| |
| |||||||
Log-Analyse und Auswertung: BDS/ZeroAccess.Gen Noch infiziert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.03.2013, 12:32
| #1 |
 |  BDS/ZeroAccess.Gen Noch infiziert? Liebe Helfer, als großer Dummi hat mich nun auch der BDS/ZeroAccess.Gen erwischt. Ich hoffe ich mache hier alles mit den Regeln richtig ! Ich bin ein ziemlicher Anfänger und möchte mein System möglichst nicht neu aufsetzen lassen. Antivir 2013 hat BDS/ZeroAccess.Gen in Quarantäne verschoben . Malwarebytes und AVAST (Wieder deinstalliert, da ja zwei Antivirusprogramme nicht laufen sollen) haben keine Infektion mehr gemeldet. Computer macht für mich auch keine offensichtlichen Besonderheiten. BDS/ZeroAccess.Gen soll laut den Foren aber sehr gefährlich sein und ich bin natürlich nicht sicher ob ich noch versteckte Reste habe. In diesem Forum steht, daß man erst mal nichts alleine versuchen soll. Ich freue mich auf kompetente Hilfe und bitte um Entschuldigung falls ich als großer Dummi vielleicht nicht alle Anweisungen auf Anhieb verstehe. (Komme an diesen Rechner nicht vom 25.03-28.03.13-falls ich nicht gleich Antworten kann) Vielen Dank Grosserdummi |
|
23.03.2013, 14:42
| #2 |
| /// TB-Ausbilder   | BDS/ZeroAccess.Gen Noch infiziert? Hallo und
__________________ Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.  Hinweise zum Ablauf
Schauen wir mal: Schritt 1 Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
Schritt 2 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 3 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
|
23.03.2013, 16:40
| #3 |
| | BDS/ZeroAccess.Gen Noch infiziert? Lieber Leo,
__________________puh ! Ganz schön aufregend: Ich hoffe ich habe alles richtig gemacht? Mit dem Defogger Ergebis kann ich nicht viel anfangen : Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:15 on 23/03/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-23 15:56:59
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0 1397,27GB
Running: 2wz3gehy.exe; Driver: C:\Users\***\AppData\Local\Temp\kwrirpob.sys
---- System - GMER 2.1 ----
SSDT 91EA82AE ZwCreateSection
SSDT 91EA8286 ZwCreateSymbolicLinkObject
SSDT 91EA828B ZwLoadDriver
SSDT 91EA8281 ZwOpenSection
SSDT 91EA82B8 ZwRequestWaitReplyPort
SSDT 91EA82B3 ZwSetContextThread
SSDT 91EA82BD ZwSetSecurityObject
SSDT 91EA8290 ZwSetSystemInformation
SSDT 91EA82C2 ZwSystemDebugControl
SSDT 91EA824F ZwTerminateProcess
SSDT 91EA824A ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E829E9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EBC1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82EC330C 4 Bytes [AE, 82, EA, 91] {SCASB ; SUB DL, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 82EC3314 4 Bytes [86, 82, EA, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 82EC3428 4 Bytes [8B, 82, EA, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 82EC34C4 4 Bytes [81, 82, EA, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82EC3668 4 Bytes [B8, 82, EA, 91]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92802000, 0x2FBAB4, 0xE8000020]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{AD4805E5-00B2-11E0-B7C3-806E6F6E6963} 8317688192
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter OTL logfile created on: 3/23/2013 4:07:09 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.19% Memory free 5.98 Gb Paging File | 4.58 Gb Available in Paging File | 76.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 1234.81 Gb Free Space | 91.05% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.03 Gb Free Space | 52.58% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/23 15:08:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013/02/25 12:37:30 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe PRC - [2013/02/12 23:24:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/12 23:24:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013/02/12 23:24:11 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/02/12 23:24:09 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2013/02/12 23:24:08 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/02/12 23:24:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013/02/12 23:24:07 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/05/27 17:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010/04/27 18:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008/10/23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Program Files\DSL-Manager\DslMgrSvc.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013/02/14 03:18:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/02/14 03:18:31 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/01/09 12:09:41 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll MOD - [2013/01/09 12:06:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/09 12:06:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/09 12:06:14 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013/01/09 12:06:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/09 12:06:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/09 12:06:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/09 12:05:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/11/29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/05/27 20:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/05/12 14:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2003/03/05 15:55:12 | 000,077,824 | ---- | M] () -- C:\Windows\System32\iOpusSEA.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/03/15 12:45:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/25 12:37:30 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2013/02/12 23:24:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/12 23:24:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013/02/12 23:24:09 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013/02/12 23:24:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/12 23:24:07 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008/10/23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Running] -- C:\Program Files\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - [2013/02/12 23:24:52 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2013/02/12 23:24:52 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2012/12/12 09:08:28 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/12/12 09:08:27 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/29 21:45:16 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012/11/29 21:45:15 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011/02/11 22:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2011/01/12 10:42:12 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/05/27 18:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010/05/27 17:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010/04/27 17:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 17:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2007/08/01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\SearchScopes\{BEE40910-55F2-48ED-9E46-B40556859AE9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.mg40.mail.yahoo.com/neo/ [Binary data over 200 bytes] IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{1120228E-D747-4D08-A4B4-4B4D82EF12AD}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{4548E562-7A1E-4DB5-9F68-DF4F97394503}: "URL" = hxxp://www.clipfish.de/suche/{searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{4A8CD86C-18D5-4073-8416-F68A43F52E87}: "URL" = hxxp://suche.sueddeutsche.de/{searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{66C0BCA5-1BE9-4E26-89B2-51AE787EC92D}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{670BB114-C750-49E9-B008-7689F7FE314E}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{68E59624-F3B4-44BF-B1BC-B4ED45A03BE2}: "URL" = hxxp://www.benefind.de/result.html?q={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{77ED0AA8-A539-45AE-A9FA-E9668CBEB5CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{7D91603D-30F7-4A9E-B440-EFC1DD739FBF}: "URL" = hxxp://www.pressini.de/results.htm IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{81C14EE5-F013-49E8-8B98-C4902DCFC1E6}: "URL" = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{93B89ADF-09AF-48E7-A036-4C87EA38222A}: "URL" = hxxp://www.ricardo.ch/search/search.asp?txtSearch={searchTerms}&Catg=1&InTitleAndDesc=1 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{B28D7A98-CD02-4971-A574-1B935949987A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{C84A2359-04D5-457E-9EE6-F8A6B83AED8C}: "URL" = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{CCCFB525-7E19-4B5B-AA48-A42A022AD63A}: "URL" = hxxp://www.druckbesser.de/index.php?pg=drucksachen-profisuche&suchbegriff={searchTerms}#ergebnisse IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{D5C1F40E-0284-45E2-B32A-796132A118FA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{DCF61ACB-0471-47B4-9C6B-691C3AF47874}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{E5DF8F95-23A0-48E1-BE5C-F7B9B11F0924}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{E903553E-CFE2-4E90-B3C0-D204F60459C5}: "URL" = hxxp://www.fancity.eu/{searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{EBD97CF0-28E6-44C7-BA95-53C59781FB5A}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{F72B4A0F-F740-4E1C-842B-48145C388209}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{F7E29EF4-E9FD-40F1-923C-5C40A5A3F888}: "URL" = hxxp://www.youtube.de/results?search_query={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/30 13:03:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013/03/17 09:11:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013/03/17 09:11:42 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - Extension: Docs = C:\Users\HoerlA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\HoerlA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\HoerlA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\HoerlA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\HoerlA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\HoerlA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/01/02 11:34:55 | 000,428,463 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14749 more lines... O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingE4392] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000..\RunOnce: [SpybotDeletingF8233] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\HoerlA\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\HoerlA\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/23 13:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/03/23 10:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/03/23 10:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/03/23 01:53:39 | 000,000,000 | ---D | C] -- C:\Users\HoerlA\AppData\Roaming\Malwarebytes [2013/03/23 01:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/23 01:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/23 01:53:15 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/03/23 01:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/03/17 09:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2013/03/17 09:11:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2013/03/17 09:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013/03/15 10:51:04 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/03/15 10:51:04 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/03/15 10:51:04 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013/03/15 10:51:04 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013/03/15 10:51:04 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/03/15 10:51:04 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/03/15 10:51:04 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/03/15 10:51:04 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/03/15 10:51:04 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013/03/15 10:51:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013/03/15 10:51:04 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013/03/15 10:51:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013/03/15 10:51:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013/03/15 10:51:04 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013/03/15 10:51:04 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013/03/15 10:51:04 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/03/15 10:51:04 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/03/15 10:51:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013/03/15 10:51:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/03/15 10:51:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013/03/15 10:51:04 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013/03/15 10:51:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/03/15 10:51:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013/03/15 10:51:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013/03/15 10:51:04 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/03/15 10:51:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/03/15 10:51:04 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013/03/15 10:51:04 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013/03/15 10:51:03 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/03/15 10:51:03 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013/03/15 10:51:03 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/03/15 10:51:03 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/03/15 10:51:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/03/15 10:51:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/03/15 10:51:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/03/15 10:51:03 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/03/15 10:48:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013/03/03 14:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013/02/27 17:51:19 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013/02/27 17:51:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013/02/27 17:51:04 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013/02/27 17:51:04 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 17:51:04 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 17:51:04 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 17:51:03 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/02/27 17:51:03 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 17:51:03 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 17:51:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 17:51:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 17:51:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 17:51:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 17:51:02 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013/02/27 17:51:02 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013/02/27 17:51:02 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/02/27 17:51:02 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013/02/27 17:51:02 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/02/27 17:51:02 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/02/27 17:51:02 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013/02/27 17:51:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/02/27 17:51:02 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/02/27 17:51:02 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013/02/27 17:51:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/02/27 17:51:01 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/02/26 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\HoerlA\Documents\ProcAlyzer Dumps [2013/02/26 13:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/02/26 13:35:45 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013/02/26 13:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/02/26 13:21:42 | 000,000,000 | ---D | C] -- C:\Users\HoerlA\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013/03/23 16:06:19 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/23 16:06:19 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/23 15:58:55 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/23 15:58:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/23 15:58:32 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2013/03/23 15:17:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/23 15:17:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/23 15:10:19 | 000,000,000 | ---- | M] () -- C:\Users\HoerlA\defogger_reenable [2013/03/23 01:53:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/23 00:15:03 | 000,000,105 | ---- | M] () -- C:\Windows\wininit.ini [2013/03/17 10:14:18 | 000,000,900 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2013/03/17 09:11:43 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2013/03/16 10:58:01 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/03/16 10:58:01 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/03/16 10:58:01 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/03/16 10:58:01 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/03/15 12:45:42 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/03/15 12:45:42 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/03/15 12:43:45 | 000,001,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6500 E710a-f (Netzwerk).lnk [2013/03/15 10:51:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/03/15 10:51:04 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/03/15 10:51:04 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013/03/15 10:51:04 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013/03/15 