| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Probleme beim googelnWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.10.2012, 23:32
| #1 | |
| |  Probleme beim googeln hallo leute, leider kann ich derzeit nicht mehr googlen, da ich zu folgenden seiten umgeleitet werde: hxxp://worddictionary.co.uk/?utm_source=affinity&utm_medium=cpc&utm_campaign=nocov hxxp://31373.1354045124.filter.adsimilate.com/ncp/checkBrowser?key=lala&ip=109.40.61.242&n_d=4098761&ua=Mozilla%2F5.0%20%28Windows%20NT%206.1%29%20AppleWebKit%2F537.4%20%28KHTML%2C%20like%20Gecko%29%2 0Chrome%2F22.0.1229.94%20Safari%2F537.4 hxxp://xml.plusfind.net/click?i=tbieNKsi5lo_0 hxxp://www.youtubevideodownload.com/ ich nutze derzeit windows 7, habe einen komplett scan mit avira durchgeführt, die probleme treten leider mit allen drei browsern (chrome, firefox, internet explorer) auf, deswegen habe ich mit adwcleaner folgendes gelöscht, was nicht half: Zitat:
grüße |
|
22.10.2012, 00:05
| #2 |
| /// Malware-holic   | Probleme beim googeln hi
__________________nichts mehr selbst löschen bitte Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
23.10.2012, 16:50
| #3 |
| | Probleme beim googeln ich habe leider nur eine otl.txt
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 10/23/2012 12:06:46 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jasmin\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.37 Mb Total Physical Memory | 443.72 Mb Available Physical Memory | 43.74% Memory free 1.99 Gb Paging File | 0.98 Gb Available in Paging File | 49.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 53.58 Gb Total Space | 0.54 Gb Free Space | 1.01% Space Free | Partition Type: NTFS Drive D: | 80.37 Gb Total Space | 77.74 Gb Free Space | 96.73% Space Free | Partition Type: NTFS Drive E: | 17.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: JASMIN-PC | User Name: Jasmin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/10/22 18:08:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmin\Downloads\OTL.exe PRC - [2012/09/25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/09/25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012/09/25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/09/25 10:52:48 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/09/19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/09/13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe PRC - [2011/09/13 10:16:04 | 000,342,984 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe PRC - [2011/09/13 10:15:52 | 001,633,224 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/09/30 14:00:28 | 000,253,264 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe PRC - [2010/09/30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe PRC - [2009/08/27 06:43:50 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/08/22 08:11:48 | 000,826,880 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/08/06 09:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe ========== Modules (No Company Name) ========== MOD - [2011/09/13 10:16:10 | 000,510,920 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe MOD - [2011/09/13 10:15:52 | 001,633,224 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe MOD - [2011/09/13 10:15:45 | 000,606,208 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WTGXMLUtil.dll MOD - [2011/09/13 10:12:57 | 000,565,248 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WtgCore.dll MOD - [2011/09/13 10:11:36 | 000,204,800 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\LiveBoxCM.dll MOD - [2011/09/13 10:10:58 | 000,073,728 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WtgDriverInstall.dll MOD - [2011/09/13 10:10:40 | 000,294,912 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WTGSMSPCClient.Dll MOD - [2011/09/13 10:10:23 | 000,139,264 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WtgBluetooth.dll MOD - [2011/09/13 10:10:08 | 000,196,608 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WtgDetection.dll MOD - [2011/09/13 10:09:50 | 000,126,976 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WtgWiFi.dll MOD - [2011/09/13 10:09:45 | 000,086,016 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WtgDialup.dll MOD - [2011/09/13 10:09:36 | 000,102,400 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WtgDatabase.dll MOD - [2011/09/13 10:09:30 | 000,090,112 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WtgPorts.dll MOD - [2011/09/13 10:09:23 | 000,106,496 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\WtgUtil.dll MOD - [2010/12/02 08:33:00 | 001,097,728 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\NDISAPI.dll MOD - [2010/09/30 14:00:28 | 000,139,088 | ---- | M] () -- C:\Program Files\1&1 Surf-Stick\UIExec.exe MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2007/02/27 19:44:00 | 000,823,296 | ---- | M] () -- C:\Program Files\ALDITALKVerbindungsassistent\LIBEAY32.