| |
| |||||||
Log-Analyse und Auswertung: Von Bot erwischt, emailausgang gesperrt, malwarebytes findet nichtsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.01.2013, 14:15
| #1 |
| |  Von Bot erwischt, emailausgang gesperrt, malwarebytes findet nichts Hallo, vor 4 Tagen hatte mir Avira einen Befall gemeldet, habe dieses hartnäckige Ding mit div. Programmen entfernt. Dann war Ruhe, bis ich am nächsten Tag plötzlich diese Mails im Email Postfach fand.. und davon einige, immer mit verschiedener Absicht von angeblich meinem Postfach abgesendet. Habe Malwarebytes laufen lassen, der hat nichts gefunden.. All diese Kontakte sind nicht von meiner Adressliste, also wildfremde Leute, die mit meiner emailadresse abgezockt werden sollen. Ein Telefonat mit t-online brachte nichts, obwohl ich dort direkt darauf hingewiesen hatte. So dann das was kommen musste, t-online hat dann erst mal meinen email-ausgang dicht gemacht... da ich in allem neue Passwörter anlegen muss, brauche ich aber erst mal nen sauberen Rechner.. da ich nur diesen hier besitze, muss ich Euch dann um Hilfe bitten.. hier eine der mails, und dann die von t-online... danach mach ich mich ans eingemachte....hoffe es kann jemand helfen, sonst bleibt wohl nur das neu aufsetzten.... This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: ilovelucy441@yahoo.com SMTP error from remote mail server after end of data: host mta7.am0.yahoodns.net [74.6.136.244]: 554 Message not allowed - [PH01] Email not accepted for policy reasons. Please visit hxxp://postmaster.yahoo.com/errors/postmaster-27.html [120] ------ This is a copy of the message, including all the headers. ------ Return-path: <***> Received: from fwd01.aul.t-online.de (fwd01.aul.t-online.de ) by mailout06.t-online.de with smtp id 1Tt4ju-0000xI-BD; Thu, 10 Jan 2013 00:07:18 +0100 Received: from 23-30-173-41-static.hfc.comcastbusiness.net (ZG4zjcZG8h4zTLRlJnIpywn5Q4OAl17q-z+4wSZOW+XtxZg66tL6CnZ5YthuSHPgnB@[23.30.173.41]) by fwd01.t-online.de with esmtp id 1Tt4js-0tLEGW0; Thu, 10 Jan 2013 00:07:16 +0100 Message-ID: <D77FFDBFC258482BBC99094B6D91B19D@sbs2003> From: "SpamCop" <***> To: <ilovelucy441@yahoo.com> Subject: =?koi8-r?B?QXR0ZW50aW9uISBZb3VyIGVtYWlsICJpbG92ZWx1Y3k0NDFAeWFob28uY29tICIgd2lsbCBiZSBCTEFDS0xJU1RFRCBzb29uLg==?= Date: Wed, 9 Jan 2013 18:06:57 -0500 Organization: SpamCop MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_1F5A_01CDEE94.1D487230" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 X-ID: ZG4zjcZG8h4zTLRlJnIpywn5Q4OAl17q-z+4wSZOW+XtxZg66tL6CnZ5YthuSHPgnB X-TOI-MSGID: c7eb2e74-ab56-4f32-a16f-bd2e4cd491d7 This is a multi-part message in MIME format. ------=_NextPart_000_1F5A_01CDEE94.1D487230 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable ------=_NextPart_000_1F5A_01CDEE94.1D487230 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML xmlns  ><HEAD><TITLE></TITLE> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r"> <META content=3D"MSHTML 6.00.6000.16788" name=3DGENERATOR></HEAD> <BODY> =20 <META content=3D"MSHTML %_RTXT_5-8_1_%" name=3DGENERATOR> <P><SPAN lang=3DEN-US style=3D"mso-ansi-language: EN-US">Dear <A=20 href=3D"mailto:ilovelucy441@yahoo.com">ilovelucy441@yahoo.com</A>,</SPAN>=</P> <P><SPAN lang=3DEN-US style=3D"mso-ansi-language: EN-US">Today 1/9/2= 013=20 we received complaints about spam coming from your network. S= pam=20 bots are sending bulk emails, for the security reasons your email wi= ll be=20 blacklisted. To avoid blacklisting please check your Sent folder for= =20 unknown emails and prove that you are human by entering this=20 code "31248562" <A=20 href=3D"hxxp://aanchal-zuniga.ucoz.ru">here</A>.</SPAN> Your email w= ill be recorded and=20 spam flag will be removed. No other data will be collected. </P> <P><SPAN lang=3DEN-US style=3D"mso-ansi-language: EN-US">Thank you for=20 cooperation.<o  ></o></SPAN></P><P><SPAN lang=3DEN-US=20 style=3D"mso-ansi-language: EN-US"><o ></o></SPAN> </P><P><SPAN lang=3DEN-US style=3D"mso-ansi-language: EN-US">SpamCOP=20 SBL.<o ></o></SPAN></P></BODY></HTML>------=_NextPart_000_1F5A_01CDEE94.1D487230-- Sehr geehrte Kundin, sehr geehrter Kunde, wir schreiben Ihnen heute aus einem unerfreulichen Grund, denn wir haben Ihre Internet-Zugangsnummer als Quelle von Massen-E-Mails identifiziert. Vermutlich haben sich Unbekannte Zugriff zu Ihrem Internet-Zugang oder zu Ihren Passwörtern für unsere Dienste verschafft. Gegebenenfalls sind diesen Personen auch andere Passwörter, Kreditkarten-, Bank- und sonstige Daten bekannt. Daher unsere dringende Bitte: Prüfen Sie unbedingt Ihren Computer, um die missbräuchliche Nutzung Ihres Zugangs zu unterbinden, und ändern Sie Ihre Passwörter. Um weiteren Missbrauch zu erschweren, haben wir nun den E-Mail-Verkehr eingeschränkt. Die Einschränkung bedeutet für Sie, dass der Versand von E-Mails über Ihre *@t-online.de Adresse gesperrt wurde (Mailversandsperre). Das Versenden über E-Mail Portale wie beispielsweise unserem E-Mail Center unter https://email.t-online.de ist hiervon nicht betroffen. Die Änderung Ihrer Passwörter ist wichtig, damit Sie sich und Ihren Internet-Zugang, die Infrastruktur der Telekom und andere Internet-Nutzer nicht weiter gefährden. Denken Sie dabei auch an das Zugangspasswort in Ihrem Router und die Passwörter für alle E-Mail-Adressen. Vergessen Sie dabei nicht etwaige Passwörter für Onlinebanking, eBay, Amazon usw., falls Sie solche Dienste nutzen. (Hinweis: Dies darf nur von einem Rechner aus erfolgen, der garantiert frei von Viren und Trojanern ist, sonst werden die neuen Passwörter gleich wieder von dem Angreifer mitgelesen!) Code:
