|
Plagegeister aller Art und deren Bekämpfung: System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.02.2013, 12:26 | #1 |
| System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Hallo zusammen, gestern abend hat mich System Repair erwischt. Relativ schnell bin ich auf dieses Forum gestoßen und habe die ersten Schritte der Anleitungen befolgt. Ich habe: rKill runtergeladen, ausgeführt -> Malwarebytes Anti-Malware losgelassen - 6 Dateien gefunden und eliminiert -> TDSSKiller laufen lassen nach Anleitung hier im Forum - 1 Fund - gelöscht -> zwischendurch nach allem, was ich gemacht habe, neu gestarte und zum Schluss Unhide.exe laufen lassen - und alle Dateien wieder sichtbar gemacht. Nun könnte man meinen es gäbe kein Problem mehr. Ich bekomme keine Fehlermeldungen mehr und mein System rennt stabil. Dennoch habe ich auf dem Desktop eine System-Repair Verknüpfung die sich nicht löschen lässt, mein Firefox bleibt verschwunden und sicher, das nun alles weg ist, bin ich auch nicht. Deshalb habe ich mir OTH runtergeladen. Gehe ich hier nach Anweisung vor, habe ich bei dem Punkt "Kill all processes" einen Bluescreen, der Rechner startet neu. Irgendwann hab ich dann beschlossen Eure Schritte mal durchzugehen, habe mir also defogger, OTL und GMER runtergeladen, laufen lassen - und habe hier die Logfiles. Ich bin etwas überfragt. Normalerweise wäre ich beruhigt, weil es funktioniert ja alles wieder, aber dieses blöde Ding auf´m Desktop macht mich nervös. Vielen Dank schonmal für Eure Hilfe! Sarah Code:
ATTFilter OTL logfile created on: 13.02.2013 10:06:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19393) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,39% Memory free 4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 25,99 Gb Free Space | 26,62% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 97,45 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Drive E: | 102,72 Gb Total Space | 69,41 Gb Free Space | 67,57% Space Free | Partition Type: NTFS Drive K: | 998,09 Mb Total Space | 618,06 Mb Free Space | 61,92% Space Free | Partition Type: FAT Computer Name: ZICKCHEN | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\8db51a0e07118635fb71b05f21937db8\Kies.Theme.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\54c3c22053264729fde00785baf21eb9\DummyStorePlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b07ff83c3ce2fd8d3a938889f020552d\DevicePodcast.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\e5334ab5e29c40a7af6223175123263b\DevicePhoto.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\aaa553d73526328d450a142814849e40\DeviceVideo.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\233972a5ba7f8718ba70734134186b1a\DeviceMusic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\e2689f807ac87966b7e78f74ab677453\VideoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\c8a238c49512fddf15119a48f1c8e520\PhotoManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\fb3e807ec2b98abd1a057ef3694499eb\Podcaster.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff3157a926a4c62bd7c4fc462b44d4ae\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\cdf08673f862b7fd1177df48dfa0bd75\DeviceHost.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\521e8f5d3e1452cabfea9ea69659c679\Phonebook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\7b10f766948b52ef6d261b1a1aa8ee0a\Kies.Plugin.ContentsManagerLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\65f0d5e5052a4a71f5a72d778fa2cbb6\MusicManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\8bf212e316537432a2356c88f3bb6f4d\BATPlugin.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\017429623044d5a3e9aa2aeef7d00017\Kies.Common.StoreManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\8bb1cf762dcfd25fa6fec281620a67e3\Kies.Common.MediaDB.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ca0b9f739dc8a16a0b45b07b6f1deae0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\3b13bd2ffd57d5a08bfb85636513922d\Kies.Common.AllShare.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\68bf9214584209eb5ebf209d1b95ac1e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\d1baf93e68f207b043f0861c5ee2d7ea\Interop.DevFileServiceLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5ff671ad98a74cfc1dee4a439fb8728e\Kies.Common.DeviceServiceLib.FileService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\57a3553bbf6667ae14d38bdb66f605a2\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2c72efd53cc6951822e9782f762e0950\Kies.Common.DeviceServiceLib.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6e4f1bc2e9b41f984d67aa1cd7f65c3d\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\016586bd2a1964a0a519cbc522d2906d\Kies.Common.DeviceService.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\7316848f01ce1da27fc2d701f32cae0d\Interop.PRPLAYERCORELib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\eef62cf0c04e638b3395fda4d258c81c\Kies.Common.Multimedia.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\89a65c0b3dd11b28cee0f0af1185b12d\Kies.Common.MainUI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\2a6cd90bb628de35d70c9dba6897d013\Kies.Common.DBManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\0969ff5a4924da7d8c6ebd3fca8f154b\ICSharpCode.SharpZipLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\7134f52b3f25107e9868d664eed50a2f\Kies.Common.Util.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\c7db33ddaee23e7ec8a3458fde5b50eb\Kies.Common.CRMManager.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\83ea8d246c90eeee2b100f01994eef5b\Kies.Locale.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8e2b0a9c69e1065931751dcb16bd5fac\Kies.UI.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\0bbdc52b6dd44363e4a194ee8bd8a460\Kies.MVVM.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\7c3107cb236a66aa4602f12d23611c55\GongSolutions.Wpf.DragDrop.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\7ed89054a3bdd9dbbf1cce0e0b592d78\Kies.Interface.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\f619ad24547bdefcd7ae3b6afdf99a67\Kies.ni.exe () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$JTLWAWI) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ebay.de/ IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D3 F0 30 61 E0 C1 CA 01 [binary data] IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "Bild.de" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.7.