Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Skype virus

Skype virus


Log-Analyse und Auswertung: Skype virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 5 1 2 34 Letzte »
Alt 22.05.2013, 13:24   #16
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus


Gut, dann bitte ein frisches OTL-Log:


Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
dir /a/s/b "c:\Users\user\AppData\Roaming\*.exe" /c
  • Schliesse bitte alle anderen Programme.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von OTL
__________________
cheers,
Leo

Alt 22.05.2013, 13:27   #17
busa
 
Skype virus - Standard

Skype virus


frage wieder das otl so wie beim letzenmal oder?? weil nicht versteh mit der codebox die du da grade gepostet hast

Code:
ATTFilter
OTL logfile created on: 22.05.2013 14:30:22 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,80 Gb Available Physical Memory | 79,96% Memory free
12,00 Gb Paging File | 10,74 Gb Available in Paging File | 89,52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 33,58 Gb Free Space | 13,55% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 139,15 Gb Free Space | 20,36% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.21 23:18:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2013.05.13 13:55:30 | 004,001,376 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.22 10:25:22 | 002,648,184 | ---- | M] (Veoh Networks) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\1&1\IGDCTRL.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.21 15:48:28 | 000,910,336 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2011.06.20 15:37:16 | 010,836,992 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
MOD - [2011.06.20 13:52:20 | 001,283,584 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
MOD - [2011.06.20 13:32:40 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
MOD - [2011.06.20 13:21:50 | 007,994,880 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2011.06.20 13:04:56 | 002,233,344 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2011.05.26 11:38:06 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2011.05.26 11:38:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
MOD - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.20 15:47:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 23:26:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.13 13:56:02 | 002,245,232 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] () [Auto | Stopped] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.11.26 23:57:30 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.08 22:51:11 | 004,060,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\1&1\IGDCTRL.EXE -- (IGDCTRL)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.07 01:41:08 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.12 19:24:30 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 21 6F C1 D3 48 BE CC 01  [binary data]
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65&
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {c840e246-6b95-475e-9bd7-caa1c7eca9f2}:3.3.3.2
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.17 06:04:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.20 15:47:20 | 000,000,000 | ---D | M]
 