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll MOD - [2002/05/28 18:11:04 | 000,122,880 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2012/09/25 11:00:45 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/09/25 10:54:05 | 000,554,784 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012/09/25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/07/14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/09/13 10:16:04 | 000,342,984 | ---- | M] () [Auto | Running] -- C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2010/09/30 14:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Program Files\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmnsusbser.sys -- (cmnsusbser) DRV - [2012/10/15 14:09:59 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2012/10/15 14:09:58 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2012/10/15 14:09:57 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2012/10/01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/09/24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/09/13 10:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009/10/29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009/10/29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009/07/17 05:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SMSN_de IE - HKCU\..\SearchScopes\{A5F4F51C-7F47-41B1-B23B-F929E0ABD94A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=14dc3962-4a96-4390-b97f-b51dcf0465e8&apn_sauid=7CC54777-309C-44FE-BEF3-459DD710EE27 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jasmin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jasmin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/20 15:50:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/05 00:16:48 | 000,000,000 | ---D | M] [2012/07/29 20:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/07/14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/07/14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/07/14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/07/14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/07/14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/07/14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jasmin\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jasmin\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jasmin\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Graphing Calculator by Desmos.com = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko\1.4_0\ CHR - Extension: Hangman = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekpfaaakmnhcembbiennfjiaodandmhg\1_0\ CHR - Extension: Candy = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiejadjmcgacmocgeegodfhligbpecdg\1.0_0\ CHR - Extension: Bubble Shooter-HD = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.2.0_0\ CHR - Extension: Isoball 3 = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.2.1_0\ CHR - Extension: 9GAG Mini = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmkmihphgjhmeabggdcokmkjhbnmdml\0.5_0\ CHR - Extension: Divvr = C:\Users\Jasmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackkieddhpmioebogincgkkcagabhgm\2.0_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{809321D5-74EB-4BAB-A0AC-7FA5C148F3F1}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB71F0EA-2664-41EA-8487-6BCBBAA6C8A3}: NameServer = 139.7.30.126 139.7.30.125 O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/09/14 10:28:50 | 000,000,095 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{8108d1e6-152b-11e2-842f-00245410c63f}\Shell - "" = AutoRun O33 - MountPoints2\{8108d1e6-152b-11e2-842f-00245410c63f}\Shell\AutoRun\command - "" = E:\.\Setup.exe -- [2011/09/14 10:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{8108d1fb-152b-11e2-842f-00245410c63f}\Shell - "" = AutoRun O33 - MountPoints2\{8108d1fb-152b-11e2-842f-00245410c63f}\Shell\AutoRun\command - "" = E:\.\Setup.exe -- [2011/09/14 10:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{ce74ada9-16de-11e2-8993-00245410c63f}\Shell - "" = AutoRun O33 - MountPoints2\{ce74ada9-16de-11e2-8993-00245410c63f}\Shell\AutoRun\command - "" = E:\.\Setup.exe -- [2011/09/14 10:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/10/22 17:57:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/10/22 17:57:22 | 000,000,000 | -HSD | C] -- \Config.Msi [2012/10/21 13:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/10/20 23:06:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys [2012/10/20 23:06:25 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2012/10/20 23:06:25 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys [2012/10/20 23:06:25 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys [2012/10/20 23:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/10/20 23:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012/10/19 21:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/10/19 17:20:01 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\{DC55194E-358C-4385-916F-4FF71C8FBC61} [2012/10/16 21:23:09 