| |
| |||||||
Log-Analyse und Auswertung: Delta Search nach Anleitung entfernt, logfile veröffentlicht:Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.03.2013, 20:33
| #1 |
 |  Delta Search nach Anleitung entfernt, logfile veröffentlicht: DS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 Run by media at 20:00:16 on 2013-03-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3950.2562 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\nvvsvc.exe C:\windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\System32\GFilterSvc.exe C:\windows\system32\rasmonur.exe C:\Users\media\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe C:\Users\media\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe C:\Program Files (x86)\Fighters\Tray\FightersTray.exe C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Fighters\FighterSuiteService.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\windows\system32\SearchIndexer.exe C:\windows\servicing\TrustedInstaller.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\svchost.exe -k WindowsMobile C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k SDRSVC C:\windows\System32\svchost.exe -k swprv C:\windows\system32\taskhost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uWindow Title = A1 Telekom Austria TA AG uSearch Page = hxxp://www.telekom.at/suche uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn uURLSearchHooks: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - <orphaned> uURLSearchHooks: {9d81af43-de53-48d0-a199-42c2a226b24c} - <orphaned> mWinlogon: Userinit = userinit.exe BHO: AutorunsDisabled - <orphaned> mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe mRun: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min StartupFolder: C:\Users\media\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\media\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: EnableLUA = dword:0 IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} TCP: NameServer = 10.0.0.138 TCP: Interfaces\{92D8A13D-4F94-466F-AAC1-EA1CF853EA42} : DHCPNameServer = 10.0.0.138 TCP: Interfaces\{CC4C7232-8742-4287-B774-57536F8BCF61} : DHCPNameServer = 10.0.0.138 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll x64-BHO: AutorunsDisabled - <orphaned> x64-Run: [Windows Mobile Device Center] C:\windows\WindowsMobile\wmdc.exe x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup x64-Run: [Ocs_SM] C:\Users\media\AppData\Roaming\OCS\SM\SearchAnonymizer.exe x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\l9e8a9sa.Hannes\ FF - prefs.js: browser.search.selectedEngine - Google Deutschland FF - prefs.js: browser.startup.homepage - hxxp://orf.at/ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll FF - plugin: C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll FF - plugin: C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-03-01 20:25; newtabgoogle@graememcc.co.uk; C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions\newtabgoogle@graememcc.co.uk.xpi FF - ExtSQL: !HIDDEN! 2013-03-01 17:49; firejump@firejump.net; C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions\firejump@firejump.net . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2013-2-23 27800] R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-4-26 13824] R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-23 86752] R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-23 110816] R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2013-2-23 99912] R2 GFilterSvc;G-Filter Service;C:\windows\System32\GFilterSvc.exe [2013-3-1 119808] R2 ktmutild;LSI_SCSI elxstor eHome-Infrarotempfänger;C:\windows\System32\rasmonur.exe [2013-3-1 118272] R2 SearchAnonymizer;SearchAnonymizer;C:\Users\media\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-3-1 40960] R2 SPAMfighter Update Service;SPAMfighter Update Service;C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [2013-1-15 216608] R2 Suite Service;Suite Service;C:\Program Files (x86)\Fighters\FighterSuiteService.exe [2012-11-12 1270376] R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2009-9-29 12728] R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-5-26 158720] R3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;C:\windows\System32\drivers\ttusb2bda_amd64.sys [2012-10-30 743808] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\windows\System32\drivers\lgandnetdiag64.sys [2012-7-3 29184] S3 ANDNetModem;LGE AndroidNet USB Modem;C:\windows\System32\drivers\lgandnetmodem64.sys [2012-7-3 36352] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2010-9-24 61280] S3 GemCCID;GemCCID;C:\windows\System32\drivers\GemCCID.sys [2009-8-10 119680] S3 massfilter;ZTE Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2011-10-7 11776] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);C:\windows\System32\drivers\s0017bus.sys [2008-10-21 113704] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;C:\windows\System32\drivers\s0017mdfl.sys [2008-10-21 19496] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;C:\windows\System32\drivers\s0017mdm.sys [2008-10-21 152616] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);C:\windows\System32\drivers\s0017mgmt.sys [2008-10-21 133160] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);C:\windows\System32\drivers\s0017nd5.sys [2008-10-21 34856] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;C:\windows\System32\drivers\s0017obex.sys [2008-10-21 128552] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);C:\windows\System32\drivers\s0017unic.sys [2008-10-21 145960] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-9-29 126392] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\windows\System32\Wat\WatAdminSvc.exe [2010-10-27 1255736] S4 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-10-26 65536] S4 fsssvc;Windows Live Family Safety-Dienst;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872] S4 Rezip;Rezip;C:\Windows\SysWOW64\Rezip.exe [2010-4-26 311296] S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-4-22 92592] . =============== Created Last 30 ================ . 