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.2.0.2 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.688: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.688: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2013.02.06 10:00:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2013.02.06 10:00:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2013.02.06 10:00:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2013.02.06 10:00:45 | 000,000,000 | ---D | M] [2010.08.30 18:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions [2010.01.24 19:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.01.31 22:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mwerl0sq.default\extensions [2010.12.21 17:06:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mwerl0sq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.03 14:35:28 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\mwerl0sq.default\extensions\2020Player_IKEA@2020Technologies.com [2013.01.31 22:34:26 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\mwerl0sq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.03.09 21:33:58 | 000,003,915 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\mwerl0sq.default\searchplugins\sweetim.xml [2010.12.20 07:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.19 06:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.21 17:32:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.10.23 14:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [URdEIoPdlrOf.exe] C:\ProgramData\URdEIoPdlrOf.exe File not found O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D3DB48-F294-4F5B-8A6B-15AC0C7F0BA1}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\ICM_ML.exe O33 - MountPoints2\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{9f38e349-090b-11df-abee-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9f38e349-090b-11df-abee-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Viewsonic.exe O33 - MountPoints2\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.13 09:56:33 | 000,259,584 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTH.scr [2013.02.13 08:55:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.02.12 23:52:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2013.02.12 22:59:16 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes [2013.02.12 22:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.12 22:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.12 22:58:58 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.02.12 22:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.02.06 10:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7 [2013.02.04 16:30:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\JTL-Software-GmbH [2013.02.04 16:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\JTL-Software [2013.02.04 11:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005 [2013.02.04 11:21:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.02.04 11:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server [2013.02.04 11:19:19 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\JTL-Wawi-Full [2013.02.04 08:22:19 | 148,442,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Sarah\Desktop\SQLEXPR_x86_DEU.exe [2013.02.04 08:21:55 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Download Manager [2013.02.04 08:07:01 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\jtl-software [2013.01.30 23:17:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.01.22 22:13:47 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\PDAppFlex [2013.01.22 17:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013.01.22 17:07:54 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Adobe [2013.01.22 17:06:10 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.01.22 17:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant [2013.01.14 20:32:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.13 10:07:27 | 000,728,812 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.13 10:07:27 | 000,679,280 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.13 10:07:27 | 000,168,282 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.13 10:07:27 | 000,136,660 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.13 10:02:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2013.02.13 10:01:13 | 000,005,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 10:01:12 | 000,005,360 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.13 10:01:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.13 10:01:00 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys [2013.02.13 10:00:58 | 183,382,366 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.02.13 09:56:38 | 000,259,584 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTH.scr [2013.02.13 09:50:45 | 000,000,042 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mbam.context.scan [2013.02.13 09:48:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.02.13 08:44:12 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2013.02.13 08:44:12 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2013.02.12 23:52:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe [2013.02.12 23:37:21 | 000,387,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.12 22:59:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.12 22:13:26 | 000,000,168 | ---- | M] () -- C:\ProgramData\URdEIoPdlrOf [2013.02.12 22:12:52 | 000,001,449 | ---- | M] () -- C:\Users\Sarah\Desktop\System Repair.lnk [2013.02.12 22:08:36 | 000,000,160 | ---- | M] () -- C:\ProgramData\-URdEIoPdlrOfr [2013.02.12 22:08:36 | 000,000,152 | ---- | M] () -- C:\ProgramData\-URdEIoPdlrOf [2013.02.07 10:03:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce0511f88db7a0.job [2013.02.05 09:41:50 | 000,011,341 | ---- | M] () -- C:\Users\Sarah\Desktop\SalesHistory.csv [2013.02.04 16:23:34 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\JTL-wawi.lnk [2013.02.04 11:17:16 | 104,470,167 | ---- | M] () -- C:\Users\Sarah\Desktop\JTL-Wawi-Full.zip [2013.02.04 08:27:53 | 148,442,600 | ---- | M] (Microsoft Corporation) -- C:\Users\Sarah\Desktop\SQLEXPR_x86_DEU.exe [2013.02.04 08:03:55 | 075,313,709 | ---- | M] ( ) -- C:\Users\Sarah\Desktop\setup-jtl-wawi_099875_130201.exe [2013.01.26 22:42:31 | 000,102,204 | ---- | M] () -- C:\Users\Sarah\Desktop\tumblr_mdyhr2dZyP1r3uvcho1_500_large.jpg [2013.01.26 11:41:55 | 000,036,864 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.22 22:14:00 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-Zickchen-Sarah.job [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.13 09:50:45 | 000,000,042 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\mbam.context.scan [2013.02.13 09:36:32 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.02.13 09:36:32 | 000,000,832 | ---- | C] () -- C:\Users\Public\Desktop\JTL-wawi.lnk [2013.02.12 23:37:07 | 2145,902,592 | -HS- | C] () -- C:\hiberfil.sys [2013.02.12 22:59:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.12 22:01:32 | 000,001,449 | ---- | C] () -- C:\Users\Sarah\Desktop\System Repair.lnk [2013.02.12 21:50:19 | 000,000,160 | ---- | C] () -- C:\ProgramData\-URdEIoPdlrOfr [2013.02.12 21:50:19 | 000,000,152 | ---- | C] () -- C:\ProgramData\-URdEIoPdlrOf [2013.02.12 21:50:18 | 000,000,168 | ---- | C] () -- C:\ProgramData\URdEIoPdlrOf [2013.02.07 10:03:18 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce0511f88db7a0.job [2013.02.05 09:41:49 | 000,011,341 | ---- | C] () -- C:\Users\Sarah\Desktop\SalesHistory.csv [2013.02.04 16:23:34 | 000,000,879 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JTL-wawi-ameise.lnk [2013.02.04 16:23:34 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JTL-wawi WORKER.lnk [2013.02.04 16:23:34 | 000,000,844 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JTL-wawi.lnk [2013.02.04 11:14:03 | 104,470,167 | ---- | C] () -- C:\Users\Sarah\Desktop\JTL-Wawi-Full.zip [2013.02.04 08:01:35 | 075,313,709 | ---- | C] ( ) -- C:\Users\Sarah\Desktop\setup-jtl-wawi_099875_130201.exe [2013.01.26 22:42:30 | 000,102,204 | ---- | C] () -- C:\Users\Sarah\Desktop\tumblr_mdyhr2dZyP1r3uvcho1_500_large.jpg [2013.01.22 22:14:00 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-Zickchen-Sarah.job [2013.01.22 17:24:24 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk [2013.01.22 17:22:47 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2013.01.22 17:22:43 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2013.01.22 17:22:24 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013.01.22 17:21:52 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2013.01.22 17:06:06 | 000,000,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012.12.10 21:20:11 | 026,162,543 | ---- | C] () -- C:\ProgramData\roma1.exe [2012.06.26 15:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.06.02 22:27:14 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2012.06.02 22:26:09 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll [2011.09.07 21:30:25 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2011.06.18 20:29:31 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.06.18 20:29:31 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.06.18 20:29:31 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.04.27 06:25:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011.04.27 06:25:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011.02.28 22:31:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.06.20 17:12:30 | 000,000,680 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat [2010.06.17 14:33:34 | 000,003,377 | ---- | C] () -- C:\Users\Sarah\.recently-used.xbel [2010.04.19 19:44:01 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.02.26 11:12:02 | 000,000,356 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat [2010.02.02 13:09:41 | 000,036,864 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.02.2013 10:06:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sarah\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19393) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,09 Gb Available Physical Memory | 54,39% Memory free 4,23 Gb Paging File | 3,11 Gb Available in Paging File | 73,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97,66 Gb Total Space | 25,99 Gb Free Space | 26,62% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 97,45 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Drive E: | 102,72 Gb Total Space | 69,41 Gb Free Space | 67,57% Space Free | Partition Type: NTFS Drive K: | 998,09 Mb Total Space | 618,06 Mb Free Space | 61,92% Space Free | Partition Type: FAT Computer Name: ZICKCHEN | User Name: Sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 1 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{103D5AEB-EC06-4018-AEDB-F61C46F55650}" = lport=2869 | protocol=6 | dir=in | app=system | "{200395B4-0562-4EB2-91F2-97DF51ECDB6C}" = lport=10243 | protocol=6 | dir=in | app=system | "{27E328F8-150B-4964-A739-855EFEA0EFBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{29AC8E20-196F-4DAB-9193-631F30E4B3FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3DAD86FF-4320-4AE3-8FC9-0F41D7F73DC8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5FE4CF8C-3540-4E6D-AD0D-66A4C4C74544}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B3371DBE-2676-4D64-9567-4ECA6B9FF121}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E5824866-9253-45F5-B6B4-FFAACAD4D3A8}" = rport=10243 | protocol=6 | dir=out | app=system | "{E84898B6-EF4E-4021-97FD-7F8F18F110E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14B21F57-F88A-4807-B0BF-9D364CE12DAE}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{1B480C41-A576-49F6-8A75-5BDFE8214D31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2DA6E5A4-BA6B-47B0-8051-FDEA01103621}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{38D08874-5702-419E-A99F-361A3B3B5461}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{41559505-40EF-4267-B3CE-D8FBC67523E1}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{46127179-1A55-4EA9-9B43-5F6C7ED0A91B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{620A0CBF-5464-46A3-8877-399133D0C83F}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{6F714B06-21A6-4CE3-A7E3-3F269FA1CD17}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{72148869-0ADF-430C-9031-8C084D0964BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{7879D537-39D6-4C29-8057-0D9BD66C7D13}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{79042F09-2DBF-4672-BF25-79B6045D392A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{997AF9D5-A3A0-4A45-8E0C-F1F3B2A260C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9DDA313B-2C95-4186-B6B3-0E8E682FFD1D}" = protocol=6 | dir=out | app=system | "{A6AA8D40-E994-4B63-BC28-B725848749C4}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "{A87EADEA-1718-4E59-9043-0BE0A2B92AE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B9F59B35-7147-468A-9A7F-9A35AA98BCE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BC7A7FD2-AD12-4323-8E7D-D8BE63BAEDF9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\dermaniac\counter-strike source\hl2.exe | "{CE0180FE-28BA-4232-8479-BA5FE764F018}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "{D59C401D-B79E-400E-9B5A-2AB206EE5AEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E3B1469A-8007-4F33-A107-A7A5530A6706}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F12C7A48-213F-4191-B450-E21A3EAE9632}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{FD7088E5-C6C0-4908-A866-5A6FAB589AB8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\dermaniac\counter-strike source\hl2.exe | "TCP Query User{02EC71DB-B1AE-4163-A329-1A85F4AA635D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{27A5FC6E-F7F3-4E3A-8851-2EE1AED3BA69}C:\program files\poc\pocxxl\bin\pocxxl.exe" = protocol=6 | dir=in | app=c:\program files\poc\pocxxl\bin\pocxxl.exe | "TCP Query User{47E83B55-1567-4215-A2D4-90B50CA38741}C:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=6 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_engb.exe | "TCP Query User{56B8DF67-637A-47D3-BFE4-785349032EB7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "TCP Query User{67056295-CD7D-4E4D-B1DF-7EC024A9ABBA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{A416C960-DBD1-498A-8B68-2EA4FF066198}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | "TCP Query User{C271C4F8-7191-492E-BBF6-BD8ABAE1562E}C:\users\sarah\desktop\downloader_diablo2_dede.exe" = protocol=6 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_dede.exe | "TCP Query User{CC1C010A-F444-43E3-BAEA-CC363C8A0B57}C:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=6 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_dede.exe | "TCP Query User{F4E5A307-BAEE-4FAA-AF7E-064DCDE775B2}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | "TCP Query User{F9E20902-77E8-4727-B0C8-496EE17F26FE}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{00146113-E3AF-4184-8724-44BF3FCDE739}C:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=17 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_dede.exe | "UDP Query User{0E413FFB-A9C9-4585-B4F5-B8D7D709A698}C:\program files\poc\pocxxl\bin\pocxxl.exe" = protocol=17 | dir=in | app=c:\program files\poc\pocxxl\bin\pocxxl.exe | "UDP Query User{1DD0C1BF-8B86-49EE-A01B-E22750338C07}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{3FFFDBD6-5A94-4648-A340-4A0C702C1658}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | "UDP Query User{6960489C-3B3D-42BD-8CD9-A6B59DF7DB2F}C:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=17 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_lord_of_destruction_engb.exe | "UDP Query User{90EA4FFD-E7AA-460C-B14B-FEAEE2ED1344}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{97FED9F6-F574-4777-9024-B99CA929E6CB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{9FF7EF54-22CB-419F-B2D7-B942E3DE4013}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{A282E2A0-939A-4143-A929-4B23DBB347CE}C:\users\sarah\desktop\downloader_diablo2_dede.exe" = protocol=17 | dir=in | app=c:\users\sarah\desktop\downloader_diablo2_dede.exe | "UDP Query User{CAA5364A-4413-4457-82D8-E6FD4959D417}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 "_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension "{0084B0C3-F376-42E3-804A-885D249282BD}" = CorelDRAW Graphics Suite X6 - IPM "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI) "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{09E4C6A0-AB81-4ADA-9163-DD7B724E0BB6}" = Janosch Vorschule "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{169ADA4A-8079-4CD8-8E20-030B1A54E552}" = CorelDRAW Graphics Suite X6 - DE "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{25D69CEE-3EE2-47FD-9A0E-5013240EC953}" = CorelDRAW Graphics Suite X6 - Common "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{318FF3D7-0C40-483B-AF92-AF36416B0AC6}" = CorelDRAW Graphics Suite X6 - Writing Tools "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}" = NetWorkingWizard_ICM "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}" = CorelDRAW Graphics Suite X6 - Setup Files "{579CA850-B2C3-43F3-A3F6-3A0AE42E8225}" = CorelDRAW Graphics Suite X6 - FontNav "{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray "{603C6570-2BA1-4FC6-8735-7EFA6D1F6F61}" = CorelDRAW Graphics Suite X6 - Custom Data "{62BEC144-7029-4BF4-B3F2-FA231FB9F84B}" = CorelDRAW Graphics Suite X6 - Redist "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F53FB68-6620-423E-B7CD-B8205655B421}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT "{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74FA94F1-9566-4252-9372-E7EAFFEFE209}" = CorelDRAW Graphics Suite X6 - Capture "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU "{7A2FF332-E4F6-4D87-9EBD-EDFF1216490F}" = CorelDRAW Graphics Suite X6 - Filters "{7CCD75BD-5528-4FE1-90D2-392D661A2BF1}" = CorelDRAW Graphics Suite X6 - VSTA "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F9F6864-8CAB-440C-AF44-030D0135666D}" = CorelDRAW Graphics Suite X6 "{879E2460-18F9-48F2-B736-4E814A699504}" = CorelDRAW Graphics Suite X6 - VBA "{89A48D6A-19C9-4127-AE37-8E11CA08E893}_is1" = Rummi Version 7.1.5 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EF200A3-1CAC-462E-990B-EC902279BAAA}" = Microsoft Visual Basic for Applications 7.1 (x86) German "{A157AC1C-DF44-481A-81E7-17AE00239818}" = Logitech Z-series Software 1.04 "{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager "{B92076C0-C5FE-4DB1-AA8D-855430CDF098}" = Corel Graphics - Windows Shell Extension "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{BD136CE7-6666-4273-A056-8D92F8625AAB}" = Sun ODF Plugin for Microsoft Office 3.2 "{C5262276-0075-498B-B80F-7D997482E4DB}" = CorelDRAW Graphics Suite X6 - Draw "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D4A17D31-2F7B-4682-AD57-467021452909}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin "{D4EFC6B7-3DA5-400D-9682-9BE287A5440E}" = CorelDRAW Graphics Suite X6 - Connect "{D5E409E8-3AF3-4B19-A291-E27AECC905B3}" = Janosch Vorschule Englisch "{DDFEB503-D662-4224-82C9-37A5698FDC25}" = CorelDRAW Graphics Suite X6 - VideoBrowser "{E4C59955-6166-4B64-86DB-E8FBCADFFF16}" = Caillous Kindergarten "{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4415576-418A-1721-9177-BB4ADDDC66B3}" = Legalsounds Download Manager "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira Free Antivirus "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.adobe.WidgetBrowser" = Adobe Widget Browser "Diablo II" = Diablo II "Google Chrome" = Google Chrome "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "JTL-Wawi_is1" = JTL-Wawi "LegalsoundsDownloadManager" = Legalsounds Download Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Ports