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\{A4B2E83D-D8AE-4443-8E65-9816604B42F3} [2012/10/15 20:30:46 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\{C07646A9-1E98-4046-B6A5-A89E11E02BDE} [2012/10/15 14:12:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALDI TALK Verbindungsassistent [2012/10/15 14:10:30 | 000,860,928 | ---- | C] (DiBcom SA) -- C:\windows\System32\drivers\mod7700.sys [2012/10/15 14:10:30 | 000,051,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcecm.sys [2012/10/15 14:10:30 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juextctrl.sys [2012/10/15 14:10:30 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_usbenumfilter.sys [2012/10/15 14:10:29 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_hwusbdev.sys [2012/10/15 14:10:29 | 000,082,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcacm.sys [2012/10/15 14:10:29 | 000,072,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jubusenum.sys [2012/10/15 14:10:28 | 000,116,736 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys [2012/10/15 14:10:28 | 000,106,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys [2012/10/15 14:10:27 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys [2012/10/15 14:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\ALDITALKVerbindungsassistent [2012/10/12 21:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jasmin\AppData\Local\{9F8FEFE4-68C7-457E-8A5F-86DAD5882C5F} ========== Files - Modified Within 30 Days ========== [2012/10/23 00:05:02 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/22 23:52:03 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675562717-242507097-1823633445-1000UA.job [2012/10/22 21:53:37 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/10/22 21:53:37 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/10/22 21:44:33 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2012/10/22 21:44:30 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/22 21:44:25 | 000,000,320 | ---- | M] () -- C:\windows\tasks\dczviakm.job [2012/10/22 21:43:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/10/22 21:43:25 | 797,728,768 | -HS- | M] () -- C:\hiberfil.sys [2012/10/22 17:51:18 | 000,001,072 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1675562717-242507097-1823633445-1000Core.job [2012/10/19 16:51:39 | 000,090,112 | RHS- | M] () -- C:\windows\System32\advapi32A.dll [2012/10/15 17:51:16 | 000,659,238 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/10/15 17:51:16 | 000,620,384 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/10/15 17:51:16 | 000,132,776 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/10/15 17:51:16 | 000,108,566 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/10/15 14:12:05 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk [2012/10/15 14:10:14 | 000,002,224 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2012/10/15 14:10:02 | 000,860,928 | ---- | M] (DiBcom SA) -- C:\windows\System32\drivers\mod7700.sys [2012/10/15 14:10:02 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_usbenumfilter.sys [2012/10/15 14:10:01 | 000,051,456 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcecm.sys [2012/10/15 14:10:01 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_juextctrl.sys [2012/10/15 14:10:00 | 000,082,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jucdcacm.sys [2012/10/15 14:10:00 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_jubusenum.sys [2012/10/15 14:09:59 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ew_hwusbdev.sys [2012/10/15 14:09:58 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys [2012/10/15 14:09:57 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys [2012/10/15 14:09:57 | 000,023,424 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys [2012/10/01 17:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys [2012/09/24 09:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2012/10/19 16:51:40 | 000,000,320 | ---- | C] () -- C:\windows\tasks\dczviakm.job [2012/10/19 16:51:39 | 000,090,112 | RHS- | C] () -- C:\windows\System32\advapi32A.dll [2012/10/15 14:12:05 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\ALDI TALK Verbindungsassistent.lnk [2012/10/15 14:10:14 | 000,002,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk [2011/07/31 15:03:06 | 000,000,000 | ---- | C] () -- C:\Users\Jasmin\AppData\Local\{F8D29A0A-FE83-4DE3-87BB-ACB0551C74A4} [2011/07/30 12:26:52 | 000,000,000 | ---- | C] () -- C:\Users\Jasmin\AppData\Local\{6E808476-CF27-4D0F-B996-3DB7257FDB63} [2010/07/09 11:00:07 | 000,026,079 | ---- | C] () -- C:\Users\Jasmin\url.htm [2010/07/03 01:58:03 | 000,003,072 | -H-- | C] () -- C:\Users\Jasmin\photothumb.db [2010/06/20 12:08:21 | 000,008,744 | ---- | C] () -- C:\Users\Jasmin\maulwurf_blumen.gif [2010/05/12 11:32:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009/08/28 02:29:09 | 797,728,768 | -HS- | C] () -- \hiberfil.sys [2009/07/14 04:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat [2009/07/14 04:04:04 | 000,000,010 | ---- | C] () -- \config.sys ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/07/01 12:56:29 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012/10/22 21:43:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009/08/27 10:34:58 | 000,000,000 | ---D | M] -- C:\Intel [2010/04/02 13:00:44 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010/04/27 05:14:51 | 000,000,000 | ---D | M] -- C:\output [2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/10/21 23:43:10 | 000,000,000 | R--D | M] -- C:\Program Files [2012/10/21 23:43:07 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010/03/30 16:50:03 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/10/23 00:11:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/06/08 21:55:38 | 000,000,000 | ---D | M] -- C:\UserData [2012/07/01 12:55:59 | 000,000,000 | R--D | M] -- C:\Users [2012/08/16 22:22:18 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009/07/14 06:53:46 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2010/05/02 14:32:15 | 000,001,094 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2010/05/02 14:32:21 | 000,001,098 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2011/03/20 18:57:39 | 000,001,072 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1675562717-242507097-1823633445-1000Core.job [2011/03/20 18:57:42 | 000,001,124 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1675562717-242507097-1823633445-1000UA.job [2012/10/19 16:51:40 | 000,000,320 | ---- | C] () -- C:\windows\Tasks\dczviakm.job < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012/10/19 16:51:39 | 000,090,112 | RHS- | M] () Unable to obtain MD5 -- C:\windows\system32\advapi32A.dll [2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\LocationApi.dll [2012/08/24 18:57:12 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\msfeeds.dll < %USERPROFILE%\*.* > [2010/06/20 12:08:34 | 000,008,744 | ---- | M] () -- C:\Users\Jasmin\maulwurf_blumen.gif [2012/10/23 00:43:03 | 002,621,440 | -HS- | M] () -- C:\Users\Jasmin\ntuser.dat [2012/10/23 00:43:02 | 000,262,144 | -HS- | M] () -- C:\Users\Jasmin\ntuser.dat.LOG1 [2010/03/30 16:51:15 | 000,000,000 | -HS- | M] () -- C:\Users\Jasmin\ntuser.dat.LOG2 [2010/03/30 16:59:55 | 000,065,536 | -HS- | M] () -- C:\Users\Jasmin\NTUSER.DAT{4bf0c302-3c0c-11df-828e-00245410c63f}.TM.blf [2010/03/30 16:59:55 | 000,524,288 | -HS- | M] () -- C:\Users\Jasmin\NTUSER.DAT{4bf0c302-3c0c-11df-828e-00245410c63f}.TMContainer00000000000000000001.regtrans-ms [2010/03/30 16:59:55 | 000,524,288 | -HS- | M] () -- C:\Users\Jasmin\NTUSER.DAT{4bf0c302-3c0c-11df-828e-00245410c63f}.TMContainer00000000000000000002.regtrans-ms [2012/08/16 18:28:46 | 000,065,536 | -HS- | M] () -- C:\Users\Jasmin\ntuser.dat{5dc1e056-e78f-11e1-8538-00245410c63f}.TM.blf [2012/08/16 18:28:46 | 000,524,288 | -HS- | M] () -- C:\Users\Jasmin\ntuser.dat{5dc1e056-e78f-11e1-8538-00245410c63f}.TMContainer00000000000000000001.regtrans-ms [2012/08/16 18:28:46 | 000,524,288 | -HS- | M] () -- C:\Users\Jasmin\ntuser.dat{5dc1e056-e78f-11e1-8538-00245410c63f}.TMContainer00000000000000000002.regtrans-ms [2010/03/30 16:51:15 | 000,065,536 | -HS- | M] () -- C:\Users\Jasmin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/03/30 16:51:15 | 000,524,288 | -HS- | M] () -- C:\Users\Jasmin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/03/30 16:51:15 | 000,524,288 | -HS- | M] () -- C:\Users\Jasmin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/03/30 16:51:15 | 000,000,020 | -HS- | M] () -- C:\Users\Jasmin\ntuser.ini [2012/08/04 19:58:41 | 000,003,072 | -H-- | M] () -- C:\Users\Jasmin\photothumb.db [2010/07/01 01:21:42 | 000,010,240 | -HS- | M] () -- C:\Users\Jasmin\Thumbs.db [2010/07/09 11:00:09 | 000,026,079 | ---- | M] () -- C:\Users\Jasmin\url.htm < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > hoffe, dass das auch hilft was nun? |
|
23.10.2012, 16:52
| #4 |
| /// Malware-holic | Probleme beim googeln hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012/10/19 16:51:39 | 000,090,112 | RHS- | M] () -- C:\windows\System32\advapi32A.dll
[2012/10/22 21:44:25 | 000,000,320 | ---- | M] () -- C:\windows\tasks\dczviakm.job
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: File-Upload.net - GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. lade und instaliere 7zip: http://www.7-zip.org/ gehe dann auf start, ausführen, tippe: regedit enter dort klappe auf der linken seite alles zu. Gehe dann auf datei, exportieren, suche einen ort, den du leicht wiederfindest, und vergib einen dateinamen, den du leicht wieder erkennst. schließe den registrierungseditor nach dem speichern, navigiere zu der datei die du soeben erstellt hast, rechtsklick, 7zip menü aufklappen, zu einem archiv hinzufügen wählen. folgene einstellungen vornemen: archivtyp, 7zip kompressionsstärke: ultra kompress.verfahren: lzma2 wörterbuchgröße: 64 mb wortgröße: 273 größe solider blöcke: solide klicke nun auf ok, archiv wird erstellt. dieses lädst du bei: File-Upload.net - Ihr kostenloser File Hoster! hoch und sendest mir den download link bitte als private nachicht. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.10.2012, 20:38