ATTFilter OTL logfile created on: 13.01.2013 12:30:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gaby\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,17 Mb Total Physical Memory | 528,03 Mb Available Physical Memory | 52,01% Memory free 2,38 Gb Paging File | 1,82 Gb Available in Paging File | 76,25% Paging File free Paging file location(s): C:\pagefile.sys 1522 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 79,99 Gb Total Space | 61,35 Gb Free Space | 76,70% Space Free | Partition Type: NTFS Drive D: | 61,20 Gb Total Space | 59,95 Gb Free Space | 97,96% Space Free | Partition Type: NTFS Drive E: | 14,83 Gb Total Space | 14,76 Gb Free Space | 99,55% Space Free | Partition Type: FAT32 Computer Name: GABYSBABY | User Name: Gaby | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.13 12:27:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaby\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.11 12:59:15 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.08.10 17:05:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.09 04:52:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 04:52:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 04:52:38 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.08 14:23:54 | 000,585,728 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2010.09.16 13:06:22 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010.09.06 11:23:52 | 000,542,064 | ---- | M] (PIXELA CORPORATION) -- C:\Programme\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe PRC - [2008.09.03 18:49:56 | 000,311,296 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe PRC - [2008.09.03 10:34:42 | 000,335,872 | ---- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\ETDCTRL.EXE PRC - [2008.09.02 19:32:00 | 000,593,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe PRC - [2008.09.02 19:28:14 | 000,106,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe PRC - [2008.08.22 16:18:44 | 000,204,800 | ---- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\ETDDECT.EXE PRC - [2008.07.30 09:56:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.05.21 00:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.11.16 09:16:49 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_61a6406d\mscorlib.dll MOD - [2012.11.16 09:15:30 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_fa391a9a\system.xml.dll MOD - [2012.11.16 09:15:10 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_a947c336\system.windows.forms.dll MOD - [2012.11.16 05:52:47 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b7e4cae\system.dll MOD - [2012.11.16 05:52:19 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2012.11.16 05:52:12 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.05.09 04:52:39 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.03.08 14:23:54 | 000,585,728 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011.03.08 14:23:54 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011.03.08 14:23:52 | 000,352,256 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll MOD - [2011.03.08 14:23:52 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011.03.08 14:23:52 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011.03.08 14:23:52 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2010.09.16 13:06:22 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe MOD - [2008.08.11 17:48:57 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2008.08.11 17:48:53 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll MOD - [2008.07.30 09:55:02 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2008.07.30 09:52:10 | 000,040,960 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2004.09.09 16:13:00 | 000,364,544 | ---- | M] () -- C:\Programme\PIXELA\Everio MediaBrowser 3\pxl_m17n_tool.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013.01.09 18:15:19 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.11 12:59:15 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.05.09 04:52:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.09 04:52:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.16 13:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2013.01.07 19:02:24 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.09 04:52:39 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 04:52:39 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.09.16 15:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.22 17:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.08.12 15:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008.07.24 16:37:16 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.07.24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.07.24 16:37:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.05.30 10:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008.04.08 14:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2008.03.28 16:38:16 | 000,625,024 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2008.03.11 18:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2008.03.10 17:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2008.02.04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007.05.03 03:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\..