10:51:04 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/03/15 10:51:04 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/03/15 10:51:04 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/03/15 10:51:04 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/03/15 10:51:04 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013/03/15 10:51:04 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013/03/15 10:51:04 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013/03/15 10:51:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013/03/15 10:51:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013/03/15 10:51:04 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013/03/15 10:51:04 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013/03/15 10:51:04 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/03/15 10:51:04 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/03/15 10:51:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013/03/15 10:51:04 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/03/15 10:51:04 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013/03/15 10:51:04 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013/03/15 10:51:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/03/15 10:51:04 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013/03/15 10:51:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013/03/15 10:51:04 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/03/15 10:51:04 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/03/15 10:51:04 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013/03/15 10:51:04 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013/03/15 10:51:03 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/03/15 10:51:03 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013/03/15 10:51:03 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/03/15 10:51:03 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/03/15 10:51:03 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/03/15 10:51:03 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/03/15 10:51:03 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/03/15 10:51:03 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013/03/15 10:51:03 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/03/15 10:18:10 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/26 13:35:49 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/02/21 17:07:12 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif ========== Files Created - No Company Name ========== [2013/03/23 15:10:19 | 000,000,000 | ---- | C] () -- C:\Users\HoerlA\defogger_reenable [2013/03/23 01:53:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/23 00:15:03 | 000,000,105 | ---- | C] () -- C:\Windows\wininit.ini [2013/03/17 09:11:43 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2013/03/15 10:51:03 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013/02/26 13:35:49 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/02/26 13:35:49 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012/11/23 23:33:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/08/27 15:34:27 | 000,077,824 | ---- | C] () -- C:\Windows\System32\iOpusSEA.dll [2011/05/29 09:25:16 | 000,000,029 | ---- | C] () -- C:\Windows\CAI.INI [2011/05/27 15:55:52 | 000,000,102 | ---- | C] () -- C:\Windows\bmwetksa.ini [2011/05/27 15:54:12 | 000,000,391 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/05/27 15:51:51 | 000,000,115 | ---- | C] () -- C:\Windows\bmwhtk.ini [2011/05/27 15:51:47 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI [2011/05/27 15:51:00 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2011/03/27 17:57:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011/02/28 00:13:41 | 000,007,597 | ---- | C] () -- C:\Users\HoerlA\AppData\Local\Resmon.ResmonCfg [2011/02/01 14:28:24 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 3/23/2013 4:07:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andi\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.19% Memory free
5.98 Gb Paging File | 4.58 Gb Available in Paging File | 76.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1234.81 Gb Free Space | 91.05% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.03 Gb Free Space | 52.58% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B32B9A5-B61A-4F91-9F6B-A489E2BB5A6D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{1187FB04-52DE-4344-930E-24A38A4CB6D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{153452F6-E251-44C4-A909-F71A9261C043}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E94365E-B2A6-447A-B91E-61006B58CA0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{498617AE-EAE7-4DD3-83E2-0D1C57164B89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4D8858FA-B2E8-4F03-AEA3-A9BF49472200}" = rport=137 | protocol=17 | dir=out | app=system |
"{53420B4D-FC53-438B-8142-FCF65F7AC05E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54458F06-7DB7-4879-BF62-E21D47C15215}" = rport=138 | protocol=17 | dir=out | app=system |
"{648314BC-449D-4DB9-8D26-EB6F017756BA}" = lport=139 | protocol=6 | dir=in | app=system |
"{68A01E76-158B-42EB-AFA5-01F37FCBD698}" = lport=137 | protocol=17 | dir=in | app=system |
"{71DB7CC1-3E39-4A70-A7C1-DC55ECA9C928}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D624261-49AB-474D-A257-0EC2243E5E20}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7DBC8357-33DB-4632-B747-700CC8FFB1BA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{85EEC1EA-F0C4-43BE-A7AB-D8F6040269E2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87616F20-BE7D-4BE2-995A-F46F4B7752A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B64B105-436A-4499-BF65-4DD990EB4712}" = rport=139 | protocol=6 | dir=out | app=system |
"{9ECBE800-A395-4B19-89CD-5D171647B0D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3E2361D-33FA-468D-85FA-6D43B9BDFC45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAEEA72E-3313-436B-9F16-EFAE3645BE2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B06C59B1-57CE-4AA8-901F-32D0124BE52D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2D9D43F-29C2-4892-8DB5-ED96249C154F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C5A9CF45-EC93-41FE-AB55-8BFE26789CB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CAC4A01B-101C-4501-A5F1-33F11FE2D37B}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF41F8F5-7471-4895-BFB7-8ABF5F6442D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB4953D4-A218-4802-8519-101CE5BA25AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{E8D78914-AF29-4264-9D3E-F1925DE5336C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{081C0941-AC0A-43EC-A8CA-C8EEAE9C28C5}" = protocol=6 | dir=in | app=c:\users\hoerla\appdata\local\temp\7zs63e0\hpdiagnosticcoreui.exe |
"{098819FC-9903-49C6-BBEB-D219D3DEB2A5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{10F43E06-0B49-4BC9-984B-7F6FCC12325B}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{18853FAF-EFD7-49BF-8704-F02239FAF29C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1944EC1A-FE77-432C-80D5-5978B458B5E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C4E3CCC-CFCF-4086-982A-CF67E690EFE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2693420A-2F6C-4AF6-A12C-C989D7FE4227}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A66FC9E-DAA9-4AE0-947E-2C6BBB3713F2}" = dir=in | app=c:\program files\samsung\allshare\allshare.exe |
"{4C811096-C60A-4EFF-83C1-49B66318F670}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\sendafax.exe |
"{5379040D-6CBF-4542-A099-C531DF97552D}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{5C6AF742-D1BF-487A-9063-3648DC113104}" = protocol=6 | dir=out | app=system |
"{62F75DEC-9C52-4BF8-858C-D01040E1D7A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69DF5E11-1D09-4647-A612-953CE9724F7D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6F7E946C-BCDA-4EB4-8204-B1297DDA6D70}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\digitalwizards.exe |
"{743BC860-FC7C-4224-94F7-A8612A916650}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78E69F67-952D-48F0-AE36-7873FAFC75F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7A03516E-AB2E-4981-9E61-BE1570B6E6EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{87865B26-ED10-4416-9862-08C36F3E4D48}" = dir=in | app=c:\program files\samsung\allshare\allshareagent.exe |
"{8944E0B6-15EC-454B-9D18-4757CC4A9C8F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9BA701B0-F299-4818-B8C2-A637B004F7C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5BEB73E-5F89-4DB6-B412-520C4F29F38E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{A74DC7C6-79CA-45E0-BBE8-198E3C808573}" = protocol=17 | dir=in | app=c:\users\hoerla\appdata\local\temp\7zs57e5\hpdiagnosticcoreui.exe |