2013-03-01 22:04:52 -------- d-----w- C:\Program Files (x86)\Nvu 2013-03-01 20:56:40 -------- d-----w- C:\Users\media\AppData\Roaming\Nvu 2013-03-01 16:56:49 -------- d-----w- C:\Users\media\AppData\Roaming\BuddyW 2013-03-01 16:51:03 -------- d-----w- C:\Program Files (x86)\BuddyW 2013-03-01 16:49:31 493056 ----a-w- C:\windows\SysWow64\dhRichClient3.dll 2013-03-01 16:49:31 338432 ----a-w- C:\windows\SysWow64\sqlite36_engine.dll 2013-03-01 16:49:17 -------- d-----w- C:\Users\media\AppData\Roaming\DesktopIconForAmazon 2013-03-01 16:49:16 119808 ----a-w- C:\windows\System32\GFilterSvc.exe 2013-03-01 16:49:15 118272 ----a-w- C:\windows\System32\rasmonur.exe 2013-03-01 16:49:12 -------- d-----w- C:\Users\media\AppData\Roaming\OCS 2013-02-23 11:23:46 -------- d-----w- C:\Users\media\AppData\Roaming\Avira 2013-02-23 11:18:20 99912 ----a-w- C:\windows\System32\drivers\avgntflt.sys 2013-02-23 11:18:20 27800 ----a-w- C:\windows\System32\drivers\avkmgr.sys 2013-02-23 11:18:20 -------- d-----w- C:\ProgramData\Avira 2013-02-23 11:18:20 -------- d-----w- C:\Program Files (x86)\Avira 2013-02-22 18:54:35 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC93C0B8-82BA-4446-A49E-622C9EE29DF9}\mpengine.dll 2013-02-14 06:58:19 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-02-14 06:58:18 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-02-14 06:58:18 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-02-14 06:58:09 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-02-14 06:58:00 1188864 ----a-w- C:\windows\System32\wininet.dll 2013-02-13 13:19:04 -------- d-----w- C:\Users\media\AppData\Roaming\Sibelius Software 2013-02-13 13:17:15 -------- d-----w- C:\Program Files (x86)\Sibelius Software 2013-02-08 09:53:31 -------- d-----w- C:\Users\media\Die Bibel von Jörg Sieger 2013-02-04 09:03:41 -------- d-----w- C:\Users\media\AppData\Roaming\LG Electronics 2013-02-04 09:02:20 -------- d-----w- C:\Users\media\AppData\Local\LG Electronics 2013-02-04 09:00:22 -------- d-----w- C:\Program Files (x86)\LG Electronics . ==================== Find3M ==================== . 2013-03-01 20:30:37 861088 ----a-w- C:\windows\SysWow64\npdeployJava1.dll 2013-03-01 20:30:37 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-02-27 13:49:09 71024 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 13:49:09 691568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-01-17 00:28:58 273840 ------w- C:\windows\System32\MpSigStub.exe 2013-01-04 05:46:09 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2012-12-27 12:50:02 6656 ----a-w- C:\windows\System32\bcmwlrc.dll 2012-12-20 12:53:51 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2012-12-20 12:02:26 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2012-12-20 11:20:29 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-12-16 17:11:22 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2003-03-21 12:45:22 250544 ----a-w- C:\Program Files (x86)\Common Files\keyhelp.ocx . ============= FINISH: 20:00:26,73 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 24.09.2010 18:44:13 System Uptime: 03.03.2013 19:48:48 (1 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R780 Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 2267/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 225 GiB total, 107,772 GiB free. D: is FIXED (NTFS) - 225 GiB total, 225,237 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP409: 19.02.2013 16:13:31 - Windows Update RP410: 22.02.2013 19:53:10 - Windows Update RP411: 01.03.2013 21:29:06 - Removed Java(TM) 6 Update 39 RP412: 01.03.2013 21:30:17 - Installed Java 7 Update 15 RP413: 01.03.2013 22:50:40 - Phase 5 HTML-Editor wird installiert RP414: 01.03.2013 23:02:28 - Phase 5 HTML-Editor wird entfernt RP415: 03.03.2013 19:36:08 - Removed Java 7 Update 15 RP416: 03.03.2013 19:38:07 - Removed Skype Click to Call . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Überwachungstool für die Intel® Turbo-Boost-Technik 7-Zip 9.20 (x64 edition) Adobe Acrobat Connect Add-in Adobe Connect Add-in Adobe Flash Player 11 Plugin Adobe Flash Player ActiveX Adobe Reader X (10.1.3) - Deutsch Amazon MP3-Downloader 1.0.9 aonFTP aonUpdate Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Client Installation Program Audacity 1.2.6 Audacity 1.3.13 (Unicode) Audiograbber 1.83 SE Avira Free Antivirus BatteryLifeExtender Bluetooth Stack for Windows by Toshiba Bonjour BRAdmin Professional 3 Broadcom 802.11 Network Adapter BufferChm CANON USB Video Driver Canorus CDBurnerXP CDex - Open Source Digital Audio CD Extractor Compatibility Pack für 2007 Office System Controller CyberLink PowerDVD 8 CyberLink PowerProducer CyberLink YouCam Desktop Icon für Amazon Destinations DocProc Dropbox DVD Shrink 3.2 DVR-Studio Light Easy Display Manager Easy Network Manager Easy SpeedUp Manager EasyBatteryManager FileZilla Client 3.5.1 FireJump FormatFactory 2.70 Free Mp3 Wma Converter V 2.1 FreeCommander 2009.02b FreeFixer FreeMind G-Filter GIMP 2.6.11 GPBaseService2 Hewlett-Packard ACLM.NET v1.1.0.0 Highspeed-Internet-Installation HotPotatoes v 6.3.0.4 HP Imaging Device Functions 13.0 HP Photosmart Essential 3.5 HP Scanjet G3010 HP Solution Center 13.0 HP Update hpg3010 HPPhotosmartEssential HPProductAssistant HyperCam 2 iCloud Intel(R) Rapid Storage Technology Intel(R) Turbo Boost Technology Driver iTunes Junk Mail filter update LAME v3.98.3 for Audacity LG PC Suite LG United Mobile Drivers Marvell Miniport Driver MatchWare Mediator 6 Pro Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (German) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (German) 2007 Microsoft Office InfoPath MUI (German) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (German) 2007 Microsoft Office Shared 64-bit MUI (German) 2007 Microsoft Office Shared MUI (German) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works MobileMe Control Panel Mobiles Internet für unterwegs Mozilla Firefox 19.0 (x86 de) Mozilla Maintenance Service Mozilla Thunderbird 16.0.2 (x86 de) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyPhoneExplorer Nuance OmniPage 17 NVIDIA Drivers Nvu 1.0 OCR Software by I.R.I.S. 13.0 OpenOffice.org 3.4.1 PDF-XChange Viewer QuickTime Realtek High Definition Audio Driver REALTEK Wireless LAN Software Safari Samsung R-Series Samsung Support Center Samsung Update Plus Scan SDP Downloader SearchAnonymizer Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Sibelius Scorch (Firefox, Opera, Netscape only) Skype™ 5.10 SLOW-PCfighter SolutionCenter Sony Ericsson Update Engine SPAMfighter Synaptics Pointing Device Driver Technotrend Viewer TomTom HOME 2.8.2.2264 TomTom HOME Visual Studio Merge Modules Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition VLC media player 2.0.2 WebReg Windows Live-Uploadtool Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer Windows Media Player Firefox Plugin Windows Mobile-Gerätecenter . ==== End Of File =========================== |
|
03.03.2013, 20:38
| #2 |
| /// Malware-holic   | Delta Search nach Anleitung entfernt, logfile veröffentlicht: hi was für ne Anleitung? wo sind die Ergebnisse?
