| ![]() appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? Guten Abend, seit gestern erscheint immer wieder die Avira Meldung, dass folgendes gefunden wurde: Datei appConf32.exe ist der Trojaner TR/Crypt.EPACK.Gen2 Hier das Logfile von Malewarebytes Anti-Malware: Malwarebytes Anti-Malware (Test) www.malwarebytes.org Datenbank Version: v2012.11.26.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19328 Anni :: ANNI-PC [Administrator] Schutz: Deaktiviert 26.11.2012 17:23:30 mbam-log-2012-11-26 (17-35-26).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 199073 Laufzeit: 10 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Anni\AppData\Roaming\ACROIEHELPE.DLL (Trojan.Banker) -> Keine Aktion durchgeführt. C:\Users\Anni\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Keine Aktion durchgeführt. C:\Users\Anni\AppData\Roaming\APPCONF32.EXE (Backdoor.Agent) -> Keine Aktion durchgeführt. (Ende) Bitte helft mir. Was soll ich tun? Vielen Dank für eure Hilfe! Sorry, durch den Registrierungsprozess ist das Thema in der falschen Subkategorie gelandet. Leider kann ichs nicht selbst verschieben... Anbei noch die OTL Logfiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2012 19:38:54 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Anni\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,47% Memory free 4,25 Gb Paging File | 2,77 Gb Available in Paging File | 65,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 38,78 Gb Free Space | 26,02% Space Free | Partition Type: NTFS Drive E: | 679,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ANNI-PC | User Name: Anni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.26 19:33:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anni\Downloads\OTL.exe PRC - [2012.11.25 13:21:28 | 000,040,960 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe PRC - [2012.11.18 10:25:15 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.09.29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.07.24 19:27:37 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.08 16:32:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.07 20:28:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.05 22:21:34 | 001,993,456 | ---- | M] (NesterSoft Inc.) -- C:\Programme\TimeLeft3\TimeLeft.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.12.04 11:27:05 | 001,282,048 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Programme\Hardcopy\hardcopy.exe PRC - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.07.22 09:36:20 | 000,132,448 | ---- | M] (ashampoo Technology GmbH & Co. KG) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragMonitorService.exe PRC - [2008.07.22 09:36:16 | 000,083,296 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe PRC - [2008.07.22 09:35:38 | 000,750,944 | ---- | M] ( ) -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2012.11.24 22:57:09 | 000,143,928 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\12001.086\components\AcroFF.dll MOD - [2012.11.18 10:25:15 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.10.03 07:59:41 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll MOD - [2008.12.04 11:19:03 | 000,057,344 | ---- | M] () -- C:\Programme\Hardcopy\HcDLL2_26_Win32.dll MOD - [2008.12.02 13:49:03 | 000,441,344 | ---- | M] () -- C:\Programme\Hardcopy\HcDllS.dll MOD - [2008.07.22 09:36:16 | 000,083,296 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe MOD - [2005.04.19 12:53:44 | 000,013,824 | ---- | M] () -- C:\Programme\TimeLeft3\trayclock.dll MOD - [2003.11.20 12:18:06 | 000,045,056 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy.dll ========== Services (SafeList) ========== SRV - [2012.11.25 13:21:28 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Anni\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2012.11.18 10:25:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.07.24 19:27:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.08 16:32:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.10.20 21:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008.07.22 09:35:38 | 000,750,944 | ---- | M] ( ) [Auto | Running] -- C:\Programme\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe -- (AshampooDefragService) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.11.26 17:22:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.11.25 12:26:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.07.24 19:27:37 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.24 19:27:37 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.02.18 06:40:06 | 000,015,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudnflt.sys -- (ssudnflt) DRV - [2011.02.18 05:47:42 | 000,180,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2011.02.18 05:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2009.05.25 13:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) DRV - [2009.05.25 13:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm) DRV - [2009.05.25 13:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) DRV - [2009.05.25 13:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl) DRV - [2009.05.25 13:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) DRV - [2009.05.25 13:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex) DRV - [2009.05.25 13:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.06 05:57:12 | 000,017,640 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.01 23:14:33 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.10.09 14:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.01.14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2006.12.13 16:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2003.09.16 04:41:10 | 000,152,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV532AV.SYS -- (PID_0920) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ixquick.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6C6976652E636F6D2F726573756C74732E617370783F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826466F726D3D494538535243&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&k=0 IE - HKCU\..\SearchScopes\{09648CE1-F17D-4BF3-8301-7AFDB5C9E6EF}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{15E69DF5-97F5-49CA-8B46-DBC5910EC670}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{56D75E69-EAB2-43D7-B7F7-BBF6C9080D40}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{8C8E0464-C3AA-4E3A-A8A3-0E1CF7C0EC12}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{9BF39461-460C-46D6-922D-2C8BFCDE84D5}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{F3D8B71A-469B-491B-92C0-EA83ADA7091F}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=b920f959-3dd4-44e1-9b06-d0fcdcc22ab4&pid=icqt&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "facebook.com" FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com: FF - prefs.js..extensions.enabledAddons: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22 FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.0.2 FF - prefs.js..extensions.enabledAddons: firejump@firejump.net: FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}: FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com: FF - prefs.js..extensions.enabledItems: {85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}:1.4 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}: FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - user.js..browser.search.openintab: false FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Anni\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.12 17:48:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 08:02:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.18 10:25:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.18 10:25:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.12 17:48:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Anni\AppData\Roaming\Mozilla\Firefox\Profiles\ysptdhkj.default\extensions\firejump@firejump.net [2012.11.25 13:21:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\Anni\AppData\Roaming\Mozilla\Firefox\Profiles\ysptdhkj.default\extensions\extension@preispilot.com [2012.11.25 13:21:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Anni\AppData\Roaming\12001.087 [2012.11.26 16:57:50 | 000,000,000 | ---D | M] [2008.12.28 22:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\Extensions [2012.11.25 13:23:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions [2010.04.30 18:27:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.18 12:15:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.11.25 13:21:47 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\extension@preispilot.com [2012.11.25 13:21:43 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\firejump@firejump.net [2012.11.25 13:23:37 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\foxyproxy@eric.h.jung [2009.10.19 17:55:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\moveplayer@movenetworks.com [2012.11.25 13:21:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\Firefox\Profiles\ysptdhkj.default\extensions\extension@preispilot.com\chrome [2012.11.25 11:58:05 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Anni\AppData\Roaming\mozilla\firefox\profiles\ysptdhkj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.25 13:21:34 | 000,002,071 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\mozilla\firefox\profiles\ysptdhkj.default\searchplugins\{0635C1F6-6BB3-4142-927C-3BF324B308D4}.xml [2012.11.25 13:21:34 | 000,001,864 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\mozilla\firefox\profiles\ysptdhkj.default\searchplugins\{279C5220-5D07-4296-A23F-7207C9254BE8}.xml [2012.11.25 13:21:34 | 000,002,182 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\mozilla\firefox\profiles\ysptdhkj.default\searchplugins\{B28EB58D-B031-46F4-BE74-1D2A0196B634}.xml [2012.11.18 10:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.12.28 23:02:24 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.12.13 18:57:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2008.12.31 18:26:32 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\Programme\Mozilla Firefox\extensions\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB} [2008.12.31 18:26:32 | 000,000,000 | ---D | M] (VideoGet FireFox extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB} [2012.11.26 17:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\ANNI\APPDATA\ROAMING\12001.086 [2012.11.18 10:25:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.25 13:21:34 | 000,001,678 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.25 13:21:34 | 000,001,929 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.25 13:21:34 | 000,001,265 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.25 13:21:34 | 000,007,045 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.25 13:21:34 | 000,001,272 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.25 13:21:34 | 000,001,164 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.17 18:46:32 | 000,000,960 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O1 - Hosts: im.adtech.de O1 - Hosts: adserver.adtech.de O1 - Hosts: adtech.de O1 - Hosts: atwola.com O1 - Hosts: adserver.71i.de O1 - Hosts: adicqserver.71i.de O1 - Hosts: 71i.de O1 - Hosts: ar.atwola.com O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\\gears.dll (Google Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Anni\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Anni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Users\Anni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Programme\TimeLeft3\TimeLeft.exe (NesterSoft Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\\gears.dll (Google Inc.) O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Programme\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Programme\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: youtube.com ([www] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52CC618D-E307-4A2E-B235-80924E4779CF}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DFCDF40-AA73-495A-B084-1C8FFDA8BDBA}: DhcpNameServer = O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.12.13 22:04:47 | 000,000,175 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{70a38b03-8207-11df-b4f8-0018370546fc}\Shell - "" = AutoRun O33 - MountPoints2\{70a38b03-8207-11df-b4f8-0018370546fc}\Shell\AutoRun\command - "" = F:\DTSP_Launcher.exe O33 - MountPoints2\{e9b473cd-36e5-11e2-9a58-0018370546fc}\Shell - "" = AutoRun O33 - MountPoints2\{e9b473cd-36e5-11e2-9a58-0018370546fc}\Shell\AutoRun\command - "" = E:\setup.exe -- [2012.10.01 11:13:15 | 000,207,496 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{e9b473cd-36e5-11e2-9a58-0018370546fc}\Shell\configure\command - "" = E:\setup.exe -- [2012.10.01 11:13:15 | 000,207,496 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{e9b473cd-36e5-11e2-9a58-0018370546fc}\Shell\install\command - "" = E:\setup.exe -- [2012.10.01 11:13:15 | 000,207,496 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.26 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\UAs [2012.11.26 17:19:06 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.26 17:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.26 17:18:58 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.26 17:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.26 17:12:42 | 000,000,000 | ---D | C] -- C:\avrescue [2012.11.26 16:57:47 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\12001.087 [2012.11.25 18:03:06 | 000,000,000 | ---D | C] -- C:\Users\Anni\Desktop\bilder [2012.11.25 13:21:43 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\System32\dhRichClient3.dll [2012.11.25 13:21:35 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\DesktopIconForAmazon [2012.11.25 13:21:34 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Opera [2012.11.25 13:21:28 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\OCS [2012.11.25 12:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.11.25 12:26:31 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012.11.25 12:26:29 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\DAEMON Tools Lite [2012.11.25 12:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012.11.25 12:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.11.24 22:57:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\12001.086 [2012.11.24 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\xmldm [2012.11.24 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\kock [2012.11.18 13:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.11.18 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.11.18 10:48:20 | 000,000,000 | ---D | C] -- C:\Users\Anni\Desktop\music [2012.11.18 10:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.11.18 10:25:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2 C:\Users\Anni\AppData\Roaming\*.tmp files -> C:\Users\Anni\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.26 19:03:21 | 000,237,029 | ---- | M] () -- C:\Users\Anni\Desktop\20121126_1702168.jpg [2012.11.26 18:56:51 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 18:56:51 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 17:41:50 | 002,429,025 | ---- | M] () -- C:\Users\Anni\Desktop\20121126_170216.jpg [2012.11.26 17:22:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.26 17:21:11 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.26 17:01:44 | 000,643,018 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.26 17:01:44 | 000,608,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.26 17:01:44 | 000,133,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.26 17:01:44 | 000,109,704 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.26 16:57:43 | 000,000,048 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\blckdom.res [2012.11.26 16:57:03 | 000,065,536 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\ysptdhkj.default.dat [2012.11.26 16:56:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.26 16:56:26 | 2145,968,128 | -HS- | M] () -- C:\hiberfil.sys [2012.11.25 21:20:28 | 000,082,902 | ---- | M] () -- C:\Users\Anni\Desktop\598466_3560198997268_673237016_n.jpg [2012.11.25 12:26:31 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012.11.25 11:22:25 | 000,002,637 | ---- | M] () -- C:\Users\Anni\Desktop\Word.lnk [2012.11.24 22:57:02 | 000,250,976 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\AcroIEHelpe.dll [2012.11.24 22:57:02 | 000,007,104 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\BAcroIEHelpe.dll [2012.11.18 13:22:59 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.18 11:46:20 | 000,285,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.18 10:31:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cdc56f72628539.job [2 C:\Users\Anni\AppData\Roaming\*.tmp files -> C:\Users\Anni\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.26 19:03:20 | 000,237,029 | ---- | C] () -- C:\Users\Anni\Desktop\20121126_1702168.jpg [2012.11.26 17:41:32 | 002,429,025 | ---- | C] () -- C:\Users\Anni\Desktop\20121126_170216.jpg [2012.11.26 17:19:01 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.25 21:20:27 | 000,082,902 | ---- | C] () -- C:\Users\Anni\Desktop\598466_3560198997268_673237016_n.jpg [2012.11.25 13:21:43 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.11.24 22:57:02 | 000,250,976 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\AcroIEHelpe.dll [2012.11.24 22:57:02 | 000,007,104 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\BAcroIEHelpe.dll [2012.11.24 22:56:56 | 000,000,048 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\blckdom.res [2012.11.24 22:56:49 | 000,065,536 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\ysptdhkj.default.dat [2012.11.18 13:22:59 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.11.18 10:31:11 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cdc56f72628539.job [2012.11.18 10:25:17 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.08.19 19:09:49 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.01.24 21:27:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.10 10:46:41 | 000,100,837 | ---- | C] () -- C:\Users\Anni\brandon.jpg [2009.05.05 15:28:21 | 000,470,477 | ---- | C] () -- C:\Users\Anni\Das_Vorstellungsgespraech.pdf [2009.04.21 17:57:23 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.12.28 23:03:58 | 000,073,216 | ---- | C] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.28 22:11:51 | 000,002,032 | ---- | C] () -- C:\Users\Anni\AppData\Local\d3d9caps.dat [2008.12.09 16:23:13 | 000,053,712 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\appConf32.exe ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.26 17:52:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\12001.086 [2012.11.26 16:57:50 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\12001.087 [2009.06.24 16:18:38 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\AntMe [2009.04.18 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Ashampoo [2009.05.19 19:32:50 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Canneverbe_Limited [2010.06.22 14:34:19 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\ColorCop [2009.01.03 12:08:39 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\COMPUTERBILD-Spionage-Stopper [2012.11.25 12:48:44 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\DAEMON Tools Lite [2011.08.14 09:48:34 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\de.txptr.googleplus [2009.07.10 14:19:45 