\SearchScopes\{D4D3D5DD-9046-436F-8A74-AB2708E061D5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=1c6d75dd-8e39-4478-9ac4-430accda6fc6&apn_sauid=470C3BD0-BE56-41CC-9ABE-CF54512B943F IE - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=14672" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=de_DE&apn_uid=1c6d75dd-8e39-4478-9ac4-430accda6fc6&apn_ptnrs=T8&apn_sauid=470C3BD0-BE56-41CC-9ABE-CF54512B943F&apn_dtid=YYYYYYYYDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) [2012.12.25 09:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Mozilla\Extensions [2012.09.03 16:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Mozilla\Firefox\Profiles\waopc6f6.default\extensions O1 HOSTS File: ([2013.01.07 18:18:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [ETDWareDetect] C:\Programme\Elantech\ETDDECT.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Device Monitor 3.lnk = C:\Programme\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe (PIXELA CORPORATION) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2637244343-2559362741-3623067051-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6476B88-0B42-46C0-910F-6A401453F51F}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.08.11 15:19:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 12:27:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaby\Desktop\OTL.exe [2013.01.11 04:47:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\PCHealth [2013.01.09 22:38:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.07 20:22:26 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.07 20:10:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Malwarebytes [2013.01.07 20:10:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.07 20:10:09 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.07 20:10:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.07 18:33:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.07 18:09:22 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.07 18:01:11 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Gaby\Startmenü\Programme\Verwaltung [2013.01.07 18:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2012.12.28 16:48:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaby\Eigene Dateien\Neu [2012.12.18 18:50:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\Sun [2012.12.15 23:05:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight [2012.12.15 23:05:21 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2008.08.11 18:17:59 | 015,523,560 | ---- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.13 12:27:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gaby\Desktop\OTL.exe [2013.01.13 12:14:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.13 11:51:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2013.01.13 11:10:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.12 14:43:27 | 000,000,388 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaby\Eigene Dateien\spider.sav [2013.01.11 14:31:24 | 000,463,382 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.11 14:31:24 | 000,444,848 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.11 14:31:24 | 000,086,226 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.11 14:31:24 | 000,072,724 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.10 20:44:20 | 000,001,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaby\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.01.10 20:44:20 | 000,001,809 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaby\Desktop\Avira DE-Cleaner.lnk [2013.01.10 20:43:53 | 000,883,840 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaby\Desktop\Avira-DE-Cleaner.exe [2013.01.07 20:10:14 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.07 19:02:24 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.01.07 18:18:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.07 18:09:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.01.07 17:53:14 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Gaby\Eigene Dateien\MBR.dat [2012.12.22 04:43:07 | 000,192,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.21 22:56:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.10 20:44:20 | 000,001,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaby\Desktop\Entfernen des Avira DE-Cleaners.lnk [2013.01.10 20:44:19 | 000,001,809 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaby\Desktop\Avira DE-Cleaner.lnk [2013.01.10 20:43:53 | 000,883,840 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaby\Desktop\Avira-DE-Cleaner.exe [2013.01.07 20:10:14 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.07 19:02:24 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.01.07 