| |
| |||||||
Log-Analyse und Auswertung: Viren auf Rechner gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.12.2012, 20:28
| #16 | ||
| /// TB-Ausbilder  |  Viren auf Rechner gefunden Dann ein kleines Skript: Combofix-Skript
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
30.12.2012, 22:13
| #17 |
 | Viren auf Rechner gefunden ok, habe es wiederholt versucht, aber komm hier nicht klar, denn wenn ich den Link lösche und den neuen Link nehme, startet dieser bzw es öffnet sich keine leere TXT Datei in die ich den Code einfügen kann
__________________bzw. habe nochmal alles neu gestartet und abgespeichert - geleert -> neu mit Code gefüllt und in den neuen Link gem. Anweisung abgespeichert und gezogen ComboFix startet und dann kommt folgende Meldung: "Hast du versucht CFS Skript auszuführen ? Der Name CFSskript scheint nicht korrekt buschstabiert zu sein" |
|
30.12.2012, 22:19
| #18 |
| /// TB-Ausbilder | Viren auf Rechner gefunden Es soll CFScript.txt heissen und nicht anders.
__________________
__________________ |
|
30.12.2012, 23:16
| #19 |
| | Viren auf Rechner gefunden so nun hat alles geklappt Code:
ATTFilter ComboFix 12-12-30.01 - Anke 30.12.2012 22:59:45.5.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.1014.358 [GMT 1:00]
ausgeführt von:: c:\users\Anke\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Anke\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\{267CE0F3-5F62-4088-8D6C-B65EC61529C1}.job"
"c:\windows\Tasks\{3270B433-04EB-4ED2-9A2B-5A375466F39C}.job"
"c:\windows\Tasks\{3876404B-482B-4FC7-92D4-10EDC974309E}.job"
"c:\windows\Tasks\{48B87D7A-1005-4BF3-88D7-F83BA6A03F12}.job"
"c:\windows\Tasks\{6996E5EE-A655-4687-8E1F-4657266CEC81}.job"
"c:\windows\Tasks\{7648A30F-8D12-4774-9628-95DF148E7966}.job"
"c:\windows\Tasks\{88E67822-3541-4BE9-AD5F-57D58DDE9B54}.job"
"c:\windows\Tasks\{D49D7C32-07B9-403B-89F8-7AA71184B49F}.job"
"c:\windows\Tasks\{EECF6B49-C82C-4120-B962-6E09D9D70D95}.job"
"c:\windows\Tasks\{F4185967-AF9B-4DBE-B427-A4848132859F}.job"
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-28 bis 2012-12-30 ))))))))))))))))))))))))))))))
.
.
2012-12-30 22:14 . 2012-12-30 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-30 21:49 . 2012-12-30 21:49 -------- d-----w- c:\users\Anke\AppData\Roaming\Avira
2012-12-30 21:43 . 2012-12-30 21:43 -------- d-----w- c:\program files\Ask.com
2012-12-30 21:42 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-30 21:42 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-30 21:42 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-30 21:42 . 2012-12-30 21:42 -------- d-----w- c:\program files\Avira
2012-12-30 20:54 . 2012-12-30 22:14 -------- d-----w- c:\users\Anke\AppData\Local\temp
2012-12-30 19:34 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{25DA2817-510B-4181-977F-6EBDD5A212D7}\mpengine.dll
2012-12-30 19:34 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-12-30 18:25 . 2012-12-30 18:31 -------- d-----w- c:\program files\CheckPoint
2012-12-30 12:50 . 2012-12-30 12:50 -------- d-----w- c:\users\Anke\AppData\Local\Apps
2012-12-14 09:47 . 2012-12-14 09:47 -------- d-----w- c:\users\Anke\AppData\Roaming\MAGIX
2012-12-14 09:47 . 2012-12-14 09:47 -------- d-----w- c:\programdata\MAGIX
2012-12-14 09:46 . 2012-12-14 09:52 -------- d-----w- c:\programdata\simplitec
2012-12-09 15:15 . 2012-12-09 15:15 -------- d-----w- c:\program files\iPod
2012-12-09 15:15 . 2012-12-09 15:16 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-09 15:15 . 2012-12-09 15:16 -------- d-----w- c:\program files\iTunes
2012-12-09 15:06 . 2012-12-09 15:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-09 15:06 . 2012-12-09 15:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-09 15:06 . 2012-12-09 15:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-09 15:06 . 2012-12-09 15:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-09 15:06 . 2012-12-09 15:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-09 15:06 . 2012-12-09 15:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-09 15:06 . 2012-12-09 15:06 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-09 15:05 . 2012-12-09 15:06 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-12-02 09:00 . 2012-12-02 09:00 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 ----
.
