![]() |
|
Log-Analyse und Auswertung: Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
|
![]() | #1 |
![]() ![]() | ![]() Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 Hallo und guten Morgen, ich benötige gleich zweifach eure Hilfe. Aber - gemäß den Regeln des Forums - erst mal meine erste Frage: Ich arbeite gerade jetzt am Laptop meiner Tochter. Auf diesem Laptop hat sie sich den GVU Virus eingefangen. Nachdem ich nach Recherche im Internet die infizierte Datei gelöscht habe, lief der PC wieder, allerdings immer mit dem Warnhinweis, dass es sich nicht um eine Original-Windows Version handelt. Ich hatte wohl eine Datei gelöscht, in der eine wichtige Information gespeichert war. Da es sich selbstverständlich um eine Original-Software handelt und ich die Original-CD ja noch habe, habe ich mich dazu entschlossen, das System neu aufzusetzen. Soweit wäre jetzt alles in Ordnung, wenn jetzt nicht noch die Aufforderung käme: imps.js von tracker.tradedoubler.com ausführen oder speichern. Nachstehend der Inhalt von otl.txt, extras.txt und gmer.txt. Ist der PC sauber bzw. was ist das für eine Anforderung? Vielen Dank im voraus für eure Hilfe. otl.txt: Code:
ATTFilter OTL logfile created on: 29.05.2013 13:44:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaddel\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 37,32% Memory free 7,93 Gb Paging File | 5,12 Gb Available in Paging File | 64,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 151,70 Gb Free Space | 53,53% Space Free | Partition Type: NTFS Drive E: | 14,65 Gb Total Space | 8,57 Gb Free Space | 58,49% Space Free | Partition Type: NTFS Computer Name: KADDEL-PC | User Name: Kaddel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.29 13:44:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaddel\Desktop\OTL.exe PRC - [2013.05.29 13:41:21 | 000,050,477 | ---- | M] () -- C:\Users\Kaddel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9WQ0MYC\Defogger.exe PRC - [2013.05.25 22:19:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.05.25 22:18:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.25 22:18:33 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.05.25 11:47:18 | 004,573,184 | ---- | M] (Spotify Ltd) -- C:\Users\Kaddel\AppData\Roaming\Spotify\spotify.exe PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ========== Modules (No Company Name) ========== MOD - [2013.05.29 13:41:21 | 000,050,477 | ---- | M] () -- C:\Users\Kaddel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9WQ0MYC\Defogger.exe MOD - [2013.05.25 11:47:18 | 024,985,600 | ---- | M] () -- C:\Users\Kaddel\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll MOD - [2013.05.23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.25 22:19:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.25 22:18:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.05.25 13:48:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.25 22:19:30 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.05.25 22:19:30 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.05.25 22:19:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.06.25 08:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.25 07:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.25 07:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 9A 52 4B 26 59 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1D612C5E-3727-4CD4-9345-C10596373F06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=143078F4-C967-4292-BBE3-9B7EEE40E95C&apn_sauid=3D6D21BF-F850-4DB1-814E-D2E8BE298C1A IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=2I7NDKB_deDE0537______ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\Kaddel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FAF0713-570B-45AC-83D5-A1D2440A78A4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56FC9497-F98E-4360-A201-355AEFC591CC}: DhcpNameServer = 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk E:\ O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.29 13:44:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaddel\Desktop\OTL.exe [2013.05.26 13:08:45 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.26 11:26:12 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\Documents\Schule [2013.05.26 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\Documents\Lucas [2013.05.26 08:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.05.26 07:20:17 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.05.26 07:19:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem [2013.05.26 07:18:30 | 000,000,000 | ---D | C] -- C:\Windows\de-DE [2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE [2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de [2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407 [2013.05.26 07:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE [2013.05.26 07:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407 [2013.05.26 07:18:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de [2013.05.26 07:16:08 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui [2013.05.26 07:15:56 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui [2013.05.26 07:15:55 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui [2013.05.26 07:15:55 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui [2013.05.26 07:06:41 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q [2013.05.26 07:05:59 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR [2013.05.25 22:31:04 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Avira [2013.05.25 22:29:18 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Diagnostics [2013.05.25 22:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.25 22:21:59 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.25 22:21:59 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.25 22:21:59 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.25 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.25 22:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.05.25 21:26:58 | 000,000,000 | --SD | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Videos [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Saved Games [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Pictures [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Music [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Links [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Favorites [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Downloads [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Documents [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Desktop [2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Vorlagen [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\AppData\Local\Verlauf [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\AppData\Local\Temporary Internet Files [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Startmenü [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\SendTo [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Recent [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Netzwerkumgebung [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Lokale Einstellungen [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Documents\Eigene Videos [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Documents\Eigene Musik [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Eigene Dateien [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Documents\Eigene Bilder [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Druckumgebung [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Cookies [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\AppData\Local\Anwendungsdaten [2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Anwendungsdaten [2013.05.25 21:26:58 | 000,000,000 | -H-D | C] -- C:\Users\Kaddel\AppData [2013.05.25 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Temp [2013.05.25 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Microsoft [2013.05.25 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Media Center Programs [2013.05.25 21:21:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.05.25 13:49:44 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Macromedia [2013.05.25 13:49:42 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Adobe [2013.05.25 13:49:41 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Google [2013.05.25 13:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.05.25 13:49:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.05.25 13:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2013.05.25 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.05.25 13:49:00 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Google [2013.05.25 13:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.05.25 13:48:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.05.25 13:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.05.25 13:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.05.25 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Spotify [2013.05.25 11:46:54 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Spotify [2013.05.25 10:53:44 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.05.25 10:53:44 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Searches [2013.05.25 10:53:44 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.05.25 10:53:26 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Identities [2013.05.25 10:53:23 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Contacts [2013.05.25 10:53:21 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\VirtualStore [2013.05.25 10:52:51 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.05.25 10:20:34 | 000,000,000 | ---D | C] -- C:\Windows.old [2013.05.25 00:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2013.05.29 13:44:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaddel\Desktop\OTL.exe [2013.05.29 13:21:03 | 000,000,000 | ---- | M] () -- C:\Users\Kaddel\defogger_reenable [2013.05.29 13:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.29 12:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.29 12:27:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.28 20:15:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.28 19:15:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 19:15:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.28 19:12:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.28 19:12:31 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.28 19:12:31 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.28 19:12:31 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.28 19:12:31 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.28 19:07:11 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys [2013.05.26 20:51:36 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.05.26 20:48:29 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.26 15:56:33 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.26 15:56:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.26 13:08:24 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.26 12:57:16 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.26 07:18:18 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat [2013.05.26 07:18:18 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat [2013.05.25 22:25:34 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.25 22:19:30 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.25 22:19:30 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.25 22:19:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.25 21:41:32 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.05.25 21:41:32 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.05.25 21:36:41 | 000,022,960 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat [2013.05.25 21:25:00 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.05.25 20:37:02 | 000,026,430 | ---- | M] () -- C:\Windows\diagwrn.xml [2013.05.25 20:36:52 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml [2013.05.25 11:47:18 | 000,001,815 | ---- | M] () -- C:\Users\Kaddel\Desktop\Spotify.lnk ========== Files Created - No Company Name ========== [2013.05.29 13:21:03 | 000,000,000 | ---- | C] () -- C:\Users\Kaddel\defogger_reenable [2013.05.26 20:51:36 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.05.26 