18:09:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.01.07 18:09:25 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.07 17:53:14 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaby\Eigene Dateien\MBR.dat [2012.10.09 10:24:42 | 000,076,340 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lbdbmeknblgvlhg [2012.06.23 18:56:56 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2012.04.24 18:53:30 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.04.24 08:30:23 | 000,014,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.24 06:30:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.04.23 21:29:42 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Gaby\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.08.11 17:46:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.02.28 19:49:18 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.10.05 15:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games [2012.05.13 13:22:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2012.10.09 10:24:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\obbsdzcidctgysc [2012.06.21 19:09:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Recisio [2012.05.15 20:47:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\EPSON [2012.09.07 23:15:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\HTC [2013.01.13 11:17:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\ICQ [2012.04.24 07:33:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\InterVideo [2012.05.04 22:55:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Merafu [2012.05.04 20:01:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Sivoy [2012.05.01 18:23:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Syuk [2012.05.25 16:30:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\TeamViewer [2012.05.25 16:30:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\Windows Search [2012.05.02 03:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gaby\Anwendungsdaten\x2k1uftygomymppkzk32le2s1jnoxnyy2 ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.04.26 05:50:36 | 000,000,000 | ---D | M] -- C:\36155beabf1b1397bd4ea938201e07 [2013.01.07 18:09:28 | 000,000,000 | RHSD | M] -- C:\cmdcons [2012.10.09 10:27:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.08.11 16:57:31 | 000,000,000 | ---D | M] -- C:\Intel [2012.04.24 20:01:34 | 000,000,000 | R--D | M] -- C:\MSOCache [2013.01.07 20:22:26 | 000,000,000 | R--D | M] -- C:\Programme [2013.01.09 22:38:19 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2012.04.24 19:07:57 | 000,000,000 | ---D | M] -- C:\sql2ksp3 [2013.01.13 12:34:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.13 11:10:39 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > [2008.05.07 15:34:00 | 015,523,560 | ---- | M] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: REGEDIT.EXE > [2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\erdnt\cache\regedit.exe [2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\I386\REGEDIT.EXE [2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe [2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe [2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-01-12 22:27:12 < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 12:30:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Gaby\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,17 Mb Total Physical Memory | 528,03 Mb Available Physical Memory | 52,01% Memory free
2,38 Gb Paging File | 1,82 Gb Available in Paging File | 76,25% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 79,99 Gb Total Space | 61,35 Gb Free Space | 76,70% Space Free | Partition Type: NTFS
Drive D: | 61,20 Gb Total Space | 59,95 Gb Free Space | 97,96% Space Free | Partition Type: NTFS
Drive E: | 14,83 Gb Total Space | 14,76 Gb Free Space | 99,55% Space Free | Partition Type: FAT32
Computer Name: GABYSBABY | User Name: Gaby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2637244343-2559362741-3623067051-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Dokumente und Einstellungen\Gaby\Eigene Dateien\Firefox Browser\App\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B345B4A-2E94-4346-A38F-17E1347A0DA7}" = HTC Sync
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser 3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"Eee Storage" = Eee Storage 1.1.15.197
"Elantech" = ETDWare PS/2-x86 7.0.3.8 WHQL 03Sep08
"eMule Plus_is1" = eMule Plus 1.2e
"EPSON S22 Series" = EPSON S22 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Firefox Browser" = Firefox Browser (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"KaraFun Player_is1" = KaraFun Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"VLC media player" = VLC media player 2.0.1
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.01.2013 17:33:52 | Computer Name = GABYSBABY | Source = NativeWrapper | ID = 5000
Description =
Error - 11.01.2013 09:26:27 | Computer Name = GABYSBABY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 11.01.2013 09:26:30 | Computer Name = GABYSBABY | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
der Protokolldatei C:\DOKUME~1\Gaby\LOKALE~1\Temp\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
enthalten.