2012-12-09 15:16 . 2012-12-09 15:16 3982 ----a-w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxInstallLog.txt
2012-08-21 12:01 . 2012-08-21 12:01 1977816 ----a-w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
2012-08-21 12:01 . 2012-08-21 12:01 323464 ----a-w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxAPI.dll
2012-08-21 12:01 . 2012-08-21 12:01 115672 ----a-w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
2012-08-21 12:01 . 2012-08-21 12:01 106928 ----a-w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspi.dll
2012-08-21 12:01 . 2012-08-21 12:01 2704 ----a-w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspiWDM.inf
2012-08-21 12:01 . 2012-08-21 12:01 7587 ----a-w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\gearaspiwdmx86.cat
2012-08-21 12:01 . 2012-08-21 12:01 26840 ----a-w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86\GEARAspiWDM.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Facebook Update"="c:\users\Anke\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-11-05 138096]
"Akamai NetSession Interface"="c:\users\Anke\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-31 7731744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Protector"=wscript.exe "c:\users\Anke\AppData\Roaming\SDIV 2.0\Prot\prot.vbs" check
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.3\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVIPBB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 17:43]
.
2011-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-711859982-3773503475-4091641601-1000Core.job
- c:\users\Anke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-13 11:41]
.
2012-11-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-711859982-3773503475-4091641601-1000Core1cdbb4ab62f6d96.job
- c:\users\Anke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-13 11:41]
.
2012-12-30 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-10-29 16:33]
.
2010-10-11 c:\windows\Tasks\User_Feed_Synchronization-{15785F72-F135-411B-91A3-8DA824C4E669}.job
- c:\windows\system32\msfeedssync.exe [2009-07-13 01:14]
.
2011-09-16 c:\windows\Tasks\{267CE0F3-5F62-4088-8D6C-B65EC61529C1}.job
- c:\program files\mozilla firefox\firefox.exe [2012-12-02 09:00]
.
2011-09-16 c:\windows\Tasks\{3270B433-04EB-4ED2-9A2B-5A375466F39C}.job
- c:\program files\mozilla firefox\firefox.exe [2012-12-02 09:00]
.
2011-09-16 c:\windows\Tasks\{3876404B-482B-4FC7-92D4-10EDC974309E}.job
- c:\program files\mozilla firefox\firefox.exe [2012-12-02 09:00]
.
2011-09-16 c:\windows\Tasks\{48B87D7A-1005-4BF3-88D7-F83BA6A03F12}.job
- c:\program files\mozilla firefox\firefox.exe [2012-12-02 09:00]
.
2011-09-16 c:\windows\Tasks\{6996E5EE-A655-4687-8E1F-4657266CEC81}.job
- c:\program files\mozilla firefox\firefox.exe [2012-12-02 09:00]
.
2011-10-17 c:\windows\Tasks\{7648A30F-8D12-4774-9628-95DF148E7966}.job
- c:\program files\Skype\Phone\Skype.exe [2011-10-13 07:27]
.
2011-09-16 c:\windows\Tasks\{88E67822-3541-4BE9-AD5F-57D58DDE9B54}.job
- c:\program files\mozilla firefox\firefox.exe [2012-12-02 09:00]
.
2011-09-16 c:\windows\Tasks\{D49D7C32-07B9-403B-89F8-7AA71184B49F}.job
- c:\program files\Skype\Phone\Skype.exe [2011-10-13 07:27]
.
