|
Log-Analyse und Auswertung: Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy'Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.05.2013, 17:35 | #1 |
| Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' Hallo, ich habe heute beim Onlinebanking die Aufforderung bekommen alle meine TAN Nummern einzugeben, daraufhin habe ich mein Konto sperren lassen und einen Avira scan durchgeführt, der mehrere Dateien in Quarantäne verschoben hat. 1. Die Datei 'C:\Users\***\AppData\Local\Temp\tmpebc9744b\37.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgjy' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e5d5957.qua' verschoben! 2. Die Datei 'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\1a33e6d6-27145a5b' enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dldr.Konstr.F' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56cf7706.qua' verschoben! 3. Die Datei 'C:\Users\***\AppData\Local\Temp\tmpd579ec59\53.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgtk' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c0203bb.qua' verschoben! 4. Die Datei 'C:\Users\***\AppData\Local\Temp\tmpc8db2e25\70.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Agent.65536.24' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7a354c7a.qua' verschoben! 5. Die Datei 'C:\Users\J***\AppData\Roaming\ie_util.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgtk' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5cc5374f.qua' verschoben! Der Registrierungseintrag <HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IExplorer Util> wurde erfolgreich repariert. 6. In der Datei 'C:\Users\***\AppData\Roaming\ie_util.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Ransom.Blocker.bgtk' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Ich habe auch schon OTL parallel laufen lassen und es wurde folgende Dateien erstellt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.05.2013 15:06:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jenny\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 34,98% Memory free 6,18 Gb Paging File | 4,35 Gb Available in Paging File | 70,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 37,56 Gb Free Space | 26,07% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 46,93 Gb Free Space | 32,59% Space Free | Partition Type: NTFS Drive F: | 14,55 Gb Total Space | 13,30 Gb Free Space | 91,39% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: Jenny_2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jenny\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Jenny\AppData\Local\Temp\decleaner\decleaner\setup\deCleaner.exe (Avira GmbH) PRC - C:\Users\Jenny\AppData\Local\Temp\decleaner\decleaner\setup\avscan.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) PRC - C:\Programme\GfKLSPService\GfKLspService.exe (GfK) PRC - C:\Programme\GfKLSPService\GfK-WatchDog.exe () PRC - C:\Programme\GfK Internet-Monitor 2.0\GfK-Reporting.exe () PRC - C:\Programme\GfK Internet-Monitor 2.0\GfK-Updater.exe () PRC - C:\Users\Jenny\AppData\Local\Temp\decleaner\avwebloader.exe (Avira GmbH) PRC - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe () PRC - C:\Programme\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics) PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) PRC - C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll () MOD - C:\Programme\GfKLSPService\GfK-WatchDog.exe () MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll () MOD - C:\ProgramData\Activ Software\ActivApplications\ActivFocusHook.dll () MOD - C:\Users\Jenny\AppData\Local\Temp\decleaner\scewxmlw.dll () MOD - C:\Windows\libactivboardex.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtXml4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtGui4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtNetwork4.dll () MOD - C:\Programme\Activ Software\ActivDriver\QtCore4.dll () MOD - C:\Programme\Activ Software\ActivDriver\ActivMgr.exe () MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (GfkLSPService) -- C:\Programme\GfKLSPService\GfKLspService.exe (GfK) SRV - (GfK-Reporting-Service) -- C:\Programme\GfK Internet-Monitor 2.0\GfK-Reporting.exe () SRV - (GfK-Update-Service) -- C:\Programme\GfK Internet-Monitor 2.0\GfK-Updater.exe () SRV - (Sony SCSI Helper Service) -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Samsung Update Plus) -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ssudmdm) -- system32\DRIVERS\ssudmdm.sys File not found DRV - (pccsmcfd) -- system32\DRIVERS\pccsmcfd.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (dg_ssudbus) -- system32\DRIVERS\ssudbus.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (prmvmouse) -- C:\Windows\System32\drivers\activmouse.sys (Promethean Technologies Ltd) DRV - (ACTIVhidmini) -- C:\Windows\System32\drivers\ACTIVhidmini.sys (Promethean Technologies Ltd) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.251.160.77:80 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.251.160.77:80 IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\SearchScopes\{40946376-3BB8-41B5-B624-0C382256B44B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPTB_deDE302 IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 213.251.160.77:80 IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\InprocServer32 File not found IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\SearchScopes\{04AAAA96-6964-442B-AF85-5B3F39AC3B29}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms} IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPTB_deDE302 IE - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gacela2@nurago.com: C:\Program Files\GfK Internet-Monitor 2.0\ [2013.05.28 14:48:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.28 09:40:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.28 09:40:15 | 000,000,000 | ---D | M] [2009.03.30 12:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny_2\AppData\Roaming\mozilla\Extensions [2013.05.28 09:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.05.28 09:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.28 09:40:27 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.28 09:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2013.05.28 09:40:12 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Gacela Plugin (Enabled) = C:\Users\Jenny_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\11.2.503_0\plugin/npgacela.