Error - 11.01.2013 09:26:34 | Computer Name = GABYSBABY | Source = NativeWrapper | ID = 5000
Description =
Error - 11.01.2013 18:45:54 | Computer Name = GABYSBABY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 11.01.2013 18:45:57 | Computer Name = GABYSBABY | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
enthalten.
Error - 11.01.2013 18:45:59 | Computer Name = GABYSBABY | Source = NativeWrapper | ID = 5000
Description =
Error - 12.01.2013 18:27:00 | Computer Name = GABYSBABY | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source
could be found for product Microsoft .NET Framework 1.1. The Windows installer
cannot continue.
Error - 12.01.2013 18:27:03 | Computer Name = GABYSBABY | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{6C298884-91FD-408C-9D90-5A59D2C29FD1}"
konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2742597-X86\NDP1.1sp1-KB2742597-X86-msi.0.log
enthalten.
Error - 12.01.2013 18:27:10 | Computer Name = GABYSBABY | Source = NativeWrapper | ID = 5000
Description =
[ System Events ]
Error - 07.01.2013 13:11:14 | Computer Name = GABYSBABY | Source = Service Control Manager | ID = 7023
Description = Der Dienst "NLA (Network Location Awareness)" wurde mit folgendem
Fehler beendet: %%127
Error - 10.01.2013 00:02:47 | Computer Name = GABYSBABY | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
Error - 10.01.2013 17:33:53 | Computer Name = GABYSBABY | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
Error - 11.01.2013 09:26:39 | Computer Name = GABYSBABY | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
Error - 11.01.2013 18:46:00 | Computer Name = GABYSBABY | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
Error - 12.01.2013 09:25:46 | Computer Name = GABYSBABY | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek Single Flash Reader USB Device nicht laden.
Error - 12.01.2013 09:25:48 | Computer Name = GABYSBABY | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek Single Flash Reader USB Device nicht laden.
Error - 12.01.2013 09:28:27 | Computer Name = GABYSBABY | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek Single Flash Reader USB Device nicht laden.
Error - 12.01.2013 09:28:28 | Computer Name = GABYSBABY | Source = Wechselmediendienst | ID = 262255
Description = Der Wechselmediendienst konnte die Medien in Laufwerk Laufwerk 0 der
Bibliothek Single Flash Reader USB Device nicht laden.
Error - 12.01.2013 18:27:12 | Computer Name = GABYSBABY | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
1.1 SP1 unter Windows XP, Windows Vista und Windows Server 2008 x86 (KB2742597)
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-13 13:35:21
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0 ST9160310AS rev.0303 149,05GB
Running: w07n6rwb.exe; Driver: C:\DOKUME~1\Gaby\LOKALE~1\Temp\kwriypob.sys
---- System - GMER 2.0 ----
SSDT F7C59964 ZwClose
SSDT F7C5991E ZwCreateKey
SSDT F7C5996E ZwCreateSection
SSDT F7C59914 ZwCreateThread
SSDT F7C59923 ZwDeleteKey
SSDT F7C5992D ZwDeleteValueKey
SSDT F7C5995F ZwDuplicateObject
SSDT F7C59932 ZwLoadKey
SSDT F7C59900 ZwOpenProcess
SSDT F7C59905 ZwOpenThread
SSDT F7C59987 ZwQueryValueKey
SSDT F7C5993C ZwReplaceKey
SSDT F7C59978 ZwRequestWaitReplyPort
SSDT F7C59937 ZwRestoreKey
SSDT F7C59973 ZwSetContextThread
SSDT F7C5997D ZwSetSecurityObject
SSDT F7C59928 ZwSetValueKey
SSDT F7C59982 ZwSystemDebugControl
SSDT F7C5990F ZwTerminateProcess
---- EOF - GMER 2.0 ----
|
|
13.01.2013, 16:28
| #2 |
| /// Malware-holic   | Von Bot erwischt, emailausgang gesperrt, malwarebytes findet nichts Hi
__________________öffne Avira, Verwaltung, Quarantäne,poste alle Funde mit Pfadangaben. Was heißt, mit diversen Programmen, wo sind die Berichte, auswerten können wir nur, wenn uns alle Informationen deinerseits gegeben werden, die du hast.
__________________ |
Linear-Darstellung