Of Call XXL" = Ports Of Call XXL "RealPlayer 12.0" = RealPlayer "Samsung CLP-310 Series" = Samsung CLP-310 Series "Steam App 240" = Counter-Strike: Source "TIPP10_is1" = TIPP10 Version 2.0.3 "VLC media player" = VLC media player 1.1.5 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1348431092-3509530480-2247138941-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.05.2011 12:24:38 | Computer Name = Zickchen | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a, fehlerhaftes Modul QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a, Ausnahmecode 0xc0000005, Fehleroffset 0x00013d8b, Prozess-ID 0xad0, Anwendungsstartzeit 01cc1e1ce3e175e2. Error - 29.05.2011 12:29:16 | Computer Name = Zickchen | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a, fehlerhaftes Modul QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a, Ausnahmecode 0xc0000005, Fehleroffset 0x00013d8b, Prozess-ID 0xd48, Anwendungsstartzeit 01cc1e1d4b0da190. Error - 29.05.2011 12:39:52 | Computer Name = Zickchen | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a, fehlerhaftes Modul QT32.EXE, Version 2.1.2.59, Zeitstempel 0x3222491a, Ausnahmecode 0xc0000005, Fehleroffset 0x00013d8b, Prozess-ID 0xa60, Anwendungsstartzeit 01cc1e1ef1eb7adb. Error - 10.06.2011 01:18:04 | Computer Name = Zickchen | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 04.07.2011 17:19:49 | Computer Name = Zickchen | Source = System Restore | ID = 8193 Description = Error - 25.07.2011 14:35:34 | Computer Name = Zickchen | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 09.08.2011 12:10:45 | Computer Name = Zickchen | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 06.04.2012 16:59:31 | Computer Name = Zickchen | Source = Avira AntiVir | ID = 4118 Description = Error - 12.04.2012 14:27:52 | Computer Name = Zickchen | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung Verbindungsassistent.exe, Version 1.0.0.1, Zeitstempel 0x49ad175c, fehlerhaftes Modul WtgCore.dll, Version 1.0.0.1, Zeitstempel 0x49ad1721, Ausnahmecode 0xc0000005, Fehleroffset 0x00045351, Prozess-ID 0xf88, Anwendungsstartzeit 01cd18ce2bd2dbcd. Error - 02.05.2012 17:16:13 | Computer Name = Zickchen | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 13.02.2013 03:48:19 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000 Description = Error - 13.02.2013 03:56:09 | Computer Name = Zickchen | Source = Print | ID = 19 Description = Der Druckspooler konnte den Drucker Samsung CLP-310 Series nicht unter dem Namen Samsung CLP-310 Series freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet werden. Error - 13.02.2013 03:56:32 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7001 Description = Error - 13.02.2013 03:56:32 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000 Description = Error - 13.02.2013 03:56:32 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7023 Description = Error - 13.02.2013 04:51:43 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000 Description = Error - 13.02.2013 04:57:48 | Computer Name = Zickchen | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 13.02.2013 um 09:56:49 unerwartet heruntergefahren. Error - 13.02.2013 04:59:16 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000 Description = Error - 13.02.2013 05:01:06 | Computer Name = Zickchen | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 13.02.2013 um 09:59:39 unerwartet heruntergefahren. Error - 13.02.2013 05:02:20 | Computer Name = Zickchen | Source = Service Control Manager | ID = 7000 Description = < End of report > Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net Rootkit scan 2013-02-13 12:11:13 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\00000049 ST332062 rev.3.AD 298,09GB Running: gmer_2.0.18454.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\pwdcypoc.sys ---- System - GMER 2.0 ---- SSDT 8C3C53E6 ZwCreateSection SSDT 8C3C53F0 ZwRequestWaitReplyPort SSDT 8C3C53EB ZwSetContextThread SSDT 8C3C53F5 ZwSetSecurityObject SSDT 8C3C53FA ZwSystemDebugControl SSDT 8C3C5387 ZwTerminateProcess ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!KeSetEvent + 215 822EB8D8 4 Bytes [E6, 53, 3C, 8C] {OUT 0x53, AL; CMP AL, 0x8c} .text ntkrnlpa.exe!KeSetEvent + 539 822EBBFC 4 Bytes [F0, 53, 3C, 8C] {PUSH EBX; CMP AL, 0x8c} .text ntkrnlpa.exe!KeSetEvent + 56D 822EBC30 4 Bytes [EB, 53, 3C, 8C] {JMP 0x55; CMP AL, 0x8c} .text ntkrnlpa.exe!KeSetEvent + 5D1 822EBC94 4 Bytes [F5, 53, 3C, 8C] {CMC ; PUSH EBX; CMP AL, 0x8c} .text ntkrnlpa.exe!KeSetEvent + 619 822EBCDC 4 Bytes [FA, 53, 3C, 8C] {CLI ; PUSH EBX; CMP AL, 0x8c} .text ... ---- User code sections - GMER 2.0 ---- .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] ntdll.dll!LdrLoadDll 77929378 5 Bytes JMP 567A3C70 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] kernel32.dll!HeapSetInformation + 26 7745A8B0 7 Bytes JMP 567C553C C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] kernel32.dll!LockResource + C 77476ACB 7 Bytes JMP 56AF6073 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] kernel32.dll!VirtualAllocEx + 54 7747AF50 7 Bytes JMP 56AF6096 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[2920] GDI32.dll!SetStretchBltMode + 256 7638745C 7 Bytes JMP 56AF5FF4 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272829b2e Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272829b2e@a8f2743e4926 0x6C 0x46 0xE5 0xF2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272829b2e@04180f06dab2 0x52 0xAA 0x95 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272829b2e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272829b2e@a8f2743e4926 0x6C 0x46 0xE5 0xF2 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272829b2e@04180f06dab2 0x52 0xAA 0x95 0x00 ... ---- Files - GMER 2.0 ---- File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A5.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A6.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A7.log 0 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A8.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS068A9.log 0 bytes ---- EOF - GMER 2.0 ---- Geändert von DieSarah (13.02.2013 um 12:28 Uhr) Grund: Log-Files als Code angehängt! |
13.02.2013, 13:41 | #2 |
/// Malware-holic | System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! hi
__________________steht nicht in der Anleitung deutlich, das du beim TDSS killer nichts löschen sollst? http://www.trojaner-board.de/125889-...en-posten.html bitte Malwarebytes Logs mit funden posten. c: öffnen TDSSkiller-Version-Datum.txt öffnen, Inhalt posten bitte.