| #5 |
| | Probleme beim googeln nach langer suche doch gefunden, summary-info.txt : Code:
ATTFilter System volume information: dwHighDateTime = 0x1ca2776,dwLowDateTime = 0x8f423f6f
System32: dwHighDateTime = 0x1ca042b,dwLowDateTime = 0xfb15659b
dwSerialNumber = 0x38cad55a
|
|
23.10.2012, 21:37
| #6 | |
| /// Malware-holic | Probleme beim googeln danke! Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Probleme beim googeln |
|
23.10.2012, 22:38
| #7 |
| | Probleme beim googeln C:\Combofix.txt : Combofix Logfile: Code:
ATTFilter ComboFix 12-10-23.01 - Jasmin 23.10.2012 23:04:08.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.297 [GMT 2:00]
ausgeführt von:: c:\users\Jasmin\Downloads\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\sbB.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-23 bis 2012-10-23 ))))))))))))))))))))))))))))))
.
.
2012-10-23 21:20 . 2012-10-23 21:20 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-10-23 21:20 . 2012-10-23 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-23 19:43 . 2012-10-23 19:43 -------- d-----w- c:\program files\7-Zip
2012-10-23 18:24 . 2012-10-23 18:24 -------- d-----w- c:\users\Jasmin\AppData\Local\Ilivid Player
2012-10-23 18:20 . 2012-10-23 18:20 -------- d-----w- c:\programdata\boost_interprocess
2012-10-23 18:20 . 2012-10-23 18:21 -------- d-----w- c:\program files\Searchqu Toolbar
2012-10-23 16:54 . 2012-10-23 17:54 -------- d-----w- C:\_OTL
2012-10-20 21:06 . 2012-10-23 20:57 -------- d-----w- c:\programdata\Avira
2012-10-20 21:06 . 2012-10-20 21:06 -------- d-----w- c:\program files\Avira
2012-10-19 19:18 . 2012-10-19 19:18 -------- d-----w- c:\program files\Common Files\Java
2012-10-19 19:17 . 2012-10-19 19:17 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-15 12:12 . 2012-10-23 20:52 -------- d-----w- c:\users\Jasmin\AppData\Roaming\ALDITALKVerbindungsassistent
2012-10-15 12:10 . 2012-10-15 12:10 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-10-15 12:10 . 2012-10-15 12:10 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-10-15 12:10 . 2012-10-15 12:10 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-10-15 12:10 . 2012-10-15 12:10 51456 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-10-15 12:10 . 2012-10-15 12:10 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-10-15 12:10 . 2012-10-15 12:10 82816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-10-15 12:10 . 2012-10-15 12:10 72576 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-10-15 12:10 . 2012-10-15 12:09 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-10-15 12:10 . 2012-10-15 12:09 116736 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-10-15 12:10 . 2012-10-15 12:09 106880 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-10-15 12:10 . 2012-10-15 12:09 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-10-15 12:09 . 2012-10-15 12:10 -------- d-----w- c:\program files\ALDITALKVerbindungsassistent
2012-10-10 19:03 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 19:02 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 18:58 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 18:58 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 18:58 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 18:56 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 18:46 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 18:45 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 18:45 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-26 17:48 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 19:16 . 2012-07-30 18:45 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-19 19:16 . 2010-11-21 19:07 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-15 12:10 . 2009-08-28 00:54 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-08-24 16:57 . 2012-09-22 13:55 981504 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 15:20 . 2012-09-22 13:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 17:14 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 17:14 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 17:14 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 17:14 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-12 17:19 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-30 18:36 . 2012-07-30 18:36 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-30 18:36 . 2012-07-30 18:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-30 08:50 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-07-14 00:15 . 2012-07-29 18:58 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f34c9277-6577-4dff-b2d7-7d58092f272f}]
2012-09-24 23:01 89288 ----a-w- c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f34c9277-6577-4dff-b2d7-7d58092f272f}"= "c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-09-24 89288]
.