[2011.04.04 17:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013.05.09 17:26:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions
[2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.05.02 00:48:43 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com
[2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com
[2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com
[2013.04.06 14:31:31 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ich@maltegoetz.de
[2013.03.03 16:05:36 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.02.18 19:11:25 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\DivXWebPlayer@divx.com.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.05.09 17:26:54 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.01 17:56:56 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml
[2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml
[2013.05.21 20:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.20 15:47:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2013.05.22 12:32:36 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.cpl (C-Media Corporation)
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000..\Run: [VeohPlugin] C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-1910672903-869238230-1351456558-1003\..Trusted Domains: sony.com ([]* in )
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{146121C4-9E47-47CE-92FD-2A3FA28FCF31}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{240F4399-2BBA-4901-A0CF-CCE176646404}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,000,047 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.08.13 19:56:20 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - F:\autorun.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 13:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.22 13:25:29 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\mbar
[2013.05.22 12:38:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.22 12:32:41 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.22 12:20:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.22 01:23:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 01:23:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 01:23:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 01:22:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 01:22:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.22 01:08:38 | 005,068,564 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 23:54:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.05.21 23:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.05.21 23:44:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\otl.exe
[2013.05.20 15:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.14 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013.05.08 17:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rift Game
[2013.05.07 19:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Warframe
[2013.05.07 16:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect 3
[2013.05.07 16:57:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.05.07 14:38:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Origin
[2013.05.07 14:38:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.07 14:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.07 14:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.04.29 14:26:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Deardrops
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 14:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 13:52:46 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 13:52:46 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 13:46:04 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000UA.job
[2013.05.22 13:45:27 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 13:45:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 13:45:10 | 536,322,047 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 13:24:42 | 012,917,756 | ---- | M] () -- C:\Users\user\Desktop\mbar-1.05.0.1001.zip
[2013.05.22 13:12:15 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.22 12:45:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 12:32:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.22 01:08:43 | 005,068,564 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | M] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.21 11:46:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910672903-869238230-1351456558-1000Core.job
[2013.05.19 15:45:22 | 000,001,400 | ---- | M] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | M] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.16 12:23:28 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.16 02:54:56 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.16 02:54:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.16 02:54:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.16 02:54:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.16 02:54:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.07 17:28:12 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | M] () -- C:\Users\user\Desktop\Poker Night 2.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 13:24:37 | 012,917,756 | ---- | C] () -- C:\Users\user\Desktop\mbar-1.05.0.1001.zip
[2013.05.22 01:23:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 01:23:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 01:23:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 01:23:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 01:23:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.21 17:52:11 | 000,001,239 | ---- | C] () -- C:\Users\user\Documents\freundschaft.rtf
[2013.05.19 15:45:22 | 000,001,400 | ---- | C] () -- C:\Users\user\Documents\was ist liebe.rtf
[2013.05.17 18:20:04 | 000,000,219 | ---- | C] () -- C:\Users\user\Desktop\Dota 2.url
[2013.05.07 17:28:12 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Warframe.url
[2013.05.07 16:57:16 | 000,000,889 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2013.05.07 14:37:28 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.26 19:20:00 | 000,000,222 | ---- | C] () -- C:\Users\user\Desktop\Poker Night 2.url
[2013.04.11 14:13:59 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2013.03.04 16:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2013.03.04 16:04:33 | 000,000,392 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2013.03.04 16:03:35 | 000,002,853 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2013.03.04 16:03:35 | 000,001,652 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.05.03 23:20:01 | 000,000,263 | ---- | C] () -- C:\Users\user\ts.ini
[2012.04.16 17:23:41 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM108rm.dll
[2012.04.16 17:23:41 | 000,000,196 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2012.04.16 17:18:48 | 000,003,808 | R--- | C] () -- C:\Windows\Cm108.ini.cfg
[2012.04.16 17:18:48 | 000,000,685 | R--- | C] () -- C:\Windows\cm108.ini
[2012.03.11 18:56:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.09.05 15:23:15 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.25 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011.04.04 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo
[2012.04.22 20:49:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 05:50:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Downloaded Installations
[2011.08.31 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ijjigame
[2011.07.21 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lionhead Studios
[2012.08.22 03:48:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2013.05.21 22:47:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mumble
[2011.07.03 22:51:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Need for Speed World
[2012.11.07 01:41:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2013.05.22 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2011.11.25 03:49:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2013.05.08 18:44:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2013.02.11 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayCatanClient
[2013.05.22 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\RIFT
[2013.05.22 13:43:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2013.05.22 13:27:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TS3Client
[2012.08.14 15:42:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tunngle
[2013.04.21 00:54:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< dir /a/s/b "c:\Users\user\AppData\Roaming\*.exe" /c >
C:\USERS\USER\APPDATA\ROAMING\ijjigame\U_AVA_Setup.exe
C:\USERS\USER\APPDATA\ROAMING\Mozilla\Firefox\Profiles\5iobvw9n.default\extensions\battlefieldheroespatcher@ea.com\plugins\BFHUpdater.exe
C:\USERS\USER\APPDATA\ROAMING\OpenCandy\43B74CCAE6E44CF59C022E95C900B077\SnapDo.exe
C:\USERS\USER\APPDATA\ROAMING\OpenCandy\43B74CCAE6E44CF59C022E95C900B077\SnapDo_ALL_p1v4.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B

< End of report >
__________________
Alt 22.05.2013, 13:38   #18
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus


Du kopierst einfach den Text aus der Codebox und fügst in bei OTL in die Textbox ein. Und ansonsten machst du alles gleich wie beim letzten Mal.
__________________
__________________
Alt 22.05.2013, 13:39   #19
busa
 
Skype virus - Standard

Skype virus


hoffe ich hab es richtig gemacht^^

was ich fragen wollte wie und wann schalt ich mein antiviren programm wieder an weil das ja aus ist und ich es nicht anschalten wollte solang das hier ist aber wenn ich es anschalten will später muss ich ja admin sein laut mein rechner bin ich das auch aber wenn es nicht mehr satrtet was mach ich dann?