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
03.03.2013, 21:45
| #3 |
| | Delta Search nach Anleitung entfernt, logfile veröffentlicht: Danke für die schnelle Antwort. Ich habe mit OTL gescannt und das OTL.TXT erhalten:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 03.03.2013 21:22:19 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\media\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 61,78% Memory free 7,71 Gb Paging File | 6,22 Gb Available in Paging File | 80,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 225,33 Gb Total Space | 107,77 Gb Free Space | 47,83% Space Free | Partition Type: NTFS Drive D: | 225,33 Gb Total Space | 225,24 Gb Free Space | 99,96% Space Free | Partition Type: NTFS Computer Name: HANNES-LAPTOP | User Name: media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.03 21:04:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\media\Downloads\OTL.exe PRC - [2013.02.23 12:10:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.02.23 12:09:30 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.02.23 12:09:30 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.01.20 20:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\media\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.01.15 18:02:34 | 000,216,608 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe PRC - [2013.01.15 18:02:30 | 001,460,768 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe PRC - [2012.11.13 11:11:56 | 001,405,544 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe PRC - [2012.11.12 13:47:38 | 001,270,376 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe ========== Modules (No Company Name) ========== MOD - [2013.01.15 18:02:52 | 000,541,216 | ---- | M] () -- C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll MOD - [2012.11.13 16:56:24 | 000,966,248 | ---- | M] () -- C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.03.01 17:49:16 | 000,119,808 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFilterSvc.exe -- (GFilterSvc) SRV:64bit: - [2013.03.01 17:49:15 | 000,118,272 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\rasmonur.exe -- (ktmutild) SRV:64bit: - [2009.09.29 16:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.03.01 17:49:12 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\media\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2013.02.27 15:36:54 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.27 14:49:09 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.23 12:10:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.23 12:09:30 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.15 18:02:34 | 000,216,608 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service) SRV - [2012.11.12 13:47:38 | 001,270,376 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.08.04 16:38:30 | 000,065,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe -- (BRA_Scheduler) SRV - [2010.04.12 09:45:36 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.05 10:54:50 | 000,311,296 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2005.02.09 12:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Disabled | Stopped] -- C:\Windows\SysWOW64\drivers\Pclepci.sys -- (PCLEPCI) SRV - [2004.06.13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Disabled | Stopped] -- C:\Windows\SysWOW64\BRSVC01A.EXE -- (Brother XP spl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.23 12:11:01 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.02.23 12:11:01 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.23 12:11:00 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.03 11:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem) DRV:64bit: - [2012.07.03 11:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag) DRV:64bit: - [2012.05.24 15:30:51 | 000,743,808 | ---- | M] (TechnoTrend Goerler GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ttusb2bda_amd64.sys -- (TTUSB2BDA_NTAMD64) DRV:64bit: - [2012.04.19 22:56:56 | 002,811,392 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.04.08 11:47:44 | 000,060,536 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb) DRV:64bit: - [2010.04.07 09:51:50 | 000,214,248 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd) DRV:64bit: - [2010.03.23 16:39:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd) DRV:64bit: - [2010.02.26 19:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.02.11 00:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.11.20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.29 16:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.09.19 15:54:01 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009.09.19 15:54:01 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009.09.19 15:54:01 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009.09.04 10:41:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.08.10 11:07:40 | 000,119,680 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID) DRV:64bit: - [2009.08.05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009.07.28 19:02:00 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom) DRV:64bit: - [2009.07.24 10:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.27 15:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009.06.19 09:00:00 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid) DRV:64bit: - [2009.06.19 08:59:00 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp) DRV:64bit: - [2009.06.17 11:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2008.10.21 09:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) DRV:64bit: - [2008.10.21 09:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex) DRV:64bit: - [2008.10.21 09:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) DRV:64bit: - [2008.10.21 09:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm) DRV:64bit: - [2008.10.21 09:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) DRV:64bit: - [2008.10.21 09:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl) DRV:64bit: - [2008.10.21 09:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) DRV:64bit: - [2007.06.25 08:42:30 | 000,130,088 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117unic.sys -- (s117unic) DRV:64bit: - [2007.06.25 08:42:30 | 000,123,432 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117obex.sys -- (s117obex) DRV:64bit: - [2007.06.25 08:42:30 | 000,031,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117nd5.sys -- (s117nd5) DRV:64bit: - [2007.06.25 08:42:24 | 000,144,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdm.sys -- (s117mdm) DRV:64bit: - [2007.06.25 08:42:24 | 000,125,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mgmt.sys -- (s117mgmt) DRV:64bit: - [2007.06.25 08:42:24 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117mdfl.sys -- (s117mdfl) DRV:64bit: - [2007.06.25 08:42:22 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s117bus.sys -- (s117bus) DRV - [2010.09.10 00:08:19 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 58 69 C7 75 F4 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=dc44274a-6d78-443f-85da-d6f82dbf8580&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{148BECD1-EDB2-41B9-AE98-5D564F5A8B82}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=dc44274a-6d78-443f-85da-d6f82dbf8580&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{60895B88-517F-4894-AA52-CEEAE02AE3A5}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=dc44274a-6d78-443f-85da-d6f82dbf8580&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{7F1D5535-CB7C-4B99-881E-68ECD0E87A71}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=dc44274a-6d78-443f-85da-d6f82dbf8580&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{B0C3825C-9DE5-41D3-85C4-1BCDE1AA8E38}: "URL" = [String data over 1000 bytes] IE - HKCU\..