2011-09-16 c:\windows\Tasks\{EECF6B49-C82C-4120-B962-6E09D9D70D95}.job
- c:\program files\mozilla firefox\firefox.exe [2012-12-02 09:00]
.
2011-09-16 c:\windows\Tasks\{F4185967-AF9B-4DBE-B427-A4848132859F}.job
- c:\program files\mozilla firefox\firefox.exe [2012-12-02 09:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\83uoyc3q.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=60af30c3-c74d-4c18-87d2-04f6a0cf2eb3&apn_ptnrs=%5EAGS&apn_sauid=5A578E6F-0EE6-4FC9-8277-B43269FB358A&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - ExtSQL: 2012-11-07 20:33; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\83uoyc3q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-30 22:43; toolbar@ask.com; c:\users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\83uoyc3q.default\extensions\toolbar@ask.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-711859982-3773503475-4091641601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-711859982-3773503475-4091641601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-30 23:19:17
ComboFix-quarantined-files.txt 2012-12-30 22:19
ComboFix2.txt 2012-12-30 20:54
ComboFix3.txt 2012-12-30 19:15
.
Vor Suchlauf: 13 Verzeichnis(se), 123.809.918.976 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 123.763.965.952 Bytes frei
.
- - End Of File - - BAC1D1E6E4FD9553C649D6066EB8742B
|
|
31.12.2012, 11:29
| #20 |
| /// TB-Ausbilder | Viren auf Rechner gefunden Hm da ist eine Sache, die mich verwirrt und ich würde da gerne noch nachbessern. Lass nochmal AdwCleaner laufen und dann ein OTL Scan. Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen
Schritt 2: Kontrollscan mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.01.2013, 10:18
| #21 |
| /// TB-Ausbilder | Viren auf Rechner gefunden Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ --> Viren auf Rechner gefunden |
|
02.01.2013, 11:09
| #22 |
| | Viren auf Rechner gefunden anbei Cleaner.txt Code:
ATTFilter # AdwCleaner v2.104 - Datei am 02/01/2013 um 11:24:26 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional (32 bits)
# Benutzer : Anke - ANKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Anke\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\83uoyc3q.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Windows\Tasks\Scheduled Update for Ask Toolbar.job
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Users\Anke\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\83uoyc3q.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\83uoyc3q.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_17.0.1");
Gelöscht : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "^AGS");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.crumb", "2012.12.30+13.32.58-toolbar018iad-DE-RXNjaGJvcm4sR2VybWFueQ%3D%[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "60af30c3-c74d-4c18-87d2-04f6a0cf2eb3");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1357065858600");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.localePref", true);
Gelöscht : user_pref("extensions.asktb.location", "Eschborn,Germany");
Gelöscht : user_pref("extensions.asktb.o", "APN10261");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "5");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "5A578E6F-0EE6-4FC9-8277-B43269FB358A");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "5000");
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "30.12.2012 22:43:31");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.11.100015");
Gelöscht : user_pref("extensions.asktb.version", "5.15.11.30498");
Gelöscht : user_pref("extensions.enabledAddons", "toolbar%40ask.com:3.15.11.100015,%7B972ce4c6-7e08-4474-a285-3[...]