"{AF0D104D-010C-4993-A7B4-1203F882D806}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B20FC9DD-77D1-470F-AB0E-CED26543629C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BBED9098-959B-4028-99D2-C7E4047F7742}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\faxapplications.exe |
"{C939DB88-005F-491B-8760-20F89BFB9C1D}" = protocol=17 | dir=in | app=c:\users\hoerla\appdata\local\temp\7zs63e0\hpdiagnosticcoreui.exe |
"{CA7D6982-A6A4-494A-9DB3-825790D44A1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CC109B8D-C9E1-45AA-9C03-E39F24526083}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{D24D4D74-57EE-4D3D-BFF3-3AA4D5BEEA6D}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{D7C6D689-6325-448F-83E9-8AC36F024A14}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D953076B-5048-4EEC-BCE8-0DEDA805C2F5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{DCAC11FE-306A-451E-A906-50CFC99FD6C0}" = dir=in | app=c:\program files\samsung\allshare\allsharedms\allsharedms.exe |
"{E4102A09-FA31-4A20-910E-9CCC6DFB8AA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8A42A87-72D7-4A98-A192-1FFF24B357B4}" = dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicatorcom.exe |
"{EBF7597E-2CA6-4CE2-AA2D-DAABAA6939EC}" = protocol=6 | dir=in | app=c:\users\hoerla\appdata\local\temp\7zs57e5\hpdiagnosticcoreui.exe |
"{EE0B8A16-832E-4DC3-B70E-34BEA741D52E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F2939C76-418B-4307-A5DF-5DAD9B17100D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FBAFDF3C-DD67-4305-B58D-32EAAB49A6AF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{E0E4EAC9-2DA5-4F53-8060-02456121F54C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{D57AD702-6DAC-41F1-AED1-3E4FEAD1276C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2188C32A-AE04-4142-82AC-22803A5C5464}" = Studie zur Verbesserung von HP Officejet 6500 E710a-f Produkten
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{674FD0B7-9641-4B07-906D-AB77A94C51B6}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{809B22DC-A386-4F22-0023-DE0000000001}" = EXAM 11
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{958B08B0-C784-4A77-8D2B-C0A58F1E14B5}" = HP Officejet 6500 E710a-f Hilfe
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Schnellzugriffe
"4Captains" = 4Captains
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aldi Süd Foto Service" = Aldi Süd Foto Service 4.6
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"ALDI Sued Fotoservice_is1" = Aldi Sued Fotoservice 2.7
"Avira AntiVir Desktop" = Avira Internet Security
"CCleaner" = CCleaner
"DivX Setup" = DivX-Setup
"Drucken in PDF Annotator_is1" = Drucken in PDF Annotator (novaPDF OEM 7.4 printer)
"ETKV10" = Etk
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free Studio_is1" = Free Studio version 5.0.3
"Freemake Video Converter_is1" = Freemake Video Converter Version 2.0.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"iOpus Secure Email Attachments (SEA)" = iOpus Secure Email Attachments (SEA)
"IrfanView" = IrfanView (remove only)
"KASHU_UsbEnterVer.4.0.1" = USB Flash Security Ver.4.0.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDFAnnotator_is1" = PDF Annotator 3.0.0.333
"SysadmV10" = Sysadm
"TeamViewer 8" = TeamViewer 8
"TISV10" = Tis
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2637316431-523064892-2508072546-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kalender-Excel-8.7.1_is1" = Kalender-Excel-8.7.1
"webGAMET" = webGAMET
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/22/2013 8:50:13 PM | Computer Name = HoerlA-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16521 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1134 Startzeit: 01ce276010e28554 Endzeit: 16 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 3/23/2013 12:41:21 AM | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HP\HP
Officejet 6500 E710a-f\DriverStore\Pipeline\amd64\hpinkins5512.exe". Die abhängige
Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 3/23/2013 12:41:52 AM | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 3/23/2013 5:40:42 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0x1448 Startzeit der fehlerhaften Anwendung: 0x01ce275896071023 Pfad der
fehlerhaften Anwendung: C:\Program Files\DSL-Manager\DslMgrSvc.exe Pfad des fehlerhaften
Moduls: C:\Program Files\DSL-Manager\DslMgrSvc.exe Berichtskennung: ba267d2a-939d-11e2-8a56-6c626d8aebc0
Error - 3/23/2013 6:42:50 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00058402 ID des fehlerhaften
Prozesses: 0x1080 Startzeit der fehlerhaften Anwendung: 0x01ce27b327207333 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 683dbb38-93a6-11e2-8a56-6c626d8aebc0
Error - 3/23/2013 6:43:09 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00052bb7 ID des fehlerhaften
Prozesses: 0x1cec Startzeit der fehlerhaften Anwendung: 0x01ce27b333453858 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 732aac1a-93a6-11e2-8a56-6c626d8aebc0
Error - 3/23/2013 6:43:23 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16521,
Zeitstempel: 0x51207618 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc00000fd Fehleroffset: 0x00052d6f ID des fehlerhaften
Prozesses: 0xcd8 Startzeit der fehlerhaften Anwendung: 0x01ce27b33b65ab08 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 7ba7f474-93a6-11e2-8a56-6c626d8aebc0
Error - 3/23/2013 10:36:32 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 2wz3gehy.exe, Version: 2.1.19155.0,
Zeitstempel: 0x51349f87 Name des fehlerhaften Moduls: 2wz3gehy.exe, Version: 2.1.19155.0,
Zeitstempel: 0x51349f87 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012288 ID des fehlerhaften
Prozesses: 0x1318 Startzeit der fehlerhaften Anwendung: 0x01ce27d3a3b1423b Pfad der
fehlerhaften Anwendung: C:\Users\Andi\Desktop\2wz3gehy.exe Pfad des fehlerhaften
Moduls: C:\Users\Andi\Desktop\2wz3gehy.exe Berichtskennung: 0dbf5517-93c7-11e2-a527-74f06d8d1620
Error - 3/23/2013 10:44:40 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 2wz3gehy.exe, Version: 2.1.19155.0,
Zeitstempel: 0x51349f87 Name des fehlerhaften Moduls: 2wz3gehy.exe, Version: 2.1.19155.0,
Zeitstempel: 0x51349f87 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012288 ID des fehlerhaften
Prozesses: 0x16a0 Startzeit der fehlerhaften Anwendung: 0x01ce27d4b1c52d0d Pfad der
fehlerhaften Anwendung: C:\Users\Andi\Desktop\2wz3gehy.exe Pfad des fehlerhaften
Moduls: C:\Users\Andi\Desktop\2wz3gehy.exe Berichtskennung: 3072ec09-93c8-11e2-a37b-74f06d8d1620
Error - 3/23/2013 10:59:10 AM | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: sidebar.exe, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce79791 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000264 Fehleroffset: 0x000a1742 ID des fehlerhaften
Prozesses: 0xc7c Startzeit der fehlerhaften Anwendung: 0x01ce27d6f55d5f0e Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Sidebar\sidebar.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 3770230d-93ca-11e2-897e-6c626d8aebc0
[ Spybot - Search and Destroy Events ]
Error - 2/26/2013 9:26:55 AM | Computer Name = *** | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 3/22/2013 2:23:02 PM | Computer Name = *** | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 3/23/2013 6:49:18 AM | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 8" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 3/23/2013 6:49:54 AM | Computer Name = *** | Source = DCOM | ID = 10016
Description =
Error - 3/23/2013 7:00:07 AM | Computer Name = *** | Source = DCOM | ID = 10016
Description =
Error - 3/23/2013 7:07:55 AM | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst wlidsvc erreicht.
Error - 3/23/2013 7:08:25 AM | Computer Name = *** | Source = DCOM | ID = 10016
Description =
Error - 3/23/2013 10:31:38 AM | Computer Name =*** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?03.?2013 um 15:20:56 unerwartet heruntergefahren.
Error - 3/23/2013 10:32:42 AM | Computer Name = *** | Source = DCOM | ID = 10016
Description =
Error - 3/23/2013 10:40:58 AM | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?03.?2013 um 15:38:21 unerwartet heruntergefahren.
Error - 3/23/2013 10:42:03 AM | Computer Name = *** | Source = DCOM | ID = 10016
Description =
Error - 3/23/2013 10:59:52 AM | Computer Name = *** | Source = DCOM | ID = 10016
Description =
< End of report >
Viele Grüße vom Grosserdummi |
|
23.03.2013, 16:47
| #4 | ||
| /// TB-Ausbilder | BDS/ZeroAccess.Gen Noch infiziert? Hallo, Zitat:
 Schritt 1
Schritt 2 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 3 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 4 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
23.03.2013, 17:08
| #5 |
| /// TB-Ausbilder | BDS/ZeroAccess.Gen Noch infiziert? Hallo, du hast zwei Mal den gleichen Beitrag gepostet. Meine nächste Anleitung steht bereits oben. 