Alt 22.05.2013, 16:37   #20
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus


Ich versteh nicht ganz, was du meinst, aber du kannst das Antivirenprogramm wieder einschalten.
Wo ist das neue OTL-Log?

__________________
cheers,
Leo

Alt 22.05.2013, 16:38   #21
busa
 
Skype virus - Standard

Skype virus


der ist oben über deine eine nachricht

mein antiviren programm geht irgendwie nicht mehr sag es mir ich kann es nicht starten oder deinstallieren angeblich hab ich keine berechtigung obwohl ich als admin drin bin

Alt 22.05.2013, 16:50   #22
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus


Ah entschuldige, hab ich irgendwie übersehen.

Dann mach bitte das:


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-1910672903-869238230-1351456558-1000\..\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=kw&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYDE&apn_uid=eea0f859-9c06-4c46-81b5-4cc478ed2975&apn_sauid=A0AF48CB-1D74-4724-93B4-A2EBF8529B65&
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q="
[2013.02.10 22:27:26 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.04.28 20:25:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com
[2012.01.14 02:31:43 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2011.11.08 20:14:12 | 000,002,401 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml
[2012.11.07 19:09:35 | 000,002,399 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml

:files
C:\USERS\USER\APPDATA\ROAMING\OpenCandy
C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}

:commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.





Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von FSS
__________________
cheers,
Leo

Alt 22.05.2013, 16:53   #23
busa
 
Skype virus - Standard

Skype virus


Code:
ATTFilter
Farbar Service Scanner Version: 14-04-2013
Ran by user (administrator) on 22-05-2013 at 17:53:01
Running from "C:\Users\user\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-14 01:54] - [2009-07-14 03:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Alt 22.05.2013, 16:57   #24
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus


Ah ja, ich seh wohl, wo da das Problem liegt..
Mach bitte noch den Schritt 1 von obigem Post.
__________________
cheers,
Leo

Alt 22.05.2013, 17:01   #25
busa
 
Skype virus - Standard

Skype virus


Code:
ATTFilter
========== OTL ==========
HKU\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1910672903-869238230-1351456558-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C2BA577E-794F-4244-A91A-A5C8BC05F996}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2BA577E-794F-4244-A91A-A5C8BC05F996}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: helperbar@helperbar.com:1.0 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=a68e778c-159d-4906-a6f7-c2ab97f70e13&searchtype=ds&q=" removed from keyword.URL
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\Plugins folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\modules folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\5iobvw9n.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\askcom.xml moved successfully.
C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\5iobvw9n.default\searchplugins\Web Search.xml moved successfully.
========== FILES ==========
C:\USERS\USER\APPDATA\ROAMING\OpenCandy\43B74CCAE6E44CF59C022E95C900B077 folder moved successfully.
C:\USERS\USER\APPDATA\ROAMING\OpenCandy folder moved successfully.
C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\U folder moved successfully.
C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc}\L folder moved successfully.
C:\Users\user\AppData\Local\{8ab8f03f-4ceb-d326-fcd6-5d482b32d9fc} folder moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 05222013_175942

Alt 22.05.2013, 17:07   #26
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus


  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
%SystemDrive%\*. /RP /s
  • Schliesse bitte alle anderen Programme.
  • Klicke nun auf None (deutsch "None") und danach auf den Scan Button.
  • Kopiere danach den Inhalt der OTL.txt hier in deinen Thread.
__________________
cheers,
Leo