[HKEY_CLASSES_ROOT\clsid\{f34c9277-6577-4dff-b2d7-7d58092f272f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-21 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UIExec"="c:\program files\1&1 Surf-Stick\UIExec.exe" [2010-09-30 139088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [2012-10-15 510920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [x]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [x]
S2 Rezip;Rezip;c:\windows\SYSTEM32\Rezip.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\1&1 Surf-Stick\AssistantServices.exe [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 12:30]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 12:30]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1675562717-242507097-1823633445-1000Core.job
- c:\users\Jasmin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:56]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1675562717-242507097-1823633445-1000UA.job
- c:\users\Jasmin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 16:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchnu.com/406
IE: Free YouTube Download - c:\users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Jasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\p3vlcy9i.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3537735600914052&o=APN10645&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-23 23:27:27
ComboFix-quarantined-files.txt 2012-10-23 21:27
.
Vor Suchlauf: 1.685.487.616 Bytes frei
Nach Suchlauf: 1.607.135.232 Bytes frei
.
- - End Of File - - 86600D8F5A96A653C541698E335A801D
soweit ist alles gut gelaufen was steht jetzt an? |
|
24.10.2012, 19:30
| #8 |
| /// Malware-holic | Probleme beim googeln malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.10.2012, 13:54
| #9 | |
| | Probleme beim googelnZitat:
|
|
25.10.2012, 13:59
| #10 |
| /// Malware-holic | Probleme beim googeln so soll das ja auch sein :-) bitte finder weg von Softonic! software möglichst immer nur beim hersteller laden, und benutzerdefiniert instalieren, um mögliche toolbars gleich zu erkennen evtl. auch immer genauer informieren, was man sich da instaliert, um böse überraschungen auszuschließen lade den CCleaner standard: CCleaner Download - CCleaner 3.23.1823 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.10.2012, 20:42
| #11 | |
| | Probleme beim googelnZitat:
|
|
25.10.2012, 22:09
| #12 |
| /// Malware-holic | Probleme beim googeln deinstaliere: 11 Surf Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AnyPC Free YouTube Java(TM) 6 Search-Results öffne bitte ccleaner, analysieren, starten, pc neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.11.2012, 15:55
| #13 |
| | Probleme beim googeln 1&1 Surf-Stick 08.06.2011 1.0.0.2 unnötig 7-Zip 9.20 23.10.2012 notwendig? Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 21.10.2010 6,00MB 10.1.85.3 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 30.07.2012 6,00MB 11.3.300.268 notwendig Adobe Reader 9.2 - Deutsch Adobe Systems Incorporated 05.08.2012 161MB 9.2.0 notwendig ALDI TALK Verbindungsassistent ALDI TALK Verbindungsassistent 15.10.2012 ALDI TALK 4.0 notwendig AnyPC Client Doctorsoft 30.03.2010 1.0.0.12 unbekannt Apple Application Support Apple Inc. 29.12.2010 52,8MB 1.4.1 notwendig Apple Mobile Device Support Apple Inc. 29.12.2010 21,7MB 3.3.0.69 notwendig Apple Software Update Apple Inc. 12.04.2010 2,25MB 2.1.2.120 notwendig