__________________ |
13.02.2013, 13:51 | #3 |
| System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Hallo Zurück,
__________________sorry, ich habe von meinem Freund einen USB-Stick mit den 4 Programmen bekommen und habe diese dann ausgeführt. Hier das Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.12.10 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19393 Sarah :: ZICKCHEN [Administrator] Schutz: Aktiviert 12.02.2013 23:40:30 mbam-log-2013-02-12 (23-40-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 600800 Laufzeit: 2 Stunde(n), 22 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\Software\Microsoft\Windows\CurrentVersion\Run|java.exe (Trojan.Agent) -> Daten: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\java.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 5 HKCU\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter [InfectedObject] Type: Service Name: FsUsbExDisk Type: Kernel driver (0x1) Start: Demand (0x3) ImagePath: \??\C:\Windows\system32\FsUsbExDisk.SYS Code:
ATTFilter [InfectedObject] Type: Service Name: SSPORT Type: Kernel driver (0x1) Start: Auto (0x2) ImagePath: \??\C:\Windows\system32\Drivers\SSPORT.sys Code:
ATTFilter [InfectedFile] Type: Raw image Src: C:\Windows\system32\FsUsbExDisk.SYS md5: 790A4CA68F44BE35967B3DF61F3E4675 Sarah Hallo nochmal, Und ich muss gestehen, ich habe gehofft das Ganze ohne Forenhilfe in den Griff zu bekommen. Ich hoffe, es macht das Ganze nun nicht noch komplizierter! |
13.02.2013, 18:31 | #4 |
/// Malware-holic | System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Hi na n bissel mehr Arbeit schon. Gerätetyp und hersteller deines PC's bräuchte ich Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
13.02.2013, 22:28 | #5 |
| System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! so, nach dem Dienst gleich wieder an den PC. Vielen Dank für die schnelle Antwort und sorry für den Mehraufwand. Ich nutze einen Dell Desktop PC Hier das Logfile von Combofix: Code:
ATTFilter ComboFix 13-02-13.02 - Sarah 13.02.2013 21:51:45.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1034 [GMT 1:00] ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\roma1.exe c:\programdata\URdEIoPdlrOf c:\users\Sarah\AppData\Local\TempDIR c:\users\Sarah\AppData\Local\TempDIR\ApnIC.dll c:\users\Sarah\AppData\Local\TempDIR\ApnStub.exe c:\users\Sarah\AppData\Local\TempDIR\ApnToolbarInstaller.exe c:\windows\system32\muzapp.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-13 bis 2013-02-13 )))))))))))))))))))))))))))))) . . 2013-02-13 21:02 . 2013-02-13 21:17 -------- d-----w- c:\users\Sarah\AppData\Local\temp 2013-02-13 21:02 . 2013-02-13 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-13 07:55 . 2013-02-13 07:55 -------- d-----w- C:\TDSSKiller_Quarantine 2013-02-12 21:59 . 2013-02-12 21:59 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes 2013-02-12 21:58 . 2013-02-12 21:58 -------- d-----w- c:\programdata\Malwarebytes 2013-02-12 21:58 . 2013-02-12 21:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-12 21:58 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-06 09:00 . 2013-02-06 09:00 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 7 2013-02-04 15:30 . 2013-02-04 15:30 -------- d-----w- c:\users\Sarah\AppData\Local\JTL-Software-GmbH 2013-02-04 15:23 . 2013-02-04 15:23 -------- d-----w- c:\program files\JTL-Software 2013-02-04 10:21 . 2013-02-04 10:21 -------- d-----w- c:\windows\PCHEALTH 2013-02-04 10:21 . 2013-02-05 02:07 -------- d-----w- c:\program files\Microsoft SQL Server 2013-02-04 07:21 . 2013-02-04 07:27 -------- d-----w- c:\users\Sarah\AppData\Roaming\Download Manager 2013-02-04 07:07 . 2013-02-04 15:37 -------- d-----w- c:\users\Sarah\AppData\Roaming\jtl-software 2013-01-22 21:13 . 2013-01-22 21:13 -------- d-----w- c:\users\Sarah\AppData\Roaming\PDAppFlex 2013-01-22 16:24 . 2013-01-22 16:24 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2013-01-22 16:06 . 2013-01-22 16:06 -------- d-----w- c:\users\Sarah\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-01-22 16:06 . 2013-01-22 16:06 -------- d-----w- c:\program files\Adobe Download Assistant . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-18 09:06 . 2011-05-13 20:15 4659712 ----a-w- c:\windows\system32\Redemption.dll 2012-12-18 09:06 . 2012-07-27 12:59 821824 ----a-w- c:\windows\system32\dgderapi.dll 2012-12-18 09:06 . 2012-07-27 12:59 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2012-12-18 09:06 . 2012-07-27 12:59 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2012-12-16 13:12 . 2012-12-21 17:13 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-21 17:13 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-11-25 23:25 . 2012-11-25 23:25 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1031\ResourceCache.dll 2012-11-25 23:25 . 2012-11-24 17:01 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2012-11-24 17:02 . 2012-11-24 17:02 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll 2012-11-24 17:02 . 2012-11-24 17:02 348256 ----a-w- c:\programdata\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll 2012-11-20 04:22 . 2013-01-10 07:03 204288 ----a-w- c:\windows\system32\ncrypt.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-01 348664] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\63429852.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71949710.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FILSHtray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FILSHtray.lnk backup=c:\windows\pss\FILSHtray.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2012-12-20 17:44 844296 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload] 2012-12-20 17:44 1476104 ----a-w- c:\program files\Samsung\Kies\Kies.