\SearchScopes\{CB784CF7-907F-4DA3-A901-B5C938C346D1}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=dc44274a-6d78-443f-85da-d6f82dbf8580&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{CF003369-2C25-40E5-B8DA-4CD6EFD8F2B0}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=dc44274a-6d78-443f-85da-d6f82dbf8580&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{D0D0E7B8-AE0D-4F8D-A497-CBAD0CB2BE02}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=dc44274a-6d78-443f-85da-d6f82dbf8580&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.orf.at" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.27 15:36:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 15:36:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.01 20:00:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions\firejump@firejump.net [2013.03.01 17:49:31 | 000,000,000 | ---D | M] [2011.11.26 12:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions [2010.10.25 18:04:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.26 12:30:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.03.03 19:27:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\dfio2783.default\extensions [2010.10.25 17:20:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\l5oa3pfx.default\extensions [2013.03.03 19:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions [2012.02.23 18:18:45 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013.03.01 17:49:31 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions\firejump@firejump.net [2013.03.01 20:25:41 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\l9e8a9sa.Hannes\extensions\newtabgoogle@graememcc.co.uk.xpi [2013.02.14 20:17:48 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\l9e8a9sa.Hannes\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.01 17:49:16 | 000,001,870 | ---- | M] () -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\dfio2783.default\searchplugins\{35D6DD55-0BBF-4C65-9303-39852916ABAD}.xml [2013.03.01 17:49:16 | 000,002,188 | ---- | M] () -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\dfio2783.default\searchplugins\{C260B0CA-0F0D-4D20-B6D7-ED9AE060E873}.xml [2013.03.01 17:49:16 | 000,002,077 | ---- | M] () -- C:\Users\media\AppData\Roaming\mozilla\firefox\profiles\dfio2783.default\searchplugins\{D641C376-7740-4817-BD35-45BC134C6B44}.xml [2013.03.03 19:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.02.27 15:36:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.02.27 15:36:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.27 15:36:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.02.27 15:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions [2013.02.27 15:36:46 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@gmx.net File not found (No name found) -- C:\USERS\MEDIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DFIO2783.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM [2013.02.27 15:36:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.03.31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll [2010.04.08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll [2013.03.01 17:49:16 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.01 17:49:16 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.01 17:49:16 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.01 17:49:16 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.01 17:49:16 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.01 17:49:16 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - No CLSID value found. O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\media\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) O4 - HKLM..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS) O4 - Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\media\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: blank ([]about in Local intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92D8A13D-4F94-466F-AAC1-EA1CF853EA42}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC4C7232-8742-4287-B774-57536F8BCF61}: DhcpNameServer = 10.0.0.138 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.01.02 20:00:35 | 000,000,107 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{3a5f5a57-d7c8-11e1-9080-002454c4a67a}\Shell - "" = AutoRun O33 - MountPoints2\{3a5f5a57-d7c8-11e1-9080-002454c4a67a}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{8bf85c58-6c7f-11e2-8874-002454c4a67a}\Shell - "" = AutoRun O33 - MountPoints2\{8bf85c58-6c7f-11e2-8874-002454c4a67a}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^Users^media^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^NoSleep_1.4.2.exe - - File not found MsConfig:64bit - StartUpFolder: C:^Users^media^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^media^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\program\quickstart.exe - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: APLangApp - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: APSDaemon1 - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: CheckMedi8or - hkey= - key= - C:\Program Files (x86)\Mediator6\CheckNewUser.exe () MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - File not found MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: hpqSRMon1 - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) MsConfig:64bit - StartUpReg: ITSecMng - hkey= - key= - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: iTunesHelper1 - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - File not found MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - File not found MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LaunchList - hkey= - key= - File not found MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NetLimiter - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Nuance OmniPage 17-reminder - hkey= - key= - C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: OpAgent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: Prelaunch OmniPage - hkey= - key= - C:\Program Files (x86)\Nuance\OmniPage17\OmniPage17.