Atheros Client Installation Program Atheros 27.08.2009 1.0.1.0805 unbekannt BatteryLifeExtender Samsung 27.08.2009 14,6MB 1.0.0 unbekannt Bonjour Apple Inc. 29.12.2010 781KB 2.0.4.0 unbekannt CCleaner Piriform 24.09.2012 3.23 notwendig Easy Display Manager Samsung Electronics Co., Ltd. 27.08.2009 3.0 unbekannt Easy Network Manager Samsung 27.08.2009 19,0MB 4.0.2 unbekannt Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 27.08.2009 3.0.0.4 unbekannt EasyBatteryManager Samsung 27.08.2009 4.0.0.2 unbekannt Free YouTube Download version 3.0.815 DVDVideoSoft Ltd.. 16.08.2011 41,9MB unnötig Google Chrome Google Inc. 20.03.2011 22.0.1229.94 notwendig Google Earth Plug-in Google 14.11.2011 40,8MB 6.1.0.5001 notwendig ICQ7.5 ICQ 12.06.2011 notwendig 7.5 Intel(R) Graphics Media Accelerator Driver Intel Corporation 13.08.2010 54,2MB 8.15.10.1930 unbekannt iTunes Apple Inc. 29.12.2010 144MB 10.1.1.4 notwendig Java 7 Update 9 Oracle 19.10.2012 128MB 7.0.90 notwendig Java(TM) 6 Update 30 Sun Microsystems, Inc. 09.04.2010 94,4MB 6.0.300 notwendig JavaFX 2.1.1 Oracle Corporation 30.07.2012 20,8MB 2.1.1 notwendig Malwarebytes Anti-Malware Version 1.65.1.1000 Malwarebytes Corporation 24.10.2012 19,4MB 1.65.1.1000 notwendig? Microsoft .NET Framework 4 Client Profile Microsoft Corporation 22.09.2010 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 22.09.2010 2,93MB 4.0.30319 unbekannt Microsoft Office Enterprise 2007 Microsoft Corporation 01.04.2012 12.0.6612.1000 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 30.03.2012 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 14.06.2012 508KB 2.0.4024.1 unbekannt Microsoft Silverlight Microsoft Corporation 10.05.2012 120MB 4.1.10329.0 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 22.10.2012 16,5MB 10.0.40219 unbekannt Mozilla Firefox 14.0.1 (x86 de) Mozilla 29.07.2012 52,5MB 14.0.1 notwendig Mozilla Maintenance Service Mozilla 29.07.2012 199KB 14.0.1 notwendig PhotoScape 12.04.2010 notwendig QuickTime Apple Inc. 29.12.2010 73,7MB 7.69.80.9 notwendig Realtek Ethernet Controller Driver Realtek 27.08.2009 1.00.0008 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.08.2009 6.0.1.5898 unbekannt REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 27.08.2009 1.01.0088 unbekannt Samsung Recovery Solution 4 Samsung 27.08.2009 4.0.0.3 unbekannt Samsung Support Center Samsung 27.08.2009 40,8MB 1.0.0 unbekannt Samsung Update Plus Samsung Electronics Co., Ltd. 27.08.2009 2.0 unbekannt Search-Results Toolbar APN LLC 23.10.2012 1.0.0.12 unbekannt Synaptics Pointing Device Driver Synaptics Incorporated 27.08.2009 13.2.4.12 unbekannt Uninstall 1.0.0.1 20.05.2011 11,1MB unbekannt User Guide 27.08.2009 1.0 unbekannt Windows Live Essentials Microsoft Corporation 30.06.2012 15.4.3555.0308 notwendig WinRAR Archivierer 02.04.2010 unbekannt hoffe das ist gut genug |
|
05.11.2012, 15:34
| #14 |
| /// Malware-holic | Probleme beim googeln wieso postest du noch mal die liste der programme? hast du die de- und neu instalationen vorgenommen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Probleme beim googeln |
| appdatalow, avira, datei, dateien, explorer, firefox, gelöscht, google, helper, icq, internet, internet browser, internet explorer, link, löschen, microsoft, mozilla, ordner, probleme, registrierungsdatenbank, rundll, scan, seite, seiten, software, suche, temp, windows, überfragt |
Linear-Darstellung
