36E69C8 478 Bytes [87, 37, 0E, 00, 00, FF, 24, ...]
PAGE ...
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xA483D300, 0x25D4C, 0xE0000060]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

Themen zu rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm?
antivir, avira, bildschirm, dsl, error, firefox, flash player, format, hijack, hijackthis, home, install.exe, intranet, logfile, mozilla, ntdll.dll, prozess, realtek, registry, rundll, secunia psi, security, software, spam, system, taskmanager, vista, windows, wurm, würmer




Ähnliche Themen: rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm?


  1. Firefox Neue Tabs werden als resource://jid1-g80ec8llebk5fq-at-jetpack/newtab/data/newtab.html geöffnet
    Log-Analyse und Auswertung - 10.11.2015 (13)
  2. Google Suche Links werden mit Werbung geöffnet.
    Plagegeister aller Art und deren Bekämpfung - 14.05.2015 (13)
  3. 3 Tabs werden in Chrome geöffnet
    Log-Analyse und Auswertung - 16.03.2015 (23)
  4. Trojan.BitcoinMiner, Werbung trotz AdBlocker, neue Tabs mit Werbung werden automatisch geöffnet und vieles mehr.
    Log-Analyse und Auswertung - 02.03.2015 (23)
  5. Windows 7 pro 64 - beim Öffnen von PDF-Dateien werden neue Tabs geöffnet - bereits mit Emisoft gescannt
    Plagegeister aller Art und deren Bekämpfung - 09.02.2015 (11)
  6. Firefox und Thunderbird brauchen 2 Minuten zum starten, keine Internetverbindung trotz WLAN-Empfang
    Log-Analyse und Auswertung - 28.08.2014 (3)
  7. Windows7: Bei Chrome werden zusätzliche Werbefenster geöffnet, außerdem entstehen Links im Text.
    Log-Analyse und Auswertung - 27.06.2014 (10)
  8. Trojaner auf Windows 7 ?- Tabs schließen sich, neue werden geöffnet
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (3)
  9. Google Links werden nicht richtig geöffnet
    Log-Analyse und Auswertung - 25.11.2012 (3)
  10. Tabs werden automatisch geöffnet (Firefox)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (9)
  11. firefox öffnet sich selbst und irgendwelche seiten, links in google werden fehlerhaft geöffnet
    Plagegeister aller Art und deren Bekämpfung - 10.11.2011 (6)
  12. ICQ - Links zu Bildern werden seltsam geöffnet?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (30)
  13. Browser öffnen Spam-Links, Winupdate geblockt, IExplorer kann gar nicht geöffnet werden,...
    Log-Analyse und Auswertung - 26.07.2010 (33)
  14. Browser öffnen willkürlich Tabs, Links werden geändert
    Plagegeister aller Art und deren Bekämpfung - 09.07.2010 (14)
  15. firefox: links werden umgeleitet und werbe-links öffnen sich von allein
    Log-Analyse und Auswertung - 30.03.2010 (11)
  16. pc braucht 10 minuten zum hochfahren,programme brauchen minuten zum starten,hängt si.
    Plagegeister aller Art und deren Bekämpfung - 16.08.2007 (22)
  17. "Suchseite kann nicht geöffnet werden" nach einigen Minuten
    Log-Analyse und Auswertung - 01.02.2005 (7)

Zum Thema rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm? - Hallo, seit ein paar Tagen habe ich einen Ersatznotebook da meins in Reparatur ist. Es macht folgende Probleme: Programme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden (auch schliesen und - rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm?...
Archiv
Du betrachtest: rogramme, Links,Tabs, ect. brauchen Minuten bis sie geöffnet werden, Wurm? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.