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig:64bit - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: UpdateLBPShortCut - hkey= - key= - File not found MsConfig:64bit - StartUpReg: UpdateP2GoShortCut - hkey= - key= - File not found MsConfig:64bit - StartUpReg: UpdatePDRShortCut - hkey= - key= - File not found MsConfig:64bit - StartUpReg: UpdatePPShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: UpdatePSTShortCut - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 23:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu [2013.03.01 23:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nvu [2013.03.01 22:09:48 | 000,000,000 | ---D | C] -- C:\Users\media\Documents\Zeta Producer 11 [2013.03.01 21:56:40 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Nvu [2013.03.01 17:56:49 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\BuddyW [2013.03.01 17:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BuddyW [2013.03.01 17:49:31 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\windows\SysWow64\dhRichClient3.dll [2013.03.01 17:49:17 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\DesktopIconForAmazon [2013.03.01 17:49:16 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Opera [2013.03.01 17:49:12 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\OCS [2013.02.27 15:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.23 12:23:46 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Avira [2013.02.23 12:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.02.23 12:18:20 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.02.23 12:18:20 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.02.23 12:18:20 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.02.23 12:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.23 12:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.13 14:19:04 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Sibelius Software [2013.02.13 14:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software [2013.02.08 10:53:31 | 000,000,000 | ---D | C] -- C:\Users\media\Die Bibel von Jörg Sieger [2013.02.04 10:03:41 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\LG Electronics [2013.02.04 10:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite [2013.02.04 10:02:20 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Local\LG Electronics [2013.02.04 10:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2010.12.19 16:51:22 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files (x86)\Common Files\keyhelp.ocx [1 C:\Users\media\*.tmp files -> C:\Users\media\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.03 20:48:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.03.03 19:56:37 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 19:56:37 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 19:49:14 | 000,000,384 | ---- | M] () -- C:\windows\tasks\SLOW-PCfighter64-media-Notification.job [2013.03.03 19:49:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.03.03 19:48:57 | 4141,473,792 | -HS- | M] () -- C:\hiberfil.sys [2013.03.02 18:36:09 | 002,311,679 | ---- | M] () -- C:\Users\media\Desktop\IMG_3621.JPG [2013.03.01 23:04:55 | 000,000,882 | ---- | M] () -- C:\Users\media\Desktop\Nvu.lnk [2013.03.01 17:49:16 | 000,119,808 | ---- | M] () -- C:\windows\SysNative\GFilterSvc.exe [2013.03.01 17:49:15 | 000,118,272 | ---- | M] () -- C:\windows\SysNative\rasmonur.exe [2013.02.23 12:42:59 | 000,000,453 | ---- | M] () -- C:\windows\BRWMARK.INI [2013.02.23 12:11:01 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.02.23 12:11:01 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.02.23 12:11:00 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.02.16 15:26:56 | 009,640,762 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.02.16 15:26:56 | 003,412,744 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.02.16 15:26:56 | 003,028,554 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.02.16 15:26:56 | 002,715,182 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.02.16 15:26:56 | 000,006,528 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.02.14 16:03:17 | 000,504,544 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.02.04 10:33:57 | 000,000,873 | ---- | M] () -- C:\Users\media\.recently-used.xbel [1 C:\Users\media\*.tmp files -> C:\Users\media\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.02 18:36:08 | 002,311,679 | ---- | C] () -- C:\Users\media\Desktop\IMG_3621.JPG [2013.03.01 23:04:55 | 000,000,882 | ---- | C] () -- C:\Users\media\Desktop\Nvu.lnk [2013.03.01 17:49:31 | 000,338,432 | ---- | C] () -- C:\windows\SysWow64\sqlite36_engine.dll [2013.03.01 17:49:16 | 000,119,808 | ---- | C] () -- C:\windows\SysNative\GFilterSvc.exe [2013.03.01 17:49:15 | 000,118,272 | ---- | C] () -- C:\windows\SysNative\rasmonur.exe [2013.02.04 10:33:57 | 000,000,873 | ---- | C] () -- C:\Users\media\.recently-used.xbel [2012.11.18 19:52:19 | 000,000,229 | ---- | C] () -- C:\Users\media\.gtk-bookmarks [2012.10.28 16:34:44 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini [2012.08.13 10:08:08 | 000,014,217 | ---- | C] () -- C:\Program Files (x86)\readme.html [2012.05.08 13:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link [2012.05.01 15:16:36 | 000,000,024 | ---- | C] () -- C:\windows\Medi8or.ini [2012.03.27 15:45:01 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat [2012.03.27 15:45:01 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat [2011.11.02 11:25:40 | 000,484,352 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll [2011.09.19 08:19:45 | 000,007,602 | ---- | C] () -- C:\Users\media\AppData\Local\Resmon.ResmonCfg [2011.08.04 19:28:57 | 000,028,271 | ---- | C] () -- C:\Users\media\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011.07.20 15:57:32 | 000,000,000 | ---- | C] () -- C:\windows\RSSNewsWriter.INI [2011.01.28 17:39:16 | 000,008,192 | ---- | C] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.04 19:51:33 | 000,767,804 | ---- | C] () -- C:\Users\media\.fonts.cache-1 [2010.11.12 16:15:33 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.24 17:46:27 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.31 12:17:15 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Amazon [2013.01.23 18:16:28 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Audacity [2013.03.01 17:57:50 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\BuddyW [2012.10.22 21:57:02 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Canneverbe Limited [2013.03.01 17:49:17 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\DesktopIconForAmazon [2013.03.03 19:50:00 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Dropbox [2012.01.19 17:02:30 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Fighters [2011.01.05 17:27:09 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FileMaker [2012.10.08 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FileZilla [2011.11.02 11:25:48 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FreeAudioPack [2013.01.08 22:13:38 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FreeCDRipper [2011.01.06 13:33:17 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FreeCommander [2012.10.24 15:29:24 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\FreeFixer [2010.11.13 18:01:01 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\GetRightToGo [2013.02.04 10:28:29 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\gtk-2.0 [2012.10.30 15:59:19 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Keseling [2013.02.04 10:03:41 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\LG Electronics [2012.10.24 21:28:52 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\LiveKit [2010.12.07 19:53:53 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\mquadr.at [2012.12.31 16:36:35 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\MyPhoneExplorer [2010.11.13 17:24:56 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Nuance [2013.03.01 21:56:40 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Nvu [2013.03.01 17:49:12 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\OCS [2010.12.30 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\OpenOffice.org [2013.03.01 17:49:16 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Opera [2011.08.04 19:01:27 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Reviversoft [2011.08.06 11:39:05 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Samsung [2010.11.13 17:26:31 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\ScanSoft [2013.01.17 16:07:09 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Thunderbird [2011.11.26 12:30:35 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\TomTom [2012.10.26 20:10:49 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\TuneUp Software [2011.12.10 13:49:45 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Xi [2010.11.13 17:25:30 | 000,000,000 | ---D | M] -- C:\Users\media\AppData\Roaming\Zeon ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.05.29 22:09:08 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.03.03 19:38:17 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.11.02 18:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.04.26 09:10:45 | 000,000,000 | ---D | M] -- C:\Intel [2010.09.24 17:55:56 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.03.03 19:30:07 | 000,000,000 | R--D | M] -- C:\Program Files [2013.03.03 19:40:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.03.03 19:42:54 | 000,000,000 | ---D | M] -- C:\ProgramData [2012.10.24 15:15:24 | 000,000,000 | ---D | M] -- C:\Programme [2010.09.24 17:42:47 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.03.03 21:23:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.10.31 11:52:33 | 000,000,000 | ---D | M] -- C:\Temp [2010.09.24 17:44:22 | 000,000,000 | R--D | M] -- C:\Users [2013.03.03 19:42:54 | 000,000,000 | ---D | M] -- C:\Windows [2012.10.24 15:20:32 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012.04.26 13:18:24 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job [2012.12.07 19:21:30 | 000,000,384 | ---- | C] () -- C:\windows\Tasks\SLOW-PCfighter64-media-Notification.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.10.06 07:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.10.06 07:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.10.06 07:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2009.10.06 06:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: IASTOR.SYS > [2009.11.20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\drivers\iaStor.sys [2009.11.20 07:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\drivers\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\drivers\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2011.01.04 19:51:33 | 000,767,804 | ---- | M] () -- C:\Users\media\.fonts.cache-1 [2012.11.18 19:52:19 | 000,000,229 | ---- | M] () -- C:\Users\media\.gtk-bookmarks [2013.02.04 10:33:57 | 000,000,873 | ---- | M] () -- C:\Users\media\.recently-used.xbel [2013.03.03 21:24:19 | 007,077,888 | -HS- | M] () -- C:\Users\media\ntuser.dat [2013.03.03 21:24:19 | 000,262,144 | -HS- | M] () -- C:\Users\media\ntuser.dat.LOG1 [2010.09.24 17:44:23 | 000,000,000 | -HS- | M] () -- C:\Users\media\ntuser.dat.LOG2 [2012.10.26 20:39:31 | 000,000,000 | -HS- | M] () -- C:\Users\media\NTUSER.DAT_tureg_new.LOG1 [2012.10.26 20:39:31 | 000,000,000 | -HS- | M] () -- C:\Users\media\NTUSER.DAT_tureg_new.LOG2 [2012.10.26 20:35:56 | 008,388,608 | -HS- | M] () -- C:\Users\media\NTUSER.DAT_tureg_old [2010.09.24 18:09:37 | 000,065,536 | -HS- | M] () -- C:\Users\media\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.09.24 18:09:37 | 000,524,288 | -HS- | M] () -- C:\Users\media\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.09.24 18:09:37 | 000,524,288 | -HS- | M] () -- C:\Users\media\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.10.02 13:48:49 | 000,065,536 | -HS- | M] () -- C:\Users\media\NTUSER.DAT{2857dd14-ce23-11df-908d-002454c4a67a}.TM.blf [2010.10.02 13:48:49 | 000,524,288 | -HS- | M] () -- C:\Users\media\NTUSER.DAT{2857dd14-ce23-11df-908d-002454c4a67a}.TMContainer00000000000000000001.regtrans-ms [2010.10.02 13:48:49 | 000,524,288 | -HS- | M] () -- C:\Users\media\NTUSER.DAT{2857dd14-ce23-11df-908d-002454c4a67a}.TMContainer00000000000000000002.regtrans-ms [2012.10.26 22:01:14 | 000,065,536 | -HS- | M] () -- C:\Users\media\ntuser.dat{6b512df7-1fa4-11e2-8380-806e6f6e6963}.TM.blf [2012.10.26 22:01:14 | 000,524,288 | -HS- | M] () -- C:\Users\media\ntuser.dat{6b512df7-1fa4-11e2-8380-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2012.10.26 22:01:14 | 000,524,288 | -HS- | M] () -- C:\Users\media\ntuser.dat{6b512df7-1fa4-11e2-8380-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2012.10.24 22:17:46 | 000,065,536 | -HS- | M] () -- C:\Users\media\ntuser.dat{75e47eee-1e1a-11e2-b506-82978d35d49f}.TM.blf [2012.10.24 22:17:46 | 000,524,288 | -HS- | M] () -- C:\Users\media\ntuser.dat{75e47eee-1e1a-11e2-b506-82978d35d49f}.TMContainer00000000000000000001.regtrans-ms [2012.10.24 22:17:46 | 000,524,288 | -HS- | M] () -- C:\Users\media\ntuser.dat{75e47eee-1e1a-11e2-b506-82978d35d49f}.TMContainer00000000000000000002.regtrans-ms [2010.10.16 13:51:33 | 000,065,536 | -HS- | M] () -- C:\Users\media\NTUSER.DAT{c19fc52e-d923-11df-91cb-002454c4a67a}.TM.blf [2010.10.16 13:51:33 | 000,524,288 | -HS- | M] () -- C:\Users\media\NTUSER.DAT{c19fc52e-d923-11df-91cb-002454c4a67a}.TMContainer00000000000000000001.regtrans-ms [2010.10.16 13:51:33 | 000,524,288 | -HS- | M] () -- C:\Users\media\NTUSER.DAT{c19fc52e-d923-11df-91cb-002454c4a67a}.TMContainer00000000000000000002.regtrans-ms [2010.09.24 17:44:23 | 000,000,020 | -HS- | M] () -- C:\Users\media\ntuser.ini [1 C:\Users\media\*.tmp files -> C:\Users\media\*.tmp -> ] < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 243 bytes -> C:\ProgramData\Temp:9B013599 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9E22BBE8 < End of report > |
|
03.03.2013, 22:00
| #4 |
| |  Delta Search nach Anleitung entfernt, logfile veröffentlicht: Danke für die schnelle Antwort. Ich habe mit OTL gescannt und schicke die Editor-Files im Anhang. Eines ist sehr groß geworden, deswegen musste ich es teilen. Anhang 51198 Anhang 51199 Anhang 51200 Danke! JohannesML  |
|
04.03.2013, 18:33
| #5 |
| /// Malware-holic | Delta Search nach Anleitung entfernt, logfile veröffentlicht: Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - No CLSID value found
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - No CLSID value found
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - No CLSID value found.