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: GfK Internet-Monitor = C:\Users\Jenny_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\11.3.57_0\ CHR - Extension: GfK Internet-Monitor = C:\Users\Jenny_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef\12.1.59_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Jenny_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (GfK Internet-Monitor) - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\GfK Internet-Monitor 2.0\Gacela2.dll (GfK) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ActivControl] C:\Programme\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found O4 - HKLM..\Run: [GfK-WatchDog] C:\Program Files\GfKLSPService\GfK-WatchDog.exe () O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\Hewlett-Packard\HP UT\bin\hppusg.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.) O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [CyberGhost VPN] "C:\Program Files\S.A.D\CyberGhost VPN\CGStarter.exe" /autostart File not found O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [IExplorer Util] C:\Users\Jenny\AppData\Roaming\ie_util.exe (Sysinternals - www.sysinternals.com) O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray File not found O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [Vuadmytiow] C:\Users\Jenny\AppData\Roaming\Ifexv\ziupt.exe (Sysinternals - www.sysinternals.com) O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" File not found O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1005..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [!iLividOnce] C:\Users\Jenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0VUGXU70\iLividSetupV1.exe File not found O4 - HKLM..\RunOnce: [awde7zip19498] "C:\Users\Jenny_2\AppData\Local\Temp\BI_RunOnce.exe" /affid "awde7zip19498" /id "7zip" /name "7 Zip for Vista - 7-Zip" File not found O4 - HKLM..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Jenny_2\AppData\Local\Temp\nro.tmp\" File not found O4 - HKLM..\RunOnce: [ControlLSP] C:\Program Files\GfKLSPService\ControlLSP.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found O4 - HKLM..\RunOnce: [SymInstallStub] C:\ProgramData\DivX\Symantec\SymInstallStub.exe (Symantec Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Über GfK Internet-Monitor - {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - C:\Programme\GfK Internet-Monitor 2.0\Gacela2.dll (GfK) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\GfKLSPService.DLL (GfK) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\GfKLSPService.DLL (GfK) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\GfKLSPService.DLL (GfK) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\GfKLSPService.DLL (GfK) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\GfKLSPService.DLL (GfK) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003\..Trusted Domains: neue-schulen-potsdam.de ([mail] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C275ECA8-A5C7-450E-A83E-C8D0C15433BB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F492D0D3-0EB9-4339-8F6F-E48A0AA3F04E}: DhcpNameServer = 10.16.1.1 10.16.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.28 09:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.05.15 20:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc [2013.05.15 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\Jenny_2\AppData\Local\Sony Corporation [2013.05.15 20:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2013.05.15 13:05:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.15 12:57:35 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.05.15 12:57:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.05.15 12:57:35 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.05.15 12:57:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.05.15 12:57:34 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.05.15 12:57:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.05.15 12:57:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.05.15 12:19:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013.05.15 12:19:30 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys ========== Files - Modified Within 30 Days ========== [2013.05.28 15:15:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F949FDF0-DB18-43FD-B7DA-0A72B46A814B}.job [2013.05.28 14:46:48 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.28 14:46:48 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.28 14:46:48 | 000,150,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.28 14:46:48 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.28 14:42:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.28 14:25:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.28 14:17:09 | 000,004,912 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 14:17:09 | 000,004,912 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 14:11:01 | 000,431,027 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013.05.28 14:11:01 | 000,431,027 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.05.28 14:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.28 12:25:42 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.28 12:16:47 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys [2013.05.28 12:15:47 | 000,002,247 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.16 11:53:06 | 003,910,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.15 20:58:07 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2013.05.15 12:11:08 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.15 12:11:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.05 21:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe ========== Files Created - No Company Name ========== [2013.05.15 20:58:07 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk [2013.04.18 21:11:04 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2013.04.18 21:11:04 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2012.11.28 15:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.11.28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.11.28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.11.28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.11.28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.08.31 10:48:40 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ml347pl3.dll [2009.04.14 07:12:00 | 000,014,848 | ---- | C] () -- C:\Users\Jenny_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.03.30 08:46:30 | 000,000,047 | ---- | C] () -- C:\Program Files\autorun.inf [2008.06.24 08:09:24 | 000,431,027 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.24 08:09:21 | 000,431,027 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.01.24 12:31:40 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ACTIV Software [2012.11.06 17:16:42 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2009.03.25 22:13:00 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\EPSON [2013.05.22 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ifexv [2013.05.22 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ovis [2012.11.06 18:50:10 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PDAppFlex [2012.01.20 14:52:59 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PeerNetworking [2009.06.27 22:11:05 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PIXELA [2012.01.24 15:58:56 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Promethean [2012.12.22 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Samsung [2009.04.22 13:14:20 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SCHLECKERFotobuch [2013.05.28 15:26:08 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Xiit [2012.01.23 13:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\ACTIV Software [2009.12.07 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\Cornelsen [2009.09.14 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\FMZilla [2010.09.01 08:08:22 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\FreeFLVConverter [2010.09.21 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\Leadertech [2012.01.23 21:32:39 | 000,000,000 | ---D | M] -- C:\Users\Jenny_2\AppData\Roaming\Promethean ========== Purity Check ========== < End of report > und:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.05.2013 15:06:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jenny\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 34,98% Memory free 6,18 Gb Paging File | 4,35 Gb Available in Paging File | 70,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 37,56 Gb Free Space | 26,07% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 46,93 Gb Free Space | 32,59% Space Free | Partition Type: NTFS Drive F: | 14,55 Gb Total Space | 13,30 Gb Free Space | 91,39% Space Free | Partition Type: FAT32 Computer Name: LAPTOP | User Name: Jenny_2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{21EF2F13-CE9E-4260-B347-3D94DA3DDA09}" = lport=4672 | protocol=17 | dir=in | name=emuleudp2 | "{56F8858F-9EFC-4F93-B168-FC50CF71EB6B}" = lport=4711 | protocol=6 | dir=in | name=emuletcp3 | "{86995495-649C-4F83-A788-B13773F26D52}" = lport=61129 | protocol=17 | dir=in | name=emuleudp | "{BD670CB9-C442-4303-ACA5-A5EC1B8E4D5A}" = lport=61119 | protocol=6 | dir=in | name=emuletcp | "{F32CE106-D8C6-4C18-BF47-D97A890232D1}" = lport=4662 | protocol=6 | dir=in | name=emuletcp2 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1250DEE8-555B-4A22-95D8-D21A823EF1F8}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe | "{18C034B7-F5EA-4832-9942-3B3FE0EA9316}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{19C03EB0-1C02-4A9C-8F85-31F69D900378}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | "{393D61E4-E9B8-4960-97AE-FB2CA3506C1A}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{3ADE0B64-7E33-4AB7-8A6D-B7C8749CCE93}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\umi.exe | "{3D7C29CA-0C77-4269-B1AB-7C532D5E3CC0}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | "{4AE5CA44-CAEF-4590-90C3-AD38BA780980}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4DE0182F-1620-428E-B719-9DD2F1144EDF}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | "{6355E299-98A9-49B0-A715-197514A7FB2D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 12\programs\studio.exe | "{87FE85FA-A284-47D1-8E2A-3753B9F30A20}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{C86975BA-D19F-4B46-A335-26CCBE4EFD82}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E0254986-9FAA-4A28-BBD2-69F23BC5EB3D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 12\programs\rm.exe | "{EA38D699-F9BF-46F2-97FC-C3D57D900059}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization iv colonization\colonization.exe | "TCP Query User{38EA80B8-F36C-4964-ACE8-A92FA9DFC0E6}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "TCP