__________________ cheers, Leo |
|
23.03.2013, 17:59
| #6 |
| | BDS/ZeroAccess.Gen Noch infiziert? Lieber Leo, Entschuldigung ich dachte das wäre nur die Vorschau ! (=Dummi) Ask Toolbar habe ich deinstalliert hier die 3 Logfiles (Bei OTL hat sich diesmal kein zweites file generiert?!) [CODE# AdwCleaner v2.115 - Datei am 23/03/2013 um 17:14:26 erstellt # Aktualisiert am 17/03/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : *** - *** # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\***\AppData\Local\AskToolbar Ordner Gelöscht : C:\Users\***\AppData\Local\Temp\AskSearch Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar Ordner Gelöscht : C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Ask.com Schlüssel Gelöscht : HKCU\Software\AskToolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16521 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v25.0.1364.172 Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ][/CODE] [CODECombofix Logfile: Code:
ATTFilter ComboFix 13-03-21.02 - *** 23.03.2013 17:24:05.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3063.1792 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Internet Explorer
c:\internet explorer\Custom\eBay.ico
c:\users\***\4.0
c:\users\***\AppData\Roaming\.#
c:\users\***\AppData\Roaming\.#
c:\windows\security\Database\tmp.edb
c:\windows\unin0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-23 bis 2013-03-23 ))))))))))))))))))))))))))))))
.
.
2013-03-23 16:29 . 2013-03-23 16:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-23 16:29 . 2013-03-23 16:29 -------- d-----w- c:\users\***\AppData\Local\temp
2013-03-23 12:06 . 2013-03-23 12:06 -------- d-----w- c:\program files\ESET
2013-03-23 09:45 . 2013-03-23 09:45 -------- d-----w- c:\program files\AVAST Software
2013-03-23 09:42 . 2013-03-23 10:58 -------- d-----w- c:\programdata\AVAST Software
2013-03-23 00:53 . 2013-03-23 00:53 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2013-03-23 00:53 . 2013-03-23 00:53 -------- d-----w- c:\programdata\Malwarebytes
2013-03-23 00:53 . 2013-03-23 00:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-23 00:53 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-17 08:27 . 2013-03-17 08:27 -------- d-----w- c:\users\***\AppData\Roaming\FreemakeVideoDownloader
2013-03-17 08:11 . 2013-03-17 08:11 -------- d-----w- c:\program files\WinPcap
2013-03-17 08:11 . 2013-03-17 08:12 -------- d-----w- c:\programdata\Freemake
2013-03-15 09:48 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-03 13:45 . 2013-03-03 13:45 -------- d-----w- c:\program files\QuickTime
2013-02-26 12:35 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-02-26 12:35 . 2013-02-26 12:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-02-26 12:21 . 2013-02-26 12:21 -------- d-----w- c:\users\***\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-17 09:14 . 2011-02-01 13:28 900 --sha-w- c:\programdata\KGyGaAvL.sys
2013-03-15 11:45 . 2012-12-09 17:24 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-15 11:45 . 2012-12-09 17:24 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 22:24 . 2012-11-29 20:50 92448 ----a-w- c:\windows\system32\drivers\avfwim.sys
2013-02-12 22:24 . 2012-11-29 20:50 113024 ----a-w- c:\windows\system32\drivers\avfwot.sys
2013-02-12 04:48 . 2013-03-13 12:17 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:17 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-05 05:00 . 2013-02-13 14:18 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 14:18 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 14:09 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 14:19 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 14:18 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 14:18 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HP Officejet 6500 E710a-f (NET)"="c:\program files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingE4392"="c:\program files\Spybot - Search & Destroy 2\SDDelFile.exe" [2012-11-13 2710040]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
"*Restore"="c:\windows\System32\rstrui.exe" [2010-11-20 262656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2011-04-10 280576]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Tintenwarnungen überwachen - HP Officejet 6500 E710a-f (Netzwerk).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 44544]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2011-1-12 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
2012-03-01 22:59 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2012-11-13 13:08 3825176 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2012-11-13 13:07 3713032 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-17 11:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 DslMNLwf;DSL-Manager NDIS LightWeight Filter;c:\windows\system32\DRIVERS\dslmnlwf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 TDslMgrService;DSL-Manager;c:\program files\DSL-Manager\DslMgrSvc.exe [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 09:17 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-09 11:45]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 12:17]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-05 12:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-BsScanner
AddRemove-ETKV10 - c:\windows\unin0407.exe
AddRemove-SysadmV10 - c:\windows\unin0407.exe
AddRemove-TISV10 - c:\windows\unin0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-23 17:30:36
ComboFix-quarantined-files.txt 2013-03-23 16:30
.
Vor Suchlauf: 18 Verzeichnis(se), 1.335.333.822.464 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 1.335.458.652.160 Bytes frei
.
- - End Of File - - C2A7C53EDCF2ED60DAE0654E67A0969B
][/CODE] [CODEOTL Logfile: Code:
ATTFilter OTL logfile created on: 3/23/2013 5:35:20 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 62.74% Memory free 5.98 Gb Paging File | 4.69 Gb Available in Paging File | 78.42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 1243.83 Gb Free Space | 91.72% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.03 Gb Free Space | 52.58% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/23 15:08:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013/02/25 12:37:30 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe PRC - [2013/02/12 23:24:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2013/02/12 23:24:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013/02/12 23:24:11 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2013/02/12 23:24:09 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2013/02/12 23:24:08 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/02/12 23:24:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2013/02/12 23:24:07 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/05/27 17:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010/04/27 18:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2008/10/23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Program Files\DSL-Manager\DslMgrSvc.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013/02/14 03:18:40 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/02/14 03:18:31 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/01/09 12:09:41 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll MOD - [2013/01/09 12:06:49 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/09 12:06:24 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/09 12:06:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/09 12:06:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/09 12:06:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/09 12:05:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/05/27 20:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/05/12 14:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2003/03/05 15:55:12 | 000,077,824 | ---- | M] () -- C:\Windows\System32\iOpusSEA.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/03/15 12:45:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/25 12:37:30 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2013/02/12 23:24:42 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/02/12 23:24:13 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013/02/12 23:24:09 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013/02/12 23:24:08 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/02/12 23:24:07 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2012/12/18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/12/14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2008/10/23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Running] -- C:\Program Files\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013/02/12 23:24:52 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2013/02/12 23:24:52 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2012/12/12 09:08:28 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/12/12 09:08:27 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/29 21:45:16 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012/11/29 21:45:15 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/08/23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011/02/11 22:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2011/01/12 10:42:12 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/05/27 18:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010/05/27 17:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010/04/27 17:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 17:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2007/08/01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\SearchScopes\{BEE40910-55F2-48ED-9E46-B40556859AE9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://de.mg40.mail.yahoo.com/neo/ [Binary data over 200 bytes] IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.de/ IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{1120228E-D747-4D08-A4B4-4B4D82EF12AD}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{4548E562-7A1E-4DB5-9F68-DF4F97394503}: "URL" = hxxp://www.clipfish.de/suche/{searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{4A8CD86C-18D5-4073-8416-F68A43F52E87}: "URL" = hxxp://suche.sueddeutsche.de/{searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{66C0BCA5-1BE9-4E26-89B2-51AE787EC92D}: "URL" = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{670BB114-C750-49E9-B008-7689F7FE314E}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{68E59624-F3B4-44BF-B1BC-B4ED45A03BE2}: "URL" = hxxp://www.benefind.de/result.html?q={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{77ED0AA8-A539-45AE-A9FA-E9668CBEB5CE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{7D91603D-30F7-4A9E-B440-EFC1DD739FBF}: "URL" = hxxp://www.pressini.de/results.htm IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{81C14EE5-F013-49E8-8B98-C4902DCFC1E6}: "URL" = hxxp://www.computerbild.de/suche/index.html?s_text={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{93B89ADF-09AF-48E7-A036-4C87EA38222A}: "URL" = hxxp://www.ricardo.ch/search/search.asp?txtSearch={searchTerms}&Catg=1&InTitleAndDesc=1 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{B28D7A98-CD02-4971-A574-1B935949987A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{C84A2359-04D5-457E-9EE6-F8A6B83AED8C}: "URL" = hxxp://www.suchen.de/lokal?q={searchTerms}&partnerid=244&radius=10&sort=relevance&fedsearch=true IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{CCCFB525-7E19-4B5B-AA48-A42A022AD63A}: "URL" = hxxp://www.druckbesser.de/index.php?pg=drucksachen-profisuche&suchbegriff={searchTerms}#ergebnisse IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{D5C1F40E-0284-45E2-B32A-796132A118FA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{DCF61ACB-0471-47B4-9C6B-691C3AF47874}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{E5DF8F95-23A0-48E1-BE5C-F7B9B11F0924}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{E903553E-CFE2-4E90-B3C0-D204F60459C5}: "URL" = hxxp://www.fancity.eu/{searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{EBD97CF0-28E6-44C7-BA95-53C59781FB5A}: "URL" = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{F72B4A0F-F740-4E1C-842B-48145C388209}: "URL" = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\SearchScopes\{F7E29EF4-E9FD-40F1-923C-5C40A5A3F888}: "URL" = hxxp://www.youtube.de/results?search_query={searchTerms} IE - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/30 13:03:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013/03/17 09:11:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ytfmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013/03/17 09:11:42 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/03/23 17:29:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000..\Run: [HP Officejet 6500 E710a-f (NET)] C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [SpybotDeletingE4392] C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe (Safer-Networking Ltd.) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Program Files\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2637316431-523064892-2508072546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2637316431-523064892-2508072546-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/23 17:30:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/03/23 17:30:37 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/03/23 17:30:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013/03/23 17:21:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/03/23 17:21:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/03/23 17:21:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/03/23 17:21:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/03/23 17:21:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/03/23 13:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/03/23 10:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013/03/23 10:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013/03/23 01:53:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013/03/23 01:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/23 01:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/23 01:53:15 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/03/23 01:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/03/17 09:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2013/03/17 09:11:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2013/03/17 09:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013/03/15 10:51:04 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/03/15 10:51:04 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/03/15 10:51:04 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013/03/15 10:51:04 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013/03/15 10:51:04 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/03/15 10:51:04 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/03/15 10:51:04 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/03/15 10:51:04 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/03/15 10:51:04 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013/03/15 10:51:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013/03/15 10:51:04 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013/03/15 10:51:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013/03/15 10:51:04 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013/03/15 10:51:04 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013/03/15 10:51:04 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013/03/15 10:51:04 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/03/15 10:51:04 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/03/15 10:51:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013/03/15 10:51:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/03/15 10:51:04 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013/03/15 10:51:04 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013/03/15 10:51:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/03/15 10:51:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013/03/15 10:51:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013/03/15 10:51:04 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/03/15 10:51:04 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/03/15 10:51:04 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013/03/15 10:51:04 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013/03/15 10:51:03 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/03/15 10:51:03 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013/03/15 10:51:03 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/03/15 10:51:03 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/03/15 10:51:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/03/15 10:51:03 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/03/15 10:51:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/03/15 10:51:03 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/03/15 10:48:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013/03/03 14:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2013/02/27 17:51:19 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013/02/27 17:51:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013/02/27 17:51:04 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013/02/27 17:51:04 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 17:51:04 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 17:51:04 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 17:51:03 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013/02/27 17:51:03 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 17:51:03 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 17:51:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 17:51:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 17:51:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 17:51:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 17:51:02 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013/02/27 17:51:02 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013/02/27 17:51:02 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013/02/27 17:51:02 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013/02/27 17:51:02 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013/02/27 17:51:02 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013/02/27 17:51:02 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013/02/27 17:51:02 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013/02/27 17:51:02 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013/02/27 17:51:02 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013/02/27 17:51:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013/02/27 17:51:01 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013/02/26 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ProcAlyzer Dumps [2013/02/26 13:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/02/26 13:35:45 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013/02/26 13:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/02/26 13:21:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013/03/23 17:33:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/23 17:32:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/23 17:32:40 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2013/03/23 17:29:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/03/23 17:24:00 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/23 17:24:00 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/23 17:17:37 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/23 17:17:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/23 15:10:19 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013/03/23 01:53:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/17 10:14:18 | 000,000,900 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2013/03/17 09:11:43 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2013/03/16 10:58:01 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/03/16 10:58:01 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/03/16 10:58:01 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/03/16 10:58:01 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/03/15 12:45:42 