O33 - MountPoints2\{3a5f5a57-d7c8-11e1-9080-002454c4a67a}\Shell - "" = AutoRun
O33 - MountPoints2\{3a5f5a57-d7c8-11e1-9080-002454c4a67a}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{8bf85c58-6c7f-11e2-8874-002454c4a67a}\Shell - "" = AutoRun
O33 - MountPoints2\{8bf85c58-6c7f-11e2-8874-002454c4a67a}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
:files
:Commands
[emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 21:18
| #6 |
| | Delta Search nach Anleitung entfernt, logfile veröffentlicht: Ich habe Fix von OTL laufen lassen. Hier der LOG: All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{9d81af43-de53-48d0-a199-42c2a226b24c} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d81af43-de53-48d0-a199-42c2a226b24c}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D81AF43-DE53-48D0-A199-42C2A226B24C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D81AF43-DE53-48D0-A199-42C2A226B24C}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a5f5a57-d7c8-11e1-9080-002454c4a67a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a5f5a57-d7c8-11e1-9080-002454c4a67a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a5f5a57-d7c8-11e1-9080-002454c4a67a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a5f5a57-d7c8-11e1-9080-002454c4a67a}\ not found. File F:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bf85c58-6c7f-11e2-8874-002454c4a67a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf85c58-6c7f-11e2-8874-002454c4a67a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bf85c58-6c7f-11e2-8874-002454c4a67a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bf85c58-6c7f-11e2-8874-002454c4a67a}\ not found. File F:\LGAutoRun.exe not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: media ->Temp folder emptied: 1058805 bytes ->Temporary Internet Files folder emptied: 1090139 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 33514715 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 1116 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18788 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 28202 bytes Total Files Cleaned = 34,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 03042013_210800 Files\Folders moved on Reboot... C:\Users\media\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... :-) |
|
04.03.2013, 21:39
| #7 |
| /// Malware-holic | Delta Search nach Anleitung entfernt, logfile veröffentlicht: Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 21:58
| #8 |
| | Delta Search nach Anleitung entfernt, logfile veröffentlicht:Geändert von JohannesML (04.03.2013 um 22:05 Uhr) Grund: File zu groß |
|
04.03.2013, 21:59
| #9 |
| /// Malware-holic | Delta Search nach Anleitung entfernt, logfile veröffentlicht: das ist adwcleaner.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:34
| #10 |
| | Delta Search nach Anleitung entfernt, logfile veröffentlicht: |
|
05.03.2013, 14:49
| #11 |
| /// Malware-holic | Delta Search nach Anleitung entfernt, logfile veröffentlicht: Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.03.2013, 17:40
| #12 |
| | Delta Search nach Anleitung entfernt, logfile veröffentlicht: Hallo, jetzt habe ich es mit Combo-Fix gescannt. Hier das logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-03-07.02 - media 07.03.2013 17:15:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3950.2409 [GMT 1:00]
ausgeführt von:: c:\users\media\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\media\Computer Daten\Acer Aspire 5100 Driver\LAN_Realtek_5.649.0615.2006_XPx86\LAN_Realtek_5.649.0615.2006_XPx86\WIN2000\_desktop.ini
c:\users\media\Computer Daten\Acer Aspire 5100 Driver\LAN_Realtek_5.649.0615.2006_XPx86\LAN_Realtek_5.649.0615.2006_XPx86\WIN98SE\_desktop.ini
c:\users\media\Computer Daten\Acer Aspire 5100 Driver\LAN_Realtek_5.649.0615.2006_XPx86\LAN_Realtek_5.649.0615.2006_XPx86\WINME\_desktop.ini
c:\users\media\Computer Daten\Acer Aspire 5100 Driver\LAN_Realtek_5.649.0615.2006_XPx86\LAN_Realtek_5.649.0615.2006_XPx86\WINXP\_desktop.ini
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-07 bis 2013-03-07 ))))))))))))))))))))))))))))))
.
.