Alt 22.05.2013, 17:19   #27
busa
 
Skype virus - Standard

Skype virus


Code:
ATTFilter
OTL logfile created on: 22.05.2013 18:09:17 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,51 Gb Available Physical Memory | 75,11% Memory free
12,00 Gb Paging File | 10,50 Gb Available in Paging File | 87,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 247,82 Gb Total Space | 33,12 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
Drive D: | 683,59 Gb Total Space | 139,15 Gb Free Space | 20,36% Space Free | Partition Type: NTFS
Drive F: | 5,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
< %SystemDrive%\*. /RP /s >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Documents and Settings] -> C:\Users -> Junction
[C:\Dokumente und Einstellungen] -> C:\Users -> Junction
[C:\Program Files\Gemeinsame Dateien] -> C:\Program Files\Common Files -> Junction
[C:\Program Files\Microsoft Security Client\Backup] ->  -> Unknown point type
[C:\Program Files\Microsoft Security Client\de-de] ->  -> Unknown point type
[C:\Program Files\Microsoft Security Client\Drivers] ->  -> Unknown point type
[C:\Program Files\Microsoft Security Client\en-us] ->  -> Unknown point type
[C:\Program Files\Windows Defender\de-DE] ->  -> Unknown point type
[C:\Program Files\Windows NT\Zubehör] -> C:\Program Files\Windows NT\Accessories -> Junction
[C:\ProgramData\Anwendungsdaten] -> C:\ProgramData -> Junction
[C:\ProgramData\Application Data] -> C:\ProgramData -> Junction
[C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Dokumente] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Favoriten] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Microsoft\Windows\Start Menu\Programme] -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Startmenü] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\ProgramData\Vorlagen] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Programme] -> C:\Program Files -> Junction
[C:\Users\All Users\Anwendungsdaten] -> C:\ProgramData -> Junction
[C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction
[C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Dokumente] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Favoriten] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Microsoft\Windows\Start Menu\Programme] -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Startmenü] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users\Vorlagen] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users] ->  -> Unknown point type
[C:\Users\Default User] -> C:\Users\Default -> Junction
[C:\Users\Default\Anwendungsdaten] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\AppData\Local\Anwendungsdaten] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Default\AppData\Local\Verlauf] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\Documents\Eigene Bilder] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\Eigene Musik] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\Eigene Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Druckumgebung] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Eigene Dateien] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\Lokale Einstellungen] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\Netzwerkumgebung] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Startmenü] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Default\Vorlagen] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Public\Documents\Eigene Bilder] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\Eigene Musik] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\Eigene Videos] -> C:\Users\Public\Videos -> Junction
[C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction
[C:\Users\UpdatusUser\Anwendungsdaten] -> C:\Users\UpdatusUser\AppData\Roaming -> Junction
[C:\Users\UpdatusUser\AppData\Local\Anwendungsdaten] -> C:\Users\UpdatusUser\AppData\Local -> Junction
[C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files] -> C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\UpdatusUser\AppData\Local\Verlauf] -> C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\UpdatusUser\Cookies] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\UpdatusUser\Documents\Eigene Bilder] -> C:\Users\UpdatusUser\Pictures -> Junction
[C:\Users\UpdatusUser\Documents\Eigene Musik] -> C:\Users\UpdatusUser\Music -> Junction
[C:\Users\UpdatusUser\Documents\Eigene Videos] -> C:\Users\UpdatusUser\Videos -> Junction
[C:\Users\UpdatusUser\Druckumgebung] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\UpdatusUser\Eigene Dateien] -> C:\Users\UpdatusUser\Documents -> Junction
[C:\Users\UpdatusUser\Lokale Einstellungen] -> C:\Users\UpdatusUser\AppData\Local -> Junction
[C:\Users\UpdatusUser\Netzwerkumgebung] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\UpdatusUser\Recent] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\UpdatusUser\SendTo] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\UpdatusUser\Startmenü] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\UpdatusUser\Vorlagen] -> C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\user\Anwendungsdaten] -> C:\Users\user\AppData\Roaming -> Junction
[C:\Users\user\AppData\Local\Anwendungsdaten] -> C:\Users\user\AppData\Local -> Junction
[C:\Users\user\AppData\Local\Temporary Internet Files] -> C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\user\AppData\Local\Verlauf] -> C:\Users\user\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Users\user\Cookies] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\user\Documents\Eigene Bilder] -> C:\Users\user\Pictures -> Junction
[C:\Users\user\Documents\Eigene Musik] -> C:\Users\user\Music -> Junction
[C:\Users\user\Documents\Eigene Videos] -> C:\Users\user\Videos -> Junction
[C:\Users\user\Druckumgebung] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\user\Eigene Dateien] -> C:\Users\user\Documents -> Junction
[C:\Users\user\Lokale Einstellungen] -> C:\Users\user\AppData\Local -> Junction
[C:\Users\user\Netzwerkumgebung] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\user\Recent] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\user\SendTo] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\user\Startmenü] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\user\Vorlagen] -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\System32\config\systemprofile\Anwendungsdaten] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Anwendungsdaten] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Verlauf] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Eigene Bilder] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Eigene Musik] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\Eigene Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Druckumgebung] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Eigene Dateien] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\Lokale Einstellungen] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\Netzwerkumgebung] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Vorlagen] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Anwendungsdaten] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Anwendungsdaten] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Verlauf] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programme] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\Eigene Bilder] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\Eigene Musik] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\Eigene Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Druckumgebung] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Eigene Dateien] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Lokale Einstellungen] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Netzwerkumgebung] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Startmenü] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Vorlagen] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Users\All Users\TEMP:F63A059B
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:F63A059B

