| |
| |||||||
Log-Analyse und Auswertung: Meldung vom web.de Abuse TeamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.02.2013, 21:11
| #1 |
 |  Meldung vom web.de Abuse Team Hallo zusammen :-) Ich habe vor 2 Tagen eine Email vom web.de Abuse-Team bekommen: Code:
ATTFilter Sehr geehrte/r X,
nach einer großen Anzahl von Spambeschwerden droht Ihrem WEB.DE-Postfach
eine Sperre.
Von Ihrem Postfach versendete E-Mails wurden von zahlreichen Empfängern als
Spam markiert. Entweder wird Ihr Postfach ohne Ihr Wissen durch einen
Virus missbraucht, oder Sie versenden einen Newsletter, den Ihre Empfänger als
Spam markieren.
In beiden Fällen gefährden diese Spambeschwerden das WEB.DE-Mail-System. Um eine
Sperre Ihres Postfaches zu verhindern, prüfen Sie bitte umgehend beide Alternativen.
*****************************************************************************
I. Wird Ihr Postfach zum Spamversand missbraucht?
*****************************************************************************
Hat sich ein Dritter oder ein Computervirus die Zugangsdaten zu Ihrem Postfach
verschafft und missbraucht es zum Spamversand, gehen Sie wie folgt vor:
1. Säubern Sie Ihren Rechner von Viren und anderer schädlicher Software.
Unter dem folgenden Link finden Sie stets die aktuelle Version des von uns
empfohlenen Virenscanners: hxxp://www.pc-sicherheit.web.de
2. Ändern Sie das Zugangs-Passwort zu Ihrem WEB.DE Postfach und sichern Sie es
vor dem Zugriff von unberechtigten Dritten. Tipp: Damit entziehen Sie den
Hackern den Zugriff zu Ihrem Postfach, ändern Sie das Passwort daher ganz
unabhängig vom Ergebnis des Virenscans.
*****************************************************************************
II. Haben Sie selbst einen Newsletter versandt?
*****************************************************************************
Versenden Sie selbst einen Newsletter oder andere Massenmails, überprüfen Sie
diese anhand der folgenden Checkliste:
1. Versenden Sie stets nur an Empfänger, die Ihnen zuvorbestätigt haben, dass
Sie Werbemails von Ihnen erhalten wollen ('Confirmed-OptIn').
2. Fügen Sie stets einen Link zur Abmeldung ein. Dieser Link sollte bereits die
Adresse des Empfängers beinhalten, sodass zur Abmeldung nur noch ein Klick
notwendig ist ('One-Click-Unsubscribe').
3. Ergänzen Sie HTML-Format stets durch durch reines Text-Format. Sie verhindern
dadurch, dass Empfänger Ihre E-Mail nur deswegen als Spam markieren, weil sie
eine reine Text-Formatanzeige nutzen.
Teilen Sie anschließend unserer Hotline die durchgeführten Maßnahmen mit. Das
Postfach wird dann wieder frei geschaltet.
Sollten Sie Fragen haben, helfen Ihnen unsere qualifizierten Mitarbeiter in
einem persönlichen Gespräch gerne weiter.
Hotline: 09001-93 23 30 (1,86 Euro/Min. aus dem deutschen Festnetz)
Sie erreichen uns montags bis freitags von 8-21 Uhr, sowie am Wochenende von
10-18 Uhr.
Für Ihre Mitwirkung bedanken wir uns schon jetzt und freuen uns auf eine
weiterhin erfolgreiche Zusammenarbeit.