2013-03-04 20:08 . 2013-03-04 20:08 -------- d-----w- C:\_OTL
2013-03-01 22:04 . 2013-03-01 22:04 -------- d-----w- c:\program files (x86)\Nvu
2013-03-01 20:56 . 2013-03-01 20:56 -------- d-----w- c:\users\media\AppData\Roaming\Nvu
2013-03-01 16:56 . 2013-03-01 16:57 -------- d-----w- c:\users\media\AppData\Roaming\BuddyW
2013-03-01 16:51 . 2013-03-01 18:56 -------- d-----w- c:\program files (x86)\BuddyW
2013-03-01 16:49 . 2011-05-13 12:16 493056 ----a-w- c:\windows\SysWow64\dhRichClient3.dll
2013-03-01 16:49 . 2011-03-25 20:42 338432 ----a-w- c:\windows\SysWow64\sqlite36_engine.dll
2013-03-01 16:49 . 2013-03-01 16:49 -------- d-----w- c:\users\media\AppData\Roaming\DesktopIconForAmazon
2013-03-01 16:49 . 2013-03-01 16:49 119808 ----a-w- c:\windows\system32\GFilterSvc.exe
2013-03-01 16:49 . 2013-03-01 16:49 118272 ----a-w- c:\windows\system32\rasmonur.exe
2013-03-01 16:49 . 2013-03-01 16:49 -------- d-----w- c:\users\media\AppData\Roaming\OCS
2013-02-23 11:23 . 2013-02-23 11:23 -------- d-----w- c:\users\media\AppData\Roaming\Avira
2013-02-23 11:18 . 2013-02-23 11:18 -------- d-----w- c:\programdata\Avira
2013-02-23 11:18 . 2013-02-23 11:18 -------- d-----w- c:\program files (x86)\Avira
2013-02-23 11:18 . 2013-02-23 11:11 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-02-23 11:18 . 2013-02-23 11:11 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-23 11:18 . 2013-02-23 11:11 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-02-22 18:54 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC93C0B8-82BA-4446-A49E-622C9EE29DF9}\mpengine.dll
2013-02-14 06:58 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 06:58 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 06:58 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 06:58 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 06:58 . 2012-12-20 13:55 12295168 ----a-w- c:\windows\system32\ieframe.dll
2013-02-14 06:58 . 2012-12-20 13:56 9058304 ----a-w- c:\windows\system32\mshtml.dll
2013-02-14 06:58 . 2012-12-20 13:59 1188864 ----a-w- c:\windows\system32\wininet.dll
2013-02-13 13:19 . 2013-02-13 13:19 -------- d-----w- c:\users\media\AppData\Roaming\Sibelius Software
2013-02-13 13:17 . 2013-02-13 13:17 -------- d-----w- c:\program files (x86)\Sibelius Software
2013-02-08 09:53 . 2013-02-08 09:57 -------- d-----w- c:\users\media\Die Bibel von Jörg Sieger
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-01 20:30 . 2012-08-08 22:24 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-01 20:30 . 2010-12-30 12:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-27 13:49 . 2012-04-26 12:18 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 13:49 . 2011-05-14 06:08 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 07:07 . 2010-10-27 09:11 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-11-02 14:59 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 06:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-27 12:50 . 2012-12-27 12:50 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-12-16 17:11 . 2012-12-21 18:30 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 18:30 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:30 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2003-03-21 12:45 . 2010-12-19 15:51 250544 ----a-w- c:\program files (x86)\Common Files\keyhelp.ocx
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\media\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\media\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\media\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\media\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CommonToolkitTray"="c:\program files (x86)\Fighters\Tray\FightersTray.exe" [2012-11-13 1405544]
"sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2013-01-15 1460768]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-23 385248]
.
c:\users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\media\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\media\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2013-03-01 40960]
R2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2012-11-12 1270376]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [2012-07-03 29184]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [2012-07-03 36352]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 119680]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-09-04 11776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 113704]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 19496]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 152616]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 133160]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 34856]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 128552]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 145960]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 126392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-27 1255736]
R4 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-08-04 65536]
R4 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R4 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R4 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R4 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-23 27800]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-23 86752]
S2 GFilterSvc;G-Filter Service;c:\windows\System32\GFilterSvc.exe [2013-03-01 119808]
S2 ktmutild;LSI_SCSI elxstor eHome-Infrarotempfänger;c:\windows\system32\rasmonur.exe [2013-03-01 118272]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe [2013-01-15 216608]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-29 12728]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;c:\windows\system32\DRIVERS\ttusb2bda_amd64.sys [2012-05-24 743808]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 13:49]
.
2013-03-07 c:\windows\Tasks\SLOW-PCfighter64-media-Notification.job
- c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2012-11-15 12:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\media\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\media\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\media\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\media\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-09 16413288]
"Ocs_SM"="c:\users\media\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2013-03-01 106496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\media\AppData\Roaming\Mozilla\Firefox\Profiles\l9e8a9sa.Hannes\
FF - prefs.js: browser.search.selectedEngine - Google Deutschland
FF - prefs.js: browser.startup.homepage - hxxp://orf.at/
FF - ExtSQL: 2013-03-01 20:25; newtabgoogle@graememcc.co.uk; c:\users\media\AppData\Roaming\Mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions\newtabgoogle@graememcc.co.uk.xpi
FF - ExtSQL: !HIDDEN! 2013-03-01 17:49; firejump@firejump.net; c:\users\media\AppData\Roaming\Mozilla\Firefox\Profiles\l9e8a9sa.Hannes\extensions\firejump@firejump.net
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{9d81af43-de53-48d0-a199-42c2a226b24c} - (no file)
Toolbar-{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Acrobat Connect Add-in - c:\users\media\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
AddRemove-Adobe Connect Add-in - c:\users\media\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-07 17:31:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-07 16:31
.
Vor Suchlauf: 13 Verzeichnis(se), 115.743.141.888 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 114.821.578.752 Bytes frei
.
- - End Of File - - 451806EE5926A11FEA8D95F5328FC635
|
|
08.03.2013, 14:20
| #13 |
| /// Malware-holic | Delta Search nach Anleitung entfernt, logfile veröffentlicht: Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.03.2013, 23:09
| #14 |
| | Delta Search nach Anleitung entfernt, logfile veröffentlicht: So, jetzt hat Malwarebytes ein "PUP.Radmin" gefunden. Als ich es entfernte, ist das Antivir-Programm gekommen und hat die Registry blockiert und einen Systemscann vorgeschlagen. Hier das Logfile: Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.03.08.15 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 media :: HANNES-LAPTOP [Administrator] 08.03.2013 21:05:27 mbam-log-2013-03-08 (21-05-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 419302 Laufzeit: 1 Stunde(n), 35 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\media\Downloads\issp.exe (PUP.Radmin) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) ______________________________ Danke! |
|
11.03.2013, 14:33
| #15 |
| /// Malware-holic | Delta Search nach Anleitung entfernt, logfile veröffentlicht: Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Delta Search nach Anleitung entfernt, logfile veröffentlicht: |
| adobe, antivir, avira, converter, cpu, defender, delta search, desktop, echtzeit-scanner, email, error, explorer, firefox, flash player, home, installation, logfile, logfile auswerten, mozilla, office 2007, realtek, rundll, software, svchost.exe, system, tracker, updates, usb, visual studio, windows, wma |
WARNUNG an die MITLESER: 
Linear-Darstellung