< End of report >

Alt 22.05.2013, 17:33   #28
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus


Ok, weiter:


Schritt 1

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen Desktop.

Drücke die + R Taste und schreibe "notepad" in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
Code:
ATTFilter
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt ebenfalls auf deinen Desktop neben FRST.
  • Starte nun FRST64.exe und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt. Poste mir deren Inhalt.
  • Starte danach den Rechner neu auf.



Schritt 2

Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.





Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Log von FSS
__________________
cheers,
Leo

Alt 22.05.2013, 17:46   #29
busa
 
Skype virus - Standard

Skype virus


schritt 1 geht irgendwie nicht hab es gespeichert aber wenn ich bei frst64 auf fix geh sagt er mir erfindet nix

Alt 22.05.2013, 18:02   #30
aharonov
/// TB-Ausbilder
 
Skype virus - Standard

Skype virus


Heisst das Textfile, das du mit dem Skript gespeichert hast, wirklich Fixlist.txt (und nicht Fixlist.txt.txt oder so) und befindet sich auf dem Desktop direkt neben der frst64.exe?
__________________
cheers,
Leo

Antwort
Seite 2 von 5 1 2 34 Letzte »

Themen zu Skype virus
angst, fehler, gelöst, geworfen, heute, kriege, link, meldung, probiert, problem, rechner, sache, skype, skype virus, virus, wissen, öffnen


« GVU Trojaner Sperrbildschirm | PC Langsam, svchost.exe prozess hat großen Umfang »


Ähnliche Themen: Skype virus


  1. Skype Virus "Your skype does not support extended icons"
    Log-Analyse und Auswertung - 10.10.2014 (15)
  2. Skype Zertifikat Problem a248.e.akamai.net wegen Werbung in Skype?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (3)
  3. Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (4)
  4. Skype virus
    Plagegeister aller Art und deren Bekämpfung - 17.09.2013 (11)
  5. Skype Virus
    Alles rund um Mac OSX & Linux - 27.06.2013 (8)
  6. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (69)
  7. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 22.05.2013 (11)
  8. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (3)
  9. Probleme mit Skype, Dev-C ++ und Internet, z.B. friert der Bildschirm während der Benutzung von Skype ein
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (17)
  10. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  11. TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe
    Log-Analyse und Auswertung - 27.02.2013 (15)
  12. Avira meldet: 'TR/Crypt.ZPACK.Gen2' [trojan] in der Datei 'C:\Program Files\Skype\Phone\Skype.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  13. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (8)
  14. Virus in Skype
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  15. TR/Crypt.ZPACK.Gen2 in C:\Program Files\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  16. TR/Crypt.ZPACK.Gen2 - in Programme/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (9)
  17. TR/Crypt.XPACK.Gen in C:\Programme\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Skype virus - Gut, dann bitte ein frisches OTL-Log: Schritt 1 Starte bitte die OTL.exe . Kopiere nun den Inhalt aus der Codebox in die Textbox. Code: Alles auswählen Aufklappen ATTFilter dir /a/s/b - Skype virus...
Archiv
Du betrachtest: Skype virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19