Mit freundlichen Grüßen
Ihr Abuse-Team
-- Abuse-Abteilung WEB.DE hxxp://web.de/Impressum
OTL.txt: Code:
ATTFilter OTL logfile created on: 15.02.2013 20:51:33 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mari\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 62,08% Memory free 7,86 Gb Paging File | 6,25 Gb Available in Paging File | 79,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 381,76 Gb Free Space | 84,34% Space Free | Partition Type: NTFS Computer Name: MAREN-PC | User Name: PepsiPurzel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mari\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Mari\AppData\Local\Programs\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\js3250.dll () MOD - C:\Users\Mari\AppData\Roaming\Thunderbird\Profiles\xiiv5li5.default\extensions\mintrayr@tn123.ath.cx\platform\WINNT_x86-msvc\components\trayToolkit.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-15 20:42:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\PEPSIP~1\AppData\Local\Temp\pwloypow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes [9D, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes [9D, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes [9D, 76]
.text ... * 9
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes [9D, 76]
.text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes [9D, 76]
.text ... * 9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes [9D, 76]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[1284] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000769d1401 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000769d1419 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000769d1431 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000769d144a 2 bytes [9D, 76]
.text ... * 9
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769d14dd 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769d14f5 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000769d150d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000769d1525 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000769d153d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000769d1555 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000769d156d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000769d1585 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000769d159d 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769d15b5 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769d15cd 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769d16b2 2 bytes [9D, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3076] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769d16bd 2 bytes [9D, 76]
---- Threads - GMER 2.0 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4204:4732] 000007fefba92a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4204:4740] 000007fef12ad618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4204:4900] 000007fef12ad618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4204:4476] 000007fef8ba5124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4204:1892] 000007fef1249730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4204:2000] 000007fef12ad618
---- EOF - GMER 2.0 ----
 |
|
16.02.2013, 02:14
| #2 |
| /// Helfer-Team  | Meldung vom web.de Abuse Team die OTL.txt ist unvollstaendig! Bitte nochmal posten! Downloade Dir bitte  Malwarebytes Anti-Malware
__________________ |
|
16.02.2013, 09:29
| #3 |
| | Meldung vom web.de Abuse Team OTL.Txt (QuickScan ist doch richtig oder? Die beiden Anleitungen widersprechen sich da):
__________________Code:
ATTFilter OTL logfile created on: 16.02.2013 08:55:22 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mari\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 65,94% Memory free 7,86 Gb Paging File | 6,39 Gb Available in Paging File | 81,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 381,75 Gb Free Space | 84,33% Space Free | Partition Type: NTFS Computer Name: MAREN-PC | User Name: PepsiPurzel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mari\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll () MOD - C:\Program Files (x86)\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (S3XXx64) -- C:\Windows\SysNative\drivers\S3XXx64.sys (SCM Microsystems Inc.) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1001\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1001\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933 IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2092347865-3913838669-3962734698-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( ) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.03 09:20:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.02.10 13:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.06.24 10:05:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2092347865-3913838669-3962734698-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2092347865-3913838669-3962734698-1002\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run File not found O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2092347865-3913838669-3962734698-1002..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Mari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Verknüpfung.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7882EEEB-5301-4FBD-B7CD-EC0DC3A174AD}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH) O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax (ACE GmbH) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.15 20:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.02.15 20:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.15 20:17:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.02.15 20:16:53 | 000,000,000 | ---D | C] -- C:\Users\PepsiPurzel\AppData\Roaming\Avira [2013.02.15 20:11:22 | 000,000,000 | ---D | C] -- C:\Users\PepsiPurzel\Documents\samsung [2013.02.14 21:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.14 21:24:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2013.02.16 08:39:50 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092347865-3913838669-3962734698-1002UA.job [2013.02.16 08:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.16 07:55:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.16 07:55:36 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.16 