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Desktopicon [2012.11.25 13:21:36 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\DesktopIconForAmazon [2009.06.07 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\diginet [2011.11.11 17:58:03 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Dropbox [2010.06.13 15:33:38 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Facebook [2009.12.28 21:15:50 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\GARMIN [2011.08.19 19:15:09 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\GlarySoft [2009.06.20 11:41:35 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\gnupg [2011.09.25 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\ICQ [2009.06.24 15:52:08 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\ICSharpCode [2012.11.24 22:56:48 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\kock [2009.02.26 15:45:33 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\MAGIX [2011.11.28 15:36:08 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\ManyCam [2011.07.31 13:29:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\MyPhoneExplorer [2010.03.07 11:07:26 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\NeatImage PS [2009.01.13 19:18:00 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\NeatImage SL [2010.02.17 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\NesterSoft [2012.11.25 13:21:28 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\OCS [2012.11.25 13:21:34 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Opera [2009.06.03 11:36:48 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\QIP [2011.07.21 18:08:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Simfy [2009.07.10 14:19:45 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\Toolbars [2012.11.26 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\UAs [2012.11.26 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\xmldm ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Anni\Documents\MOV00384.MP4:TOC.WMV < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.11.2012 19:38:54 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Anni\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19328) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,47% Memory free 4,25 Gb Paging File | 2,77 Gb Available in Paging File | 65,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,05 Gb Total Space | 38,78 Gb Free Space | 26,02% Space Free | Partition Type: NTFS Drive E: | 679,70 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ANNI-PC | User Name: Anni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1734861F-BD78-4D8E-84F3-60AF53446BE8}" = lport=138 | protocol=17 | dir=in | app=system | "{27A6196C-E697-46BA-A55E-6A36D909F1E9}" = lport=445 | protocol=6 | dir=in | app=system | "{6F2E91B4-6E08-4A39-9566-B233B285DAC7}" = lport=139 | protocol=6 | dir=in | app=system | "{7D40CF43-EAE3-4D25-9995-15149DF48580}" = lport=2869 | protocol=6 | dir=in | app=system | "{81681846-508B-43B1-9F15-45938ADF2F8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{96E54990-E702-4188-974D-7C5525193300}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B687C70E-AB2D-4777-823C-E256AF13072C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{B8CBC7CE-9AA0-46E7-A123-BC1F12952E2C}" = rport=137 | protocol=17 | dir=out | app=system | "{DFF85943-F092-4276-9536-E17DF8A8E1AF}" = rport=139 | protocol=6 | dir=out | app=system | "{E4928839-AFAE-4634-A79F-15A97AE096F6}" = rport=445 | protocol=6 | dir=out | app=system | "{E9F82C3A-DE0F-4350-9399-37B5FDCF12DD}" = lport=137 | protocol=17 | dir=in | app=system | "{FEEA5E6E-063D-4200-AF09-7D1693C5AB47}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{030C5C5D-6B4C-42BB-9B1E-96997C717C1E}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{056B3C48-B349-455C-A171-3D3DA3A99148}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "{0AD97A28-4925-4731-B966-CBC36F160B7B}" = protocol=6 | dir=in | app=c:\users\anni\appdata\roaming\dropbox\bin\dropbox.exe | "{0B4CBBA9-BD77-409C-A6FF-D39754E5276E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{118CBFB5-4DD6-4F6C-9770-923A00D198A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3289748E-9AEE-4BE4-9766-138DCBDB6358}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{37681E50-A393-4576-B46B-79B1B8ADC389}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{3B6DED57-B237-4CB0-A96D-65661D8273B3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5D09DFFB-E0AF-46D8-A976-57F6DBB4057F}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{5F092116-B024-492A-8B8F-734200E29946}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{60EADAAB-01B0-47FF-B707-8CDE7FC8E59D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{6458950D-9864-4823-822B-A660F7190F0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{66C29ED8-26EC-4AD4-BF35-3974165B58EA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