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&loc[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Anke\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [19332 octets] - [30/12/2012 12:55:56]
AdwCleaner[S2].txt - [9324 octets] - [02/01/2013 11:24:26]
########## EOF - C:\AdwCleaner[S2].txt - [9384 octets] ##########
Code:
ATTFilter OTL logfile created on: 02.01.2013 11:31:35 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anke\Desktop Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,95 Mb Total Physical Memory | 141,84 Mb Available Physical Memory | 13,99% Memory free 1,99 Gb Paging File | 1,02 Gb Available in Paging File | 51,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 115,30 Gb Free Space | 77,41% Space Free | Partition Type: NTFS Computer Name: ANKE-PC | User Name: Anke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.02 11:30:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anke\Desktop\OTL.exe PRC - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.02 10:00:57 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.11.21 19:00:02 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.11.05 12:41:18 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Anke\AppData\Local\Facebook\Update\FacebookUpdate.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2010.05.20 22:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 22:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.10.07 14:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.08.24 09:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.12.02 10:00:56 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2010.08.06 12:39:52 | 000,166,400 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll MOD - [2010.08.06 11:26:12 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2552d50492d66f19cfc3bf526df9d515\IAStorUtil.ni.dll MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2009.07.14 09:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 09:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.07.14 05:43:36 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll MOD - [2009.07.14 05:43:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll MOD - [2009.07.14 05:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll MOD - [2009.07.14 05:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll MOD - [2009.07.14 05:42:45 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll MOD - [2009.07.14 05:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll MOD - [2009.07.14 05:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll MOD - [2009.07.14 05:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll MOD - [2009.07.14 05:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ========== Services (SafeList) ========== SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.02 10:00:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.12 19:15:47 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai) SRV - [2012.04.25 18:43:04 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.03.08 17:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.05.04 04:18:00 | 004,137,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2011.04.01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.09.22 15:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.01 14:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.08.24 09:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Anke\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.13 23:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) DRV - [2009.06.24 09:59:10 | 000,167,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\..\SearchScopes\{539820DD-CB04-482A-A43B-88DE0DC431BE}: "URL" = hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN18160315570814-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=3c1f2045000000000000705ab6410e85&q={searchTerms} IE - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\..\SearchScopes\{EBDDB906-FBDB-49F8-B405-E9ACE2CFE4AB}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=ec3da10d-53fd-4087-b18b-d779f2f473ab&apn_sauid=EBC34E8A-A2A0-464F-B170-504F3B3E973C IE - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\..\SearchScopes\{F8958260-87D0-4F92-B9A1-AA2D914B77C6}: "URL" = hxxp://search.softonic.com/MON00015/tb_v1?q={searchTerms}&SearchSource=4&cc= IE - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Anke\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.09 16:06:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.22 22:29:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.09 16:06:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.22 22:29:37 | 000,000,000 | ---D | M] [2012.11.27 09:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anke\AppData\Roaming\mozilla\Extensions [2013.01.02 11:24:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anke\AppData\Roaming\mozilla\Firefox\Profiles\83uoyc3q.default\extensions [2012.11.24 19:30:40 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Anke\AppData\Roaming\mozilla\firefox\profiles\83uoyc3q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.11 13:07:00 | 000,002,273 | ---- | M] () -- C:\Users\Anke\AppData\Roaming\mozilla\firefox\profiles\83uoyc3q.default\searchplugins\englische-ergebnisse.xml [2012.11.27 09:21:50 | 000,002,431 | ---- | M] () -- C:\Users\Anke\AppData\Roaming\mozilla\firefox\profiles\83uoyc3q.default\searchplugins\FBDownloader.xml [2012.12.11 13:07:00 | 000,010,563 | ---- | M] () -- C:\Users\Anke\AppData\Roaming\mozilla\firefox\profiles\83uoyc3q.default\searchplugins\gmx-suche.xml [2012.12.11 13:07:00 | 000,002,432 | ---- | M] () -- C:\Users\Anke\AppData\Roaming\mozilla\firefox\profiles\83uoyc3q.default\searchplugins\lastminute.xml [2012.12.11 13:07:00 | 000,005,545 | ---- | M] () -- C:\Users\Anke\AppData\Roaming\mozilla\firefox\profiles\83uoyc3q.default\searchplugins\webde-suche.xml [2012.05.12 11:18:52 | 000,001,551 | ---- | M] () -- C:\Users\Anke\AppData\Roaming\mozilla\firefox\profiles\83uoyc3q.default\searchplugins\zonealarm.xml [2012.12.02 10:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.02 10:00:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.02 10:00:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.11.05 12:49:24 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.05 12:49:24 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.05 12:49:24 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.05 12:49:24 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.05 12:49:24 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.05 12:49:24 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search By ZoneAlarm () CHR - default_search_provider: search_url = hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN18160315570814-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=3c1f2045000000000000705ab6410e85&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - plugin: Error reading preferences file O1 HOSTS File: ([2012.12.30 21:50:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O3 - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKU\S-1-5-21-711859982-3773503475-4091641601-1000..\Run: [Akamai NetSession Interface] C:\Users\Anke\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-711859982-3773503475-4091641601-1000..\Run: [Facebook Update] C:\Users\Anke\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKU\S-1-5-21-711859982-3773503475-4091641601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11D50A63-3515-4D2C-82E1-C19F1C99D03D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.02 11:30:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Anke\Desktop\OTL.exe [2012.12.30 23:19:20 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.12.30 23:17:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.30 22:57:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.30 22:49:32 | 000,000,000 | ---D | C] -- C:\Users\Anke\AppData\Roaming\Avira [2012.12.30 22:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.30 22:42:50 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.12.30 22:42:48 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.12.30 22:42:48 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.12.30 22:42:48 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.12.30 22:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.12.30 22:01:40 | 005,015,826 | R--- | C] (Swearware) -- C:\Users\Anke\Desktop\ComboFix.exe [2012.12.30 21:54:04 | 000,000,000 | ---D | C] -- C:\Users\Anke\AppData\Local\temp [2012.12.30 19:53:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.30 19:53:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.30 19:52:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.30 19:52:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.30 19:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012.12.30 13:50:10 | 000,000,000 | ---D | C] -- C:\Users\Anke\AppData\Local\Apps [2012.12.30 13:08:12 | 000,000,000 | R--D | C] -- C:\Users\Anke\Pictures [2012.12.30 13:07:09 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Anke\Desktop\dds.com [2012.12.30 13:05:16 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Anke\Desktop\TFC.exe [2012.12.30 12:26:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.12.26 21:30:03 | 000,000,000 | ---D | C] -- C:\Users\Anke\AppData\Local\{A2E5D0BE-ADBF-4BB8-808A-FC3F8E236939} [2012.12.14 10:47:29 | 000,000,000 | ---D | C] -- C:\Users\Anke\AppData\Roaming\MAGIX [2012.12.14 10:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2012.12.14 10:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\simplitec [2012.12.11 12:42:06 | 000,000,000 | ---D | C] -- C:\Users\Anke\Documents\Auszüge [2012.12.09 16:16:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.09 16:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.09 16:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.09 16:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.12.09 16:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.09 16:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime ========== Files - Modified Within 30 Days ========== [2013.01.02 11:34:07 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 11:34:07 | 000,014,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.02 11:30:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anke\Desktop\OTL.exe [2013.01.02 11:26:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.30 22:43:43 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.30 22:02:25 | 005,015,826 | R--- | M] (Swearware) -- C:\Users\Anke\Desktop\ComboFix.exe [2012.12.30 21:50:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.12.30 13:07:10 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Anke\Desktop\dds.com [2012.12.30 13:05:17 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Anke\Desktop\TFC.exe [2012.12.30 12:17:59 | 000,418,958 | ---- | M] () -- C:\Users\Anke\Documents\Sofware.odt [2012.12.27 10:25:16 | 000,012,467 | ---- | M] () -- C:\Users\Anke\Documents\Elli Rente.odt [2012.12.26 21:30:40 | 000,009,538 | ---- | M] () -- C:\Users\Anke\Documents\mbam-log-2012-12-22 (20-45-00).eml [2012.12.19 19:17:23 | 000,000,206 | ---- | M] () -- C:\Users\Anke\Documents\cc_20121219_191706.reg [2012.12.11 17:08:09 | 000,289,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.11 08:27:21 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.11 08:27:21 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.11 08:27:21 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.11 08:27:21 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.09 16:16:12 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.09 16:05:56 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.09 15:23:29 | 000,028,231 | ---- | M] () -- C:\Users\Anke\Documents\Vorlagen