07:47:44 | 3166,150,656 | -HS- | M] () -- C:\hiberfil.sys [2013.02.15 16:36:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092347865-3913838669-3962734698-1002Core.job [2013.02.15 05:23:46 | 000,315,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.14 22:22:01 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.14 22:22:01 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.14 22:22:01 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.14 22:22:01 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.14 22:22:01 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.14 21:24:43 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.14 20:53:52 | 000,000,000 | ---- | M] () -- C:\Users\PepsiPurzel\defogger_reenable [2013.02.09 13:56:30 | 000,000,316 | ---- | M] () -- C:\Windows\wininit.ini ========== Files Created - No Company Name ========== [2013.02.14 20:53:52 | 000,000,000 | ---- | C] () -- C:\Users\PepsiPurzel\defogger_reenable [2012.09.25 18:23:53 | 000,170,057 | ---- | C] () -- C:\Windows\hpwins26.dat [2012.09.25 18:23:52 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat [2012.02.10 13:27:49 | 000,000,316 | ---- | C] () -- C:\Windows\wininit.ini [2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.09.16 10:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.09.16 10:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.09.16 10:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.09.16 10:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.06.23 13:07:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.05 16:12:56 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\FileZilla [2013.02.04 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\gtk-2.0 [2012.11.06 21:24:05 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\ICQ [2011.06.24 09:22:03 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\LibreOffice [2011.06.28 13:45:23 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Opera [2011.10.29 08:08:48 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Samsung [2011.06.23 14:24:57 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Thunderbird [2012.08.16 10:20:37 | 000,000,000 | ---D | M] -- C:\Users\Mari\AppData\Roaming\Tibo Software [2012.11.09 13:15:08 | 000,000,000 | ---D | M] -- C:\Users\PepsiPurzel\AppData\Roaming\FileZilla [2011.06.29 07:47:00 | 000,000,000 | ---D | M] -- C:\Users\PepsiPurzel\AppData\Roaming\LibreOffice [2011.10.29 08:02:57 | 000,000,000 | ---D | M] -- C:\Users\PepsiPurzel\AppData\Roaming\Samsung ========== Purity Check ========== < End of report > Das mbam-log: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.16.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Mari :: MAREN-PC [limited] 16.02.2013 09:18:06 mbam-log-2013-02-16 (09-18-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206021 Time elapsed: 5 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
16.02.2013, 17:58
| #4 |
| /// Helfer-Team | Meldung vom web.de Abuse Team Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
[2013.02.15 20:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\PepsiPurzel\*.tmp
C:\Users\PepsiPurzel\AppData\*.dll
C:\Users\PepsiPurzel\AppData\*.exe
C:\Users\PepsiPurzel\AppData\Local\Temp\*.exe
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
16.02.2013, 20:41
| #5 |
| | Meldung vom web.de Abuse Team Eine Nachfrage: PepsiPurzel ist der Admin-Benutzer. Der benutzte Benutzer heißt Mari. Ist das gewollt, dass das Script nur über den Admin-Benutzer läuft? Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
[2013.02.15 20:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\PepsiPurzel\*.tmp
C:\Users\PepsiPurzel\AppData\*.dll
C:\Users\PepsiPurzel\AppData\*.exe
C:\Users\PepsiPurzel\AppData\Local\Temp\*.exe
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
|
|
16.02.2013, 21:21
| #6 |
| /// Helfer-Team | Meldung vom web.de Abuse TeamCode:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
[2013.02.15 20:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.09.16 10:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\PepsiPurzel\*.tmp
C:\Users\PepsiPurzel\AppData\*.dll
C:\Users\PepsiPurzel\AppData\*.exe
C:\Users\PepsiPurzel\AppData\Local\Temp\*.exe
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\Mari\*.tmp
C:\Users\Mari\AppData\*.dll
C:\Users\Mari\AppData\*.exe
C:\Users\Mari\AppData\Local\Temp\*.exe
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Verwende diesen.
__________________ --> Meldung vom web.de Abuse Team |
|
17.02.2013, 10:41
| #7 |
| | Meldung vom web.de Abuse Team So, hier sind die Logs :-) OTL: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\ProgramData\boost_interprocess\3D08C0E6B20BCE01 folder moved successfully.
C:\ProgramData\boost_interprocess folder moved successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\PepsiPurzel\*.tmp not found.
File\Folder C:\Users\PepsiPurzel\AppData\*.dll not found.
File\Folder C:\Users\PepsiPurzel\AppData\*.exe not found.
C:\Users\PepsiPurzel\AppData\Local\Temp\ffunzip.exe moved successfully.
C:\Users\PepsiPurzel\AppData\Local\Temp\GLF363F.tmp.ConduitEngineSetup.exe moved successfully.
C:\Users\PepsiPurzel\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe moved successfully.
C:\Users\PepsiPurzel\AppData\Local\Temp\MSNCB9A.exe moved successfully.
C:\Users\PepsiPurzel\AppData\Local\Temp\Shortcut_sweetimsetup.exe moved successfully.
C:\Users\PepsiPurzel\AppData\Local\Temp\SIMEEIInstaller.exe moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\PepsiPurzel\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File\Folder C:\Users\Mari\*.tmp not found.
File\Folder C:\Users\Mari\AppData\*.dll not found.
File\Folder C:\Users\Mari\AppData\*.exe not found.
C:\Users\Mari\AppData\Local\Temp\53e83dd5315bfb1f928441c9b4618b68.exe moved successfully.
C:\Users\Mari\AppData\Local\Temp\GoogleUpdateSetup.exe126f932 moved successfully.
C:\Users\Mari\AppData\Local\Temp\GoogleUpdateSetup.exe1183fd2 moved successfully.
C:\Users\Mari\AppData\Local\Temp\GoogleUpdateSetup.exe12f0b5b moved successfully.
C:\Users\Mari\AppData\Local\Temp\GoogleUpdateSetup.exe240a7af moved successfully.
C:\Users\Mari\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Mari\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mari\Desktop\cmd.bat deleted successfully.