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2012-12-20 17:44 310280 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr] 2009-12-09 14:01 606208 ----a-w- c:\windows\Samsung\PanelMgr\SSMMgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-02 10:56 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - LAVASOFT_KERNEXPLORER . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-01 17:50 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2011-09-07 c:\windows\Tasks\Ad-Aware Scan (1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 21:31] . 2013-02-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 21:31] . 2012-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 08:58] . 2013-01-22 c:\windows\Tasks\AdobeAAMUpdater-1.0-Zickchen-Sarah.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-01-22 05:09] . 2013-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce0511f88db7a0.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 15:16] . 2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 15:16] . 2010-12-20 c:\windows\Tasks\{044C4D92-9473-4349-B9B4-19B3D8BCE834}.job - c:\program files\Mozilla Firefox 4.0 Beta 7\firefox.exe [2013-02-06 09:00] . 2011-04-25 c:\windows\Tasks\{39AA526E-50C2-47E3-8642-1C8242F56EB5}.job - c:\program files\Mozilla Firefox 4.0 Beta 7\firefox.exe [2013-02-06 09:00] . 2011-04-25 c:\windows\Tasks\{3BBE230C-11BD-4CAD-B8A3-B3406A0EDCF7}.job - c:\program files\Mozilla Firefox 4.0 Beta 7\firefox.exe [2013-02-06 09:00] . 2011-04-25 c:\windows\Tasks\{C8C0495B-6E78-4401-84D6-7E406285FBAC}.job - c:\program files\Mozilla Firefox 4.0 Beta 7\firefox.exe [2013-02-06 09:00] . 2010-12-20 c:\windows\Tasks\{E6DA6172-8A76-4472-A358-C4DCC8F79A23}.job - c:\program files\Mozilla Firefox 4.0 Beta 7\firefox.exe [2013-02-06 09:00] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://ebay.de/ IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mwerl0sq.default\ FF - prefs.js: browser.startup.homepage - Bild.de FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - ExtSQL: !HIDDEN! 2010-01-27 03:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe HKCU-Run-URdEIoPdlrOf.exe - c:\programdata\URdEIoPdlrOf.exe MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe MSConfigStartUp-EzPrint - c:\program files\Lexmark 2300 Series\ezprint.exe MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-02-13 22:17 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2013-02-13 22:21:44 ComboFix-quarantined-files.txt 2013-02-13 21:21 . Vor Suchlauf: 14 Verzeichnis(se), 27.032.539.136 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 27.619.450.880 Bytes frei . - - End Of File - - B35AC19AE8F3CDE2D11580AE68E8F62A |
14.02.2013, 11:27 | #6 |
/// Malware-holic | System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! hi dann geh mal bitte auf die Hersteller seite, und gib dort bei den download möglichkeiten für treiber deine Gerätenummer ein, und update treiber + Hilfsprogramme
__________________ --> System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! |
14.02.2013, 18:16 | #7 |
| System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Guten Abend;-) Done - habe etliche Treiber aktualisiert und Dell sagt, mein System ist okay. |
14.02.2013, 18:21 | #8 |
/// Malware-holic | System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Hi sehr gut! lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.02.2013, 19:13 | #9 | |
| System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Erledigt - was da von Microsoft benötigt wird und was nicht kann ich nicht sagen - da hab ich leider keine Ahnung. Nicht benötigte Programme gibts bei mir kaum - die werden gleich deinstalliert. Vielen Dank! Zitat:
|
14.02.2013, 19:21 | #10 |
/// Malware-holic | System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Widget FILSHtray Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Unity Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.02.2013, 22:43 | #11 |
| System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Hey, vielen Dank weiters - ich bin echt froh das es Euch gibt hier. Hier nun das Logfile vom ADW-Cleaner: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 14/02/2013 um 22:39:26 erstellt # Aktualisiert am 10/02/2013 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Sarah - ZICKCHEN # Bootmodus : Normal # Ausgeführt unter : C:\Users\Sarah\Desktop\AdwCleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mwerl0sq.default\searchplugins\SweetIm.xml Ordner Gelöscht : C:\Program Files\ICQ6Toolbar Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar Ordner Gelöscht : C:\ProgramData\Trymedia Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mwerl0sq.default\SweetIMToolbarData ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\ImInstaller Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\Software\ImInstaller ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.6001.19400 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com -\\ Mozilla Firefox v18.0.2 (de) Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mwerl0sq.default\prefs.js C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\mwerl0sq.default\user.js ... Gelöscht ! Gelöscht : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q="); Gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Gelöscht : user_pref("sweetim.toolbar.mode.debug", "false"); Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties"[...] Gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...] Gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10"); Gelöscht : user_pref("sweetim.toolbar.simapp_id", "{8CAE4888-4A8C-11E0-92F0-00188B5D0CB8}"); Gelöscht : user_pref("sweetim.toolbar.version", "1.2.0.2"); -\\ Google Chrome v24.0.1312.57 Datei : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [3091 octets] - [14/02/2013 22:39:26] ########## EOF - C:\AdwCleaner[S1].txt - [3151 octets] ########## |