Query User{3C3DF2F2-10C8-4FF7-84DF-D9DA35AB6172}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{43880C8F-A128-40D2-A2E0-0730DFC5A07E}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{4F63F594-DFD8-4D4F-B40F-2525466933B5}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe | "TCP Query User{F60CDD19-F122-4FE3-9DD1-50C297BEF95A}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{6D01E75D-549A-437A-8D74-CFDAF4590F81}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe | "UDP Query User{CA0B6A31-6011-4D79-BB13-012C2F1D2E2F}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | "UDP Query User{D8C28144-51FC-4C45-8922-F657E06CBDE7}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{E0E93B65-193A-4BBE-A7D0-CA71786B3155}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | "UDP Query User{F58A22F6-133D-4904-B057-96B59B364162}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300 "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11CBB0F5-989E-4B16-AE7E-D569AC4BF241}" = Reader for PC "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1E187923-04E5-4E1F-9BF2-40E32D93A1C4}" = HP Color LaserJet CP1210 Series Toolbox "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 30 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{26DDB12A-CB5E-4C0B-89AF-817CA0E59CC9}" = HP LaserJet Toolbox "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{382BE32D-6CFD-4F62-B072-B2B87C0DFEB7}" = ActivInspire Core Resources (DEU) v1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{54360A73-B080-4A69-BFD4-53C190DD3AB0}" = HP Color LaserJet CP1210 Series "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{5F0545E7-3F0F-4730-AF70-26E61DBDF263}" = GfK Internet-Monitor "{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3 "{6332D268-FCEE-47A0-8AD6-6948E25AA786}" = ActivInspire v1 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply "{79314E44-DF84-4A58-AD2A-802DE91033C3}" = ActivInspire Help (DEU) v1 "{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUSR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUSR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUSR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{936E2131-D9DB-42F9-96E7-52D2050ACB09}" = ActivDriver x86 v5.7 "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C09E3A4-850A-40B2-B94F-EBFB5349C238}" = hppusgCP1215 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DBF47CB5-73EC-4DB3-B5A8-A961F41F5F1D}" = ActivInspire HWR Resources (DEU) v1 "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86 "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Avira AntiVir Desktop" = Avira Free Antivirus "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "Civilization II Ultimate Classic Collection" = Civilization II Ultimate Classic Collection "Digital Editions" = Adobe Digital Editions "EPSON Scanner" = EPSON Scan "HP Color LaserJet CP1210 Series" = HP Color LaserJet CP1210 Series "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "MasterTool - Autorensystem_is1" = MasterTool - Autorensystem "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NuragoLSP" = NuragoLSP "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "PROPLUSR" = Microsoft Office Professional Plus 2007 "PSNPMONV1" = Network Print Monitor for Windows 2000/XP "Samsung ML-3470 Series" = Samsung ML-3470 Series "SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver" = SHARP MX Series PCL/PS Printer Driver "Shockwave" = Shockwave "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam "WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "GeoGebra" = GeoGebra "GeoGebra 5.0 Beta" = GeoGebra 5.0 Beta "GeoGebra WebStart" = GeoGebra WebStart ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1354373073-1602023174-3958502211-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.06.2012 21:20:35 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 15.06.2012 21:20:35 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 15.06.2012 21:20:36 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 15.06.2012 21:20:36 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 15.06.2012 21:20:36 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 15.06.2012 21:20:37 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 15.06.2012 21:20:37 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 15.06.2012 21:20:37 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 15.06.2012 21:20:38 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = Error - 15.06.2012 21:20:38 | Computer Name = Laptop | Source = Bonjour Service | ID = 100 Description = [ OSession Events ] Error - 31.05.2010 14:27:37 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 428 seconds with 60 seconds of active time. This session ended with a crash. Error - 02.06.2010 06:57:27 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash. Error - 03.06.2010 06:02:37 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 0 seconds of active time. This session ended with a crash. Error - 19.08.2010 14:47:26 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 66 seconds with 60 seconds of active time. This session ended with a crash. Error - 01.09.2010 02:17:26 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 742 seconds with 300 seconds of active time. This session ended with a crash. Error - 27.01.2011 04:08:13 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 579 seconds with 480 seconds of active time. This session ended with a crash. Error - 02.11.2011 15:29:21 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 958 seconds with 0 seconds of active time. This session ended with a crash. Error - 12.11.2011 12:55:44 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 148 seconds with 0 