C:\Users\Mari\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 752126 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Maren
->Temp folder emptied: 163170 bytes
->Temporary Internet Files folder emptied: 280711 bytes
->Flash cache emptied: 75 bytes
User: Mari
->Temp folder emptied: 801915287 bytes
->Temporary Internet Files folder emptied: 16782762 bytes
->Google Chrome cache emptied: 543343703 bytes
->Opera cache emptied: 23860167 bytes
->Flash cache emptied: 141705 bytes
User: PepsiPurzel
->Temp folder emptied: 382179881 bytes
->Temporary Internet Files folder emptied: 18272587 bytes
->Flash cache emptied: 747 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 496951300 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 11722 bytes
Total Files Cleaned = 2.179,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02172013_094344
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.17.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
PepsiPurzel :: MAREN-PC [administrator]
17.02.2013 10:14:22
mbar-log-2013-02-17 (10-14-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28961
Time elapsed: 9 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v2.112 - Datei am 17/02/2013 um 10:31:01 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : PepsiPurzel - MAREN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mari\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Users\Mari\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Mari\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\PepsiPurzel\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\PepsiPurzel\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\PepsiPurzel\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\PepsiPurzel\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Ask&Record
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Web-Suche
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 --> hxxp://www.google.com
*************************
AdwCleaner[S1].txt - [6917 octets] - [17/02/2013 10:31:01]
########## EOF - \AdwCleaner[S1].txt - [6977 octets] ##########
|
|
18.02.2013, 02:17
| #8 |
| /// Helfer-Team | Meldung vom web.de Abuse Team Gibt es vielleicht noch andere Rechner im Haushalt? Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
18.02.2013, 16:38
| #9 |
| | Meldung vom web.de Abuse Team Einen anderen Rechner gibt es noch, ja, allerdings wurde der nicht für den Zugriff auf die Mails genutzt. Dafür wurde ansonsten nur noch ein Android-Handy genutzt. AswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-18 08:12:36
-----------------------------
08:12:36.236 OS Version: Windows x64 6.1.7601 Service Pack 1
08:12:36.236 Number of processors: 2 586 0x170A
08:12:36.236 ComputerName: MAREN-PC UserName:
08:12:37.989 Initialize success
08:12:49.359 AVAST engine defs: 13021702
08:13:22.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:13:22.406 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
08:13:22.422 Disk 0 MBR read successfully
08:13:22.422 Disk 0 MBR scan
08:13:22.453 Disk 0 Windows 7 default MBR code
08:13:22.469 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
08:13:22.500 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
08:13:22.516 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824
08:13:22.562 Disk 0 scanning C:\Windows\system32\drivers
08:13:39.791 Service scanning
08:14:10.415 Modules scanning
08:14:10.415 Disk 0 trace - called modules:
08:14:10.446 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
08:14:10.963 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069a24b0]
08:14:10.963 3 CLASSPNP.SYS[fffff88001b3d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800476f050]
08:14:12.326 AVAST engine scan C:\Windows
08:14:16.797 AVAST engine scan C:\Windows\system32
08:19:36.348 AVAST engine scan C:\Windows\system32\drivers
08:19:57.263 AVAST engine scan C:\Users\PepsiPurzel
08:20:20.372 AVAST engine scan C:\ProgramData
08:21:48.500 Scan finished successfully
08:22:14.298 Disk 0 MBR has been saved successfully to "C:\Users\Mari\Desktop\MBR.dat"
08:22:14.298 The log file has been saved successfully to "C:\Users\Mari\Desktop\aswMBR.txt"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=714b743a7560fa48b9d04ca2639b4155
# engine=13177
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-18 08:55:01
# local_time=2013-02-18 09:55:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 94216 226600991 86992 0
# compatibility_mode=5893 16776573 100 94 87775 112807551 0 0
# scanned=163443
# found=0
# cleaned=0
# scan_time=5304
Windows 7 Service Pack 1 x64 Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java(TM) 6 Update 26 Java 7 Update 13 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.4.402.287 Flash Player out of Date! Adobe Reader 10.1.1 Adobe Reader out of Date! Mozilla Thunderbird (3.1.11) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
18.02.2013, 18:57
| #10 |
| /// Helfer-Team | Meldung vom web.de Abuse Team Alles Windows Updates einspielen, inkl. Internet Explorer! http://windowsupdate.microsoft.com Aktualisiere:
Deinstalliere: Java(TM) 6 Update 26 Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
18.02.2013, 20:08
| #11 |
| | Meldung vom web.de Abuse Team Im Opera (Hautpbrowser) erscheint eine weiße Seite und folgende Meldung: Code:
ATTFilter Java ist nicht Installiert oder nicht aktiviert.
Code:
ATTFilter Chrome 24.0.1312.57 ist aktuell
Flash (11,6,602,167) ist aktuell.
Java ist nicht Installiert oder nicht aktiviert.
undefined
|
|
19.02.2013, 19:21
| #12 |
| /// Helfer-Team | Meldung vom web.de Abuse Team Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
21.02.2013, 00:25
| #13 |
| | Meldung vom web.de Abuse Team Super und vielen vielen Dank Die Tools sind soweit entfernt, für die Links werde ich mir am Wochenende mal ein paar Stunden nehmen |
|
21.02.2013, 18:00
| #14 |
| /// Helfer-Team | Meldung vom web.de Abuse Teamwuensche eine virenfreie Zeit  |
|
| Themen zu Meldung vom web.de Abuse Team |
| abuse team, abuse-team, acer, adobe, alternative, antivir, anzeige, avg, avira, checkliste, email, explorer, frage, harddisk, home, launch, logfile, microsoft, mozilla, opera, programme, prüfen, scan, service.exe, temp, viren, windows, windows media player, wmp, ändern |
Linear-Darstellung