Weihnachten.odt [2012.12.05 19:42:38 | 000,009,778 | ---- | M] () -- C:\Users\Anke\Documents\Nikolausstiefel.odt ========== Files Created - No Company Name ========== [2012.12.30 22:43:43 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.12.30 19:53:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.30 19:53:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.30 19:53:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.30 19:53:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.30 19:53:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.30 11:47:35 | 000,418,958 | ---- | C] () -- C:\Users\Anke\Documents\Sofware.odt [2012.12.27 10:25:12 | 000,012,467 | ---- | C] () -- C:\Users\Anke\Documents\Elli Rente.odt [2012.12.26 21:26:36 | 000,009,538 | ---- | C] () -- C:\Users\Anke\Documents\mbam-log-2012-12-22 (20-45-00).eml [2012.12.19 19:17:15 | 000,000,206 | ---- | C] () -- C:\Users\Anke\Documents\cc_20121219_191706.reg [2012.12.11 17:07:50 | 000,289,720 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.09 16:16:12 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.09 16:05:56 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.09 15:23:24 | 000,028,231 | ---- | C] () -- C:\Users\Anke\Documents\Vorlagen Weihnachten.odt [2012.12.05 19:42:34 | 000,009,778 | ---- | C] () -- C:\Users\Anke\Documents\Nikolausstiefel.odt [2012.11.05 13:03:28 | 000,007,597 | ---- | C] () -- C:\Users\Anke\AppData\Local\Resmon.ResmonCfg [2012.02.16 20:02:41 | 002,431,374 | ---- | C] () -- C:\Users\Anke\IMG_0072.JPG [2011.06.14 16:02:20 | 000,028,482 | ---- | C] () -- C:\Users\Anke\AppData\Roaming\UserTile.png [2011.02.16 09:34:58 | 000,003,584 | ---- | C] () -- C:\Users\Anke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.18 16:51:31 | 004,767,035 | ---- | C] () -- C:\Users\Anke\Downloads.7z ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.08.30 19:16:24 | 000,000,000 | ---D | M] -- C:\Users\Anke\AppData\Roaming\.minecraft [2012.05.12 11:18:41 | 000,000,000 | ---D | M] -- C:\Users\Anke\AppData\Roaming\CheckPoint [2012.12.30 21:48:49 | 000,000,000 | ---D | M] -- C:\Users\Anke\AppData\Roaming\convert [2012.12.26 21:21:51 | 000,000,000 | ---D | M] -- C:\Users\Anke\AppData\Roaming\IObit [2012.12.14 10:47:29 | 000,000,000 | ---D | M] -- C:\Users\Anke\AppData\Roaming\MAGIX [2010.08.06 13:23:45 | 000,000,000 | ---D | M] -- C:\Users\Anke\AppData\Roaming\OpenOffice.org [2012.11.27 09:09:20 | 000,000,000 | ---D | M] -- C:\Users\Anke\AppData\Roaming\TuneUp Software [2012.06.09 20:21:19 | 000,000,000 | ---D | M] -- C:\Users\Anke\AppData\Roaming\wargaming.net [2012.06.06 22:20:54 | 000,000,000 | ---D | M] -- C:\Users\Anke\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 143 bytes -> C:\Users\Anke\Documents\mbam-log-2012-12-22 (20-45-00).eml:OECustomProperty < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.01.2013 11:31:35 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anke\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,95 Mb Total Physical Memory | 141,84 Mb Available Physical Memory | 13,99% Memory free
1,99 Gb Paging File | 1,02 Gb Available in Paging File | 51,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 115,30 Gb Free Space | 77,41% Space Free | Partition Type: NTFS
Computer Name: ANKE-PC | User Name: Anke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-711859982-3773503475-4091641601-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira Free Antivirus
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-711859982-3773503475-4091641601-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.06.2012 06:19:25 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
Error - 10.06.2012 06:19:25 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
Error - 10.06.2012 06:19:27 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
Error - 10.06.2012 06:19:27 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
Error - 10.06.2012 06:19:27 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
Error - 10.06.2012 06:19:28 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
Error - 10.06.2012 06:19:28 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
Error - 10.06.2012 06:19:28 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
Error - 14.06.2012 06:41:36 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
Error - 14.06.2012 06:41:36 | Computer Name = Anke-PC | Source = Bonjour Service | ID = 100
Description =
[ System Events ]
Error - 30.12.2012 18:07:02 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 30.12.2012 18:14:51 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 30.12.2012 18:23:01 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 31.12.2012 03:23:31 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 31.12.2012 04:04:36 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 31.12.2012 05:58:13 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 31.12.2012 10:13:51 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 01.01.2013 14:42:27 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 02.01.2013 06:11:52 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 02.01.2013 06:26:53 | Computer Name = Anke-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
Geändert von bronski123 (02.01.2013 um 11:48 Uhr) Grund: fertig |
|
02.01.2013, 13:38
| #23 | |
| /// TB-Ausbilder | Viren auf Rechner gefunden Hm irgendwie war da jetzt doch nichts mehr - umso besser  Fix mit OTL
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.01.2013, 13:51
| #24 |
| | Viren auf Rechner gefunden ist dann doch recht schnell durchgelaufen :-) Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-711859982-3773503475-4091641601-1000\Software\Microsoft\Internet Explorer\SearchScopes\{539820DD-CB04-482A-A43B-88DE0DC431BE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{539820DD-CB04-482A-A43B-88DE0DC431BE}\ not found.