seconds of active time. This session ended with a crash. Error - 25.01.2012 07:06:22 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 157 seconds with 60 seconds of active time. This session ended with a crash. Error - 21.03.2012 13:12:47 | Computer Name = Laptop | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2347 seconds with 1620 seconds of active time. This session ended with a crash. [ System Events ] Error - 23.05.2013 17:01:33 | Computer Name = Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 24.05.2013 01:49:52 | Computer Name = Laptop | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse 0016EAB82BB2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 25.05.2013 01:43:58 | Computer Name = Laptop | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.33 für die Netzwerkkarte mit der Netzwerkadresse 0016EAB82BB2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 27.05.2013 10:03:33 | Computer Name = Laptop | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.34 für die Netzwerkkarte mit der Netzwerkadresse 0016EAB82BB2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 27.05.2013 10:03:45 | Computer Name = Laptop | Source = DCOM | ID = 10010 Description = Error - 28.05.2013 02:17:25 | Computer Name = Laptop | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.34 für die Netzwerkkarte mit der Netzwerkadresse 0016EAB82BB2 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 28.05.2013 06:17:17 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 28.05.2013 06:17:17 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 28.05.2013 06:17:17 | Computer Name = Laptop | Source = Service Control Manager | ID = 7000 Description = Error - 28.05.2013 06:20:38 | Computer Name = Laptop | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > Für Tipps wie ich die Trojaner dauerhaft loswerde wäre ich dankbar! Geändert von sun1234 (28.05.2013 um 17:40 Uhr) |
28.05.2013, 17:42 | #2 |
/// Malware-holic | Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [Vuadmytiow] C:\Users\Jenny\AppData\Roaming\Ifexv\ziupt.exe (Sysinternals - www.sysinternals.com) O4 - HKU\S-1-5-21-1354373073-1602023174-3958502211-1003..\Run: [IExplorer Util] C:\Users\Jenny\AppData\Roaming\ie_util.exe (Sysinternals - www.sysinternals.com) [2013.05.22 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ifexv [2013.05.22 21:40:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Ovis :files :Commands [emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
__________________ |
28.05.2013, 19:22 | #3 |
| Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' Hallo,
__________________ich habe den Inhalt aus der Codebox in OTL kopiert und dann alle Programme geschlossen und FIX gestartet. Das Programm hat zu arbeiten begonnen und dann kam die Fehlermeldung: Otl funktioniert aufgrund eines Programmfehlers nicht mehr, sie werden benachrichtigt, wenn eine Lösung verfügbar ist. mit dem Button Programm schließen Nach langem Warten habe ich das Programm geschlossen und weiter gewartet, als nichts passiert ist, habe ich den Laptop aus dem Taskmanager heraus runtergefahren und neu gestartet. Es gibt zwar den beschriebenen Ordner MovedFiles, aber darin ist keine Textdatei zu finden. Was kann ich weiter tun? vielen Dank im Vorraus Hi, habe die vorhandene Datei gezipt und in dem Uploadchannel hochgeladen. Ich hoffe, dass das auch ohne Textdatei etwas hilft. Danke |
28.05.2013, 19:58 | #4 |
/// Malware-holic | Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' Hi, danke hat aber geklappt. Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und der sicherste Weg, zumal du deinen PC für onlinebanking, verwendest Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Wenn es mein PC währe, würd ich ihn einmal neu machen, dann können wir ihn auch gleich absichern, Anleitungen erhältst du, egal wofür du dich entscheidest.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.05.2013, 20:10 | #5 |
| Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' Danke für das Angebot, aber plane sowieso schon einen neuen Laptop zu kaufen, den werde ich dann besser absichern, vielleicht könnt ihr mir dann einen Tipp geben, aber eine Neuinstallation wäre zu aufwendig, werde nicht mehr von diesem Laptop onlinebanking machen. Vielen Dank nochmal und einen schönen Abend noch! |
28.05.2013, 20:21 | #6 |
/// Malware-holic | Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' Hi, frage, wirst du diesen Laptop behalten? denn dann müssten wir weitermachen, ansonsten kannst du den dann, wenn du ihn nicht behältst, zumindest auf Werkseinstellung zurücksetzen denn man sollte keine Festplatten in den Müll tun, wenn da noch persönliche Daten drauf sind
__________________ --> Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' |
29.05.2013, 07:45 | #7 |
| Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' Hi, ich weiß noch nicht, ob ich ihn behalten möchte. Ich habe nur ein Problem, ich bin ab morgen 3 Tage verreist. Da wird der Laptop nicht genutzt. Könntest du mir dann danach weiterhelfen? Lieben Gruß |
29.05.2013, 10:52 | #8 |
/// Malware-holic | Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' Ja sicher, musst mir dann nur erst mal sagen, nach den 3 tagen da hattest ja dann Zeit drüber nachzudenken, was wir da machen :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Avira hat mehrere Trojaner gefunden, zb. 'TR/Ransom.Blocker.bgjy' |
32 bit, 7-zip, antivir, autorun, avira, bonjour, cyberghost, desktop, ebanking, firefox, flash player, home, homepage, install.exe, mozilla, plug-in, programm, realtek, registry, rojaner gefunden, server, software, symantec, tr/agent.65536.24, tr/ransom.blocker.bgjy, tr/ransom.blocker.bgtk, trojan, trojaner, virus, vista, windows |