{6CDB641E-FA6A-46CF-925A-0B07CBC3F079}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{8016DDC0-194F-4DA6-BC89-65307E4E1F01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{822CEF27-A916-4C6F-B6C3-0CBD33B97E2E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{829221E2-0B1D-4BC4-A895-9D1FBF5EC751}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{866FAE56-364A-4CB9-A2F1-BEE085FC7725}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{8F6434AD-F05E-4C43-B0DA-9915D1B7FC36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{B7F4043F-AB69-4453-AE57-5473F16EE89C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{B8D93761-62B7-465B-A109-6B21FDCA131E}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{C9B64548-433B-4F5D-9309-97AD075A3D9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{D1A45A8D-7A96-4E96-B57C-95C878407A3B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{D7ED6B34-4DAF-4B2F-8828-54FED227BA4B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{E0479563-F950-4278-B19F-586980D4E10E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{E302AE89-1FA6-4DCE-8527-B7E4F1C053F1}" = protocol=17 | dir=in | app=c:\users\anni\appdata\roaming\dropbox\bin\dropbox.exe | "{EAFD769A-CD67-479F-B068-516D2D02A6CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F54D0FD5-473B-4063-88E4-6488D92E46C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | "TCP Query User{0CC5441B-D377-4A04-A93D-6BF49F5F0271}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{406371B7-F541-4363-A9A1-57919A90B1BB}E:\eclipse\jre\bin\javaw.exe" = protocol=6 | dir=in | app=e:\eclipse\jre\bin\javaw.exe | "TCP Query User{AC0922AE-DDFD-4308-BA77-5A938F52B53B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{B1E460A4-0F19-4A0B-954A-BEC47EA73435}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E365B8DF-7CC4-4B9B-8C07-C5B0823F8C40}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{0A17D360-B969-46F3-8FFE-C8525474C645}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{33E07358-5661-4C63-BED5-90A7F41BA574}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{C3ED6FAA-7A42-45C3-8134-298972F2E488}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{D5CF75FF-4FC4-4D63-89EE-356C86D83501}E:\eclipse\jre\bin\javaw.exe" = protocol=17 | dir=in | app=e:\eclipse\jre\bin\javaw.exe | "UDP Query User{E1D0B13E-7EA8-4197-9A5C-C0FD51EFB3C5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3159 Banner Remover 1.0 "{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{1624E927-1F74-34E2-64FB-263CE6A6CD6F}" = CCC Help English "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17 "{2A9196F5-9B7C-EA83-6BC8-944BF707143D}" = ccc-utility "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{37B3776C-6DE6-4DD4-9AC6-C14952083932}" = PDF-XChange Viewer "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D60292B-1C68-2751-E708-6E419318C9E1}" = Catalyst Control Center InstallProxy "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{41903DF9-6CB1-0EC3-4B1E-76D55FAD9C80}" = Catalyst Control Center HydraVision Full "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4420B59B-9FEC-8F4C-75A3-3FE927D8AEA1}" = Catalyst Control Center Graphics Full Existing "{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{54D966AE-AEB7-7BC9-B09A-A7BB0EAC236C}" = ccc-core-static "{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0 "{5E44C19D-3D1F-87F9-65D2-F87C6F66DF91}" = Catalyst Control Center Core Implementation "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6DF68292-863C-2943-813E-144E41DB1908}" = Catalyst Control Center Graphics Previews Vista "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{737F8964-D019-5D45-5FF4-8924FE62F564}" = Catalyst Control Center Graphics Full New "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7BE38C02-9CFD-78DC-B4F3-32168B004ACF}" = Catalyst Control Center Graphics Previews Common "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6 "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0 "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C7DE589B-59FB-1A37-33DA-DED08CA88DC4}" = Skins "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0 "{EC3636D4-4FC7-4C0C-B16B-FA64C2020FF4}" = Mindjet MindManager 9 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F46F4A86-3760-4F4B-1633-5411C26CC9A8}" = HydraVision "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FAC09C92-93A7-38BC-BA47-8F20439C2781}" = Catalyst Control Center Graphics Light "{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.63 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2 "Ashampoo Magical Defrag 2_is1" = Ashampoo Magical Defrag 2 "Ashampoo WinOptimizer 2009_is1" = Ashampoo WinOptimizer 2009 "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "CCleaner" = CCleaner "Color Cop_is1" = Color Cop 5.4.3 "DAEMON Tools Lite" = DAEMON Tools Lite "DesktopIconAmazon" = Desktop Icon für Amazon "Free CD to MP3 Converter" = Free CD to MP3 Converter "Glary Utilities_is1" = Glary Utilities "GPG4Win" = GnuPG For Windows "Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy) "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HWiNFO32_is1" = HWiNFO32 Version 2.40 "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "ManyCam" = ManyCam 2.6.60 (remove only) "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "Neat Image_is1" = Neat Image v6 Demo (with plug-in) "PDF-XChange 3_is1" = PDF-XChange 3 "PhotoFiltre" = PhotoFiltre "Pixum ePrint" = Pixum ePrint 1.2 "Quick Search Box" = Google-Schnellsuchfeld "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SearchAnonymizer" = SearchAnonymizer "TIMELEFT3_is1" = TimeLeft "VideoGet_is1" = Nuclear Coffee - VideoGet "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Facebook Plug-In" = Facebook Plug-In ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.11.2012 12:14:05 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = Error - 26.11.2012 12:19:39 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = Error - 26.11.2012 12:19:48 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = Error - 26.11.2012 12:19:48 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = Error - 26.11.2012 12:21:09 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = Error - 26.11.2012 12:21:25 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = Error - 26.11.2012 12:21:25 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = Error - 26.11.2012 12:24:28 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = Error - 26.11.2012 12:24:46 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = Error - 26.11.2012 12:24:48 | Computer Name = Anni-PC | Source = VSS | ID = 12289 Description = [ System Events ] Error - 29.12.2008 06:34:06 | Computer Name = Anni-PC | Source = Service Control Manager | ID = 7030 Description = Error - 29.12.2008 06:41:22 | Computer Name = Anni-PC | Source = Service Control Manager | ID = 7030 Description = Error - 29.12.2008 07:12:52 | Computer Name = Anni-PC | Source = HTTP | ID = 15016 Description = Error - 29.12.2008 07:15:23 | Computer Name = Anni-PC | Source = Service Control Manager | ID = 7011 Description = Error - 29.12.2008 08:12:02 | Computer Name = Anni-PC | Source = HTTP | ID = 15016 Description = Error - 29.12.2008 10:37:51 | Computer Name = Anni-PC | Source = HTTP | ID = 15016 Description = Error - 29.12.2008 11:39:38 | Computer Name = Anni-PC | Source = HTTP | ID = 15016 Description = Error - 29.12.2008 13:46:33 | Computer Name = Anni-PC | Source = Service Control Manager | ID = 7011 Description = Error - 29.12.2008 17:11:07 | Computer Name = Anni-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 29.12.2008 um 22:07:09 unerwartet heruntergefahren. Error - 31.12.2008 11:51:49 | Computer Name = Anni-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 31.12.2008 um 16:47:58 unerwartet heruntergefahren. < End of report > |
![]() | #2 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.11.26 17:52:56 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\12001.086 [2012.11.26 16:57:50 | 000,000,000 | ---D | M] -- C:\Users\Anni\AppData\Roaming\12001.087 [2012.11.24 22:57:02 | 000,007,104 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\BAcroIEHelpe.dll [2012.11.24 22:56:56 | 000,000,048 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\blckdom.res [2012.11.24 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\xmldm [2012.11.24 22:56:48 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\kock :Files :Commands [EMPTYFLASH] [emptytemp] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die ![]()
__________________ |
![]() | #3 |
| ![]() appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? Vielen Dank schon mal!
__________________Hier die Textdatei nach dem Neustart (der sich aufgehängt hatte): Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Leider klappt der Upload nicht, da ich die Seite nicht aufbauen kann. In dem zip Ordner ist ein leerer Ordner sowie eine txt Datei, die den selben Inhalt hat, wie die Datei oben. Was soll ich nun machen? Danke im Voraus, liebe Grüße |
![]() | #4 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? Hi entweder du hast nicht alles gepostet, oder nicht das ganze oben gepostetee Script ausgeführt. mach es noch mal bitte, + Upload, der sollte wieder gehen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() |
Themen zu appConf32.exe Trojaner TR/Crypt.EPACK.Gen2 wie entfernen? |
32 bit, 7-zip, administrator, anti-malware, appdata, audacity, autostart, avira, avira meldung, browser, cdburnerxp, dateien, entfernen, explorer, folge, helper, hilfe!, install.exe, logfile, meldung, microsoft, plug-in, roaming, service, service pack 2, software, speicher, test, trojaner, version, vista, wie entfernen, wie entfernen? |