Registry key HKEY_USERS\S-1-5-21-711859982-3773503475-4091641601-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EBDDB906-FBDB-49F8-B405-E9ACE2CFE4AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBDDB906-FBDB-49F8-B405-E9ACE2CFE4AB}\ not found.
Registry key HKEY_USERS\S-1-5-21-711859982-3773503475-4091641601-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8958260-87D0-4F92-B9A1-AA2D914B77C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8958260-87D0-4F92-B9A1-AA2D914B77C6}\ not found.
C:\Users\Anke\AppData\Roaming\mozilla\firefox\profiles\83uoyc3q.default\searchplugins\zonealarm.xml moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Anke
->Temp folder emptied: 908969 bytes
->Temporary Internet Files folder emptied: 86848 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70301900 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1398 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 68,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01022013_135307
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
02.01.2013, 14:00
| #25 | |
| /// TB-Ausbilder | Viren auf Rechner gefunden Ja kommt immer drauf an. Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.01.2013, 17:48
| #26 |
| | Viren auf Rechner gefunden so nun abgearbeitet  Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.02.04 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Anke :: ANKE-PC [Administrator] 02.01.2013 14:29:33 mbam-log-2013-01-02 (14-29-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202180 Laufzeit: 5 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Schritt 3 Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 TuneUp Utilities Language Pack (de-DE) Adobe Flash Player 11.1.102.55 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
02.01.2013, 18:14
| #27 |
| /// TB-Ausbilder | Viren auf Rechner gefunden Dann geht es weiter: Schritt 1: Windows 7 Service Pack 1 installieren
Schritt 2: Update: Internetexplorer Auch wenn du einen anderen Browser benutzt, Windows benutzt intern den Internetexplorer! Schritt 3: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Schritt 4: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.01.2013, 21:18
| #28 |
| |  Viren auf Rechner gefunden auch erledigt Schritt 3 -> habe ich Foxit Reader gewählt anbei Checkup.txt Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 TuneUp Utilities Language Pack (de-DE) Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
02.01.2013, 21:29
| #29 |
| /// TB-Ausbilder | Viren auf Rechner gefunden Gibts einen Grund warum du Schritt 1 nicht gemacht hast? Wiederholen bitte.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
02.01.2013, 21:35
| #30 |
| | Viren auf Rechner gefunden doch habe Schritt 1 und auch 2 gemacht bin ja schon geschult von dir  -> Schritt für Schritt - was nicht passiert !?mach Schritt 1 noch einmal |
|
| Themen zu Viren auf Rechner gefunden |
| anti-malware, dateien, gefunde, gesetzt, hintergrund, infizierte, infizierten, installier, installiert, irgendetwas, loswerden, malwarebytes, malwarebytes anti-malware, meldung, quarantäne, rechner, seite, viren, was tun |
Textbox.
Button.
und dann 
Linear-Darstellung