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/03/15 12:45:42 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/03/15 12:43:45 | 000,001,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6500 E710a-f (Netzwerk).lnk [2013/03/15 10:51:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/03/15 10:51:04 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/03/15 10:51:04 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013/03/15 10:51:04 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013/03/15 10:51:04 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013/03/15 10:51:04 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/03/15 10:51:04 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/03/15 10:51:04 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013/03/15 10:51:04 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013/03/15 10:51:04 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013/03/15 10:51:04 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013/03/15 10:51:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013/03/15 10:51:04 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013/03/15 10:51:04 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013/03/15 10:51:04 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013/03/15 10:51:04 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/03/15 10:51:04 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013/03/15 10:51:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013/03/15 10:51:04 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/03/15 10:51:04 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013/03/15 10:51:04 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013/03/15 10:51:04 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/03/15 10:51:04 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013/03/15 10:51:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013/03/15 10:51:04 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013/03/15 10:51:04 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/03/15 10:51:04 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013/03/15 10:51:04 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013/03/15 10:51:03 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/03/15 10:51:03 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013/03/15 10:51:03 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013/03/15 10:51:03 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/03/15 10:51:03 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/03/15 10:51:03 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/03/15 10:51:03 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/03/15 10:51:03 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013/03/15 10:51:03 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013/03/15 10:18:10 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/26 13:35:49 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk ========== Files Created - No Company Name ========== [2013/03/23 17:21:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/03/23 17:21:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/03/23 17:21:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/03/23 17:21:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/03/23 17:21:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/03/23 15:10:19 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013/03/23 01:53:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/17 09:11:43 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk [2013/03/15 10:51:03 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013/02/26 13:35:49 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/02/26 13:35:49 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012/11/23 23:33:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2011/08/27 15:34:27 | 000,077,824 | ---- | C] () -- C:\Windows\System32\iOpusSEA.dll [2011/05/29 09:25:16 | 000,000,029 | ---- | C] () -- C:\Windows\CAI.INI [2011/05/27 15:55:52 | 000,000,102 | ---- | C] () -- C:\Windows\bmwetksa.ini [2011/05/27 15:54:12 | 000,000,391 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011/05/27 15:51:51 | 000,000,115 | ---- | C] () -- C:\Windows\bmwhtk.ini [2011/05/27 15:51:47 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI [2011/03/27 17:57:45 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011/02/28 00:13:41 | 000,007,597 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011/02/01 14:28:24 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > ][/CODE] UFF! Ich hoffe ich habe mit dieser "Extra" Logdatei nichts falsch gemacht Viele Grüße vom Grosserdummi |
|
23.03.2013, 18:03
| #7 | |
| /// TB-Ausbilder | BDS/ZeroAccess.Gen Noch infiziert? Hallo, Zitat:
Weiter: Schritt 1 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers. Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
23.03.2013, 22:13
| #8 |
| | BDS/ZeroAccess.Gen Noch infiziert? Lieber Leo, es ist spät geworden. Vielen dank soweit: Hier das Antivir logfile: Code:
ATTFilter
Avira Internet Security
Erstellungsdatum der Reportdatei: Freitag, 22. März 2013 18:02
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : ***
Seriennummer : 2224757817-ISECE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ***
Versionsinformationen:
BUILD.DAT : 13.0.0.3185 56198 Bytes 30.01.2013 10:04:00
AVSCAN.EXE : 13.6.0.584 640224 Bytes 12.02.2013 22:24:11
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 12.12.2012 08:07:49
LUKE.DLL : 13.6.0.602 67808 Bytes 12.02.2013 22:24:40
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 15:22:34
AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 15:22:34
avlode.dll : 13.6.2.624 434912 Bytes 05.02.2013 13:08:19
avlode.rdf : 13.0.0.44 15591 Bytes 20.03.2013 11:12:05
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 08:49:40
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 08:49:40
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 08:49:40
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 12:42:45
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 06:42:51
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 11:45:10
VBASE008.VDF : 7.11.65.172 9122816 Bytes 21.03.2013 14:20:58
VBASE009.VDF : 7.11.65.173 2048 Bytes 21.03.2013 14:20:58
VBASE010.VDF : 7.11.65.174 2048 Bytes 21.03.2013 14:20:58
VBASE011.VDF : 7.11.65.175 2048 Bytes 21.03.2013 14:20:58
VBASE012.VDF : 7.11.65.176 2048 Bytes 21.03.2013 14:20:58
VBASE013.VDF : 7.11.66.48 120832 Bytes 22.03.2013 14:20:58
VBASE014.VDF : 7.11.66.49 2048 Bytes 22.03.2013 14:20:59
VBASE015.VDF : 7.11.66.50 2048 Bytes 22.03.2013 14:20:59
VBASE016.VDF : 7.11.66.51 2048 Bytes 22.03.2013 14:20:59
VBASE017.VDF : 7.11.66.52 2048 Bytes 22.03.2013 14:20:59
VBASE018.VDF : 7.11.66.53 2048 Bytes 22.03.2013 14:20:59
VBASE019.VDF : 7.11.66.54 2048 Bytes 22.03.2013 14:20:59
VBASE020.VDF : 7.11.66.55 2048 Bytes 22.03.2013 14:20:59
VBASE021.VDF : 7.11.66.56 2048 Bytes 22.03.2013 14:20:59
VBASE022.VDF : 7.11.66.57 2048 Bytes 22.03.2013 14:20:59
VBASE023.VDF : 7.11.66.58 2048 Bytes 22.03.2013 14:20:59
VBASE024.VDF : 7.11.66.59 2048 Bytes 22.03.2013 14:20:59
VBASE025.VDF : 7.11.66.60 2048 Bytes 22.03.2013 14:20:59
VBASE026.VDF : 7.11.66.61 2048 Bytes 22.03.2013 14:20:59
VBASE027.VDF : 7.11.66.62 2048 Bytes 22.03.2013 14:21:00
VBASE028.VDF : 7.11.66.63 2048 Bytes 22.03.2013 14:21:00
VBASE029.VDF : 7.11.66.64 2048 Bytes 22.03.2013 14:21:00
VBASE030.VDF : 7.11.66.65 2048 Bytes 22.03.2013 14:21:00
VBASE031.VDF : 7.11.66.106 23552 Bytes 22.03.2013 16:20:53
Engineversion : 8.2.12.18
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 16:42:25
AESCRIPT.DLL : 8.1.4.100 475517 Bytes 22.03.2013 14:21:08
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 16:03:57
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 18:42:34
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 15:11:16
AEPACK.DLL : 8.3.2.2 827767 Bytes 15.03.2013 08:59:26
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 15:14:18
AEHEUR.DLL : 8.1.4.258 5853561 Bytes 22.03.2013 14:21:07
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 14:44:18
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 17:15:59
AEEXP.DLL : 8.4.0.14 192886 Bytes 22.03.2013 14:21:08
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 16:42:23
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 14:42:09
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 13:44:42
AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 22:23:59
AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 22:24:10
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 13:08:18
AVARKT.DLL : 13.6.0.624 260832 Bytes 12.02.2013 22:24:01
AVEVTLOG.DLL : 13.6.0.600 167648 Bytes 12.02.2013 22:24:05
SQLITE3.DLL : 3.7.0.1 397088 Bytes 29.11.2012 20:44:44
AVSMTP.DLL : 13.6.0.480 63344 Bytes 12.02.2013 22:24:12
NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 22:24:40
RCIMAGE.DLL : 13.4.0.360 5154080 Bytes 12.12.2012 08:07:39
RCTEXT.DLL : 13.6.0.480 68976 Bytes 12.02.2013 22:23:59
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_514c8e4f\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660, +Windows Imaging File (WIM),
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Beginn des Suchlaufs: Freitag, 22. März 2013 18:02
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskhost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'AllShareDMS.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'DslMgrSvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '164' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '168' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'CaptureLibService.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'avfwsvc.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\$RECYCLE.BIN\S-1-5-21-2637316431-523064892-2508072546-1001\$ae7e67617e7c5b1b52d261d8b63523d2\n'
C:\$RECYCLE.BIN\S-1-5-21-2637316431-523064892-2508072546-1001\$ae7e67617e7c5b1b52d261d8b63523d2\n
[FUND] Enthält ein Erkennungsmuster des (gefährlichen) Backdoorprogrammes BDS/ZeroAccess.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '58030f16.qua' verschoben!