14.02.2013, 22:46 | #12 |
/// Malware-holic | System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Hi, lade bitte Hitmanpro: HitmanPro - Download - Filepony Doppelklicken, Lizenz, Testlizenz. Dann auf Scan, ersteinmal nichts löschen, weiter, Log als XML exportieren und posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.02.2013, 23:05 | #13 |
| System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Guten Abend Dir, es gibt auch nichts zum löschen;-) Hier das Log: Code:
ATTFilter HitmanPro 3.7.2.188 www.hitmanpro.com Computer name . . . . : ZICKCHEN Windows . . . . . . . : 6.0.2.6002.X86/2 User name . . . . . . : Zickchen\Sarah UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-02-14 22:55:37 Scan mode . . . . . . : Normal Scan duration . . . . : 5m 48s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 0 Traces . . . . . . . : 0 Objects scanned . . . : 2.555.535 Files scanned . . . . : 86.408 Remnants scanned . . : 1.193.012 files / 1.276.115 keys Vielen Dank sagt Sarah |
14.02.2013, 23:22 | #14 |
/// Malware-holic | System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! Hi, gab doch keinen Grund für Beschwerden, wir sind doch gut Klargekommen otl fix Fixen mit OTL
Code:
ATTFilter :OTL IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\URLSearchHook: - No CLSID value found FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" [2011.03.09 21:33:58 | 000,003,915 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\mwerl0sq.default\searchplugins\sweetim.xml O3 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1348431092-3509530480-2247138941-1000..\Run: [URdEIoPdlrOf.exe] C:\ProgramData\URdEIoPdlrOf.exe File not found O33 - MountPoints2\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\ICM_ML.exe O33 - MountPoints2\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{9f38e349-090b-11df-abee-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9f38e349-090b-11df-abee-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Viewsonic.exe O33 - MountPoints2\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\Shell - "" = AutoRun O33 - MountPoints2\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a :files :Commands [emptytemp]
Starte bitte neu, teste, wie PC + Programme wie Browser laufen, auch den IE mittesten, ungewollte toolbars, umleitungen etc.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.02.2013, 23:49 | #15 |
| System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte!Vielen Dank. Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1348431092-3509530480-2247138941-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-1348431092-3509530480-2247138941-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found. Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2q=" removed from keyword.URL Prefs.js: "chrome://browser-region/locale/region.properties" removed from sweetim.toolbar.previous.keyword.URL File C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\mwerl0sq.default\searchplugins\sweetim.xml not found. Registry value HKEY_USERS\S-1-5-21-1348431092-3509530480-2247138941-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found. Registry value HKEY_USERS\S-1-5-21-1348431092-3509530480-2247138941-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage not found. Registry value HKEY_USERS\S-1-5-21-1348431092-3509530480-2247138941-1000\Software\Microsoft\Windows\CurrentVersion\Run\\URdEIoPdlrOf.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40e03e66-81bf-11e1-8998-00188b5d0cb8}\ not found. File K:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40e03e68-81bf-11e1-8998-00188b5d0cb8}\ not found. File K:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c52767-d7e0-11e1-8af0-00188b5d0cb8}\ not found. File K:\ICM_ML.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{805f2cea-7ffd-11e1-bccf-00188b5d0cb8}\ not found. File L:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{805f2cff-7ffd-11e1-bccf-00188b5d0cb8}\ not found. File K:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38e349-090b-11df-abee-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f38e349-090b-11df-abee-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38e349-090b-11df-abee-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f38e349-090b-11df-abee-806e6f6e6963}\ not found. File F:\Viewsonic.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1d2fc11-b2f0-11df-a9b6-00188b5d0cb8}\ not found. File K:\LaunchU3.exe -a not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Sarah ->Temp folder emptied: 359226 bytes ->Temporary Internet Files folder emptied: 6372522 bytes ->Java cache emptied: 404728077 bytes ->FireFox cache emptied: 99951064 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 14913136 bytes %systemdrive% .tmp files removed: 14648 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 502,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02142013_233429 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Die Browser laufen ohne Probleme. Toolbar gibbet nicht - dachte ich vorher zwar auch - aber ich sehe so auch nichts mehr. Programme lassen sich normal starten - eigentlich ist alles wie gehabt. Vielen lieben Dank Dir! |
Themen zu System Repair auf Vista erfolgreich eliminieren - brauche Hilfe, bitte! |
ad-aware, antivir, autorun, avira, bluescreen, cdburnerxp, desktop, error, excel, firefox, flash player, google, home, iexplore.exe, install.exe, netzwerk, ntdll.dll, office 2007, plug-in, problem, registry, rundll, scan, security, server, software, svchost.exe, system, vista, visual studio |