Ende des Suchlaufs: Freitag, 22. März 2013 18:10
Benötigte Zeit: 07:58 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
860 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
859 Dateien ohne Befall
2 Archive wurden durchsucht
0 Warnungen
1 Hinweise
116206 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
Account is Administrative
Internet Explorer version: 10.0.9200.16521
Java version: 1.6.0_37
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 3211907072, free: 1919545344
------------ Kernel report ------------
03/23/2013 21:29:27
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avfwot.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\dslmnlwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\avfwim.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\teamviewervpn.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\drivers\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\umpass.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff88c0f560
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xffffffff88b468d0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff88c0fac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xffffffff88a13378
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff88a13ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xffffffff88a149c0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff87e10030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff862cd028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.23.10
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff87e10030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87e0f280, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87e10030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff862cd028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffd0b013c0, 0xffffffff87e10030, 0xffffffff85af54d0
Lower DeviceData: 0xffffffffc154ae00, 0xffffffff862cd028, 0xffffffff85d2b910
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BD2C32A
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 2844084224
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2844291072 Numsec = 83886080
Partition 3 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 2928177152 Numsec = 2097968
Disk Size: 1500301910016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-2930257168-2930277168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff88a13ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88a14020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88a13ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88a149c0, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff88c0fac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88b465b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88c0fac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88a13378, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff88c0f560, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88a137a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88c0f560, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88b468d0, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Hoffe die Wahrscheinlichkeit, daß das Biest nichts mehr tut ist groß ???? Vielen Dank vom Grosserdummie |
|
23.03.2013, 22:28
| #9 |
| /// TB-Ausbilder | BDS/ZeroAccess.Gen Noch infiziert? Hallo, wie läuft der Rechner jetzt? Schritt 1
Code:
ATTFilter :commands
[emptytemp]
Schritt 2
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
24.03.2013, 01:28
| #10 |
| | BDS/ZeroAccess.Gen Noch infiziert? Guten Morgen Leo, hat etwas gedauert : hier die logfiles Code:
ATTFilter All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ***
->Temp folder emptied: 741552 bytes
->Temporary Internet Files folder emptied: 46133568 bytes
->Java cache emptied: 38847143 bytes
->Google Chrome cache emptied: 38206323 bytes
->Flash cache emptied: 42630 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4289 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 9846651 bytes
->Java cache emptied: 1880 bytes
->Google Chrome cache emptied: 49213377 bytes
->Flash cache emptied: 58121 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14060 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 175.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03232013_225445
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.23.11 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16521 HoerlA :: *** [Administrator] 23.03.2013 23:08:17 mbam-log-2013-03-23 (23-08-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 233039 Laufzeit: 4 Minute(n), 11 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=abe631d63d20f3489b48cc4ca45a4815
# engine=13471
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-24 12:10:10
# local_time=2013-03-24 01:10:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 61616136 115715001 0 0
# scanned=167195
# found=0
# cleaned=0
# scan_time=5647
Code:
ATTFilter Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.70.0.1100 CCleaner Java(TM) 6 Update 37 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date! Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 Google Chrome Plugins... ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Ich hoffe ich habe nichts vergessen Bis bald Grosserdummi |
|
24.03.2013, 01:47
| #11 |
| /// TB-Ausbilder | BDS/ZeroAccess.Gen Noch infiziert? Hallo, prima, mach unbedingt noch die Updates und dann räumen wir auf: Schritt 1 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 17.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Schritt 2 Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Schritt 3 Starte defogger und drücke den Button Re-enable. Schritt 4 Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme. Drücke bitte die  + R Taste, kopiere folgenden Text in das Ausführen FensterCode:
ATTFilter Combofix /Uninstall
Du kannst die eben deaktivierten Programme nun wieder einschalten. Schritt 5 Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen. Falls du ESET aber deinstallieren möchtest, dann: Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen FensterCode:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"
Schritt 6 Downloade dir bitte delfix auf deinen Desktop.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
24.03.2013, 01:57
| #12 |
| | BDS/ZeroAccess.Gen Noch infiziert? Hallo Leo, wann schläfst DU? Ich brauche Java für ein PPL-Flugschülerlehrprogramm (Peters Software): Das hat mit der aktuellen Javaversion nicht funktioniert. Was mach ich da nur? Adobe Acrobat Reader werde ich gleich updaten. Den Rest versuche ich auch abzuarbeiten. Hat den BDS/ZeroAccess.Gen eigentlich noch etwas angestellt oder hat die Antivir-Quarantäne gewirkt? Viele Grüße Grossrdummi |
|
24.03.2013, 02:01
| #13 |
| /// TB-Ausbilder | BDS/ZeroAccess.Gen Noch infiziert? Hallo, ich schlafe nie. Dann deaktiviere wenigstens das Java-Plugin im Browser. Hier sind die Anleitungen für die verschiedenen Browser. Deine Infektion sollte erwischt worden sein. Gib mir bitte noch eine kurze Rückmeldung, sobald alles erledigt ist.
__________________ cheers, Leo |
|
24.03.2013, 02:13
| #14 |
| | BDS/ZeroAccess.Gen Noch infiziert? Nie schlafen ? Wie geht denn das? Die Anleitung für das Ausschalten des Java-Plugin geht erst ab Version 7. Ich hab es im Browser direkt unter Extras add-ons deaktiviert. Gilt das auch Gute Nacht Grosserdummi |
|
24.03.2013, 02:34
| #15 |
| /// TB-Ausbilder | BDS/ZeroAccess.Gen Noch infiziert? Ja das ist auch ok. Gute Nacht.
__________________ cheers, Leo |
|
| Themen zu BDS/ZeroAccess.Gen Noch infiziert? |
| anfänger, antworten, aufsetzen, avast, deinstalliert, foren, forum, gefährlich, hoffe, infektion, infiziert, infiziert?, laufen, natürlich, neu, neu aufsetzen, nichts, quarantäne, rechner, regeln, richtig, system, verschoben, versteckte, versuche, worte |
Textbox.
Linear-Darstellung