16:20:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.05.26 15:56:33 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.26 15:56:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.26 15:24:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.05.26 07:19:13 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version [2013.05.26 07:18:53 | 000,654,166 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat [2013.05.26 07:18:53 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat [2013.05.26 07:18:53 | 000,130,006 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat [2013.05.26 07:18:53 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat [2013.05.25 22:25:34 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.25 22:06:30 | 000,001,407 | ---- | C] () -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.05.25 22:06:27 | 000,001,441 | ---- | C] () -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.05.25 21:43:39 | 3193,585,664 | -HS- | C] () -- C:\hiberfil.sys [2013.05.25 21:36:42 | 000,022,960 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat [2013.05.25 21:26:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.05.25 21:26:31 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.05.25 21:25:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.05.25 20:36:50 | 000,026,430 | ---- | C] () -- C:\Windows\diagwrn.xml [2013.05.25 20:36:50 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml [2013.05.25 13:49:17 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.05.25 13:49:04 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.25 13:49:03 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.25 13:48:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.25 11:47:18 | 000,001,815 | ---- | C] () -- C:\Users\Kaddel\Desktop\Spotify.lnk [2013.05.25 11:47:18 | 000,001,801 | ---- | C] () -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.29 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Kaddel\AppData\Roaming\Spotify ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.05.2013 13:44:37 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaddel\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 37,32% Memory free 7,93 Gb Paging File | 5,12 Gb Available in Paging File | 64,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283,40 Gb Total Space | 151,70 Gb Free Space | 53,53% Space Free | Partition Type: NTFS Drive E: | 14,65 Gb Total Space | 8,57 Gb Free Space | 58,49% Space Free | Partition Type: NTFS Computer Name: KADDEL-PC | User Name: Kaddel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "TCP Query User{1096351D-56FF-43F8-938E-FF5C72DF503F}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe | "TCP Query User{AFD462DF-EE0B-475E-B002-15867BE1316D}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe | "UDP Query User{4CD07370-CEB2-458D-9AA9-10943F1ABB95}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe | "UDP Query User{82669CCE-62B0-4EAD-A00B-EA9D3E863B54}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "Google Chrome" = Google Chrome ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 25.05.2013 15:41:52 | Computer Name = Kaddel-PC | Source = System Restore | ID = 8193 Description = Error - 25.05.2013 15:41:58 | Computer Name = Kaddel-PC | Source = VSS | ID = 12347 Description = Error - 25.05.2013 15:41:58 | Computer Name = Kaddel-PC | Source = System Restore | ID = 8193 Description = Error - 25.05.2013 15:42:09 | Computer Name = Kaddel-PC | Source = VSS | ID = 12347 Description = Error - 25.05.2013 15:42:09 | Computer Name = Kaddel-PC | Source = System Restore | ID = 8193 Description = Error - 25.05.2013 16:24:16 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385, Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b727 ID des fehlerhaften Prozesses: 0x808 Startzeit der fehlerhaften Anwendung: 0x01ce5985d226a291 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 11af40a8-c579-11e2-8394-0026b9118661 Error - 26.05.2013 14:46:40 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1, Zeitstempel: 0x4ba1da21 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73846a64 ID des fehlerhaften Prozesses: 0x6a4 Startzeit der fehlerhaften Anwendung: 0x01ce5a40fe45a664 Pfad der fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 99c42dd1-c634-11e2-a908-0026b9118661 Error - 26.05.2013 14:46:52 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 13.6.0.778, Zeitstempel: 0x511e406d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73846a64 ID des fehlerhaften Prozesses: 0x9e0 Startzeit der fehlerhaften Anwendung: 0x01ce5a4163454945 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a12af52c-c634-11e2-a908-0026b9118661 Error - 26.05.2013 14:46:57 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 13.6.0.778, Zeitstempel: 0x511e406d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73846a64 ID des fehlerhaften Prozesses: 0xab8 Startzeit der fehlerhaften Anwendung: 0x01ce5a41667f46c4 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a4309465-c634-11e2-a908-0026b9118661 Error - 26.05.2013 14:56:29 | Computer Name = Kaddel-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16483 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 730 Startzeit: 01ce5a42ac586a75 Endzeit: 16 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: f44421c4-c635-11e2-ba00-0026b9118661 [ System Events ] Error - 28.05.2013 12:55:22 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.05.2013 12:55:55 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.05.2013 13:07:55 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 28.05.2013 13:07:55 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.05.2013 14:15:43 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 28.05.2013 20:38:29 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.05.2013 02:55:12 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.05.2013 03:46:02 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.05.2013 06:12:01 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 29.05.2013 06:27:06 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-05-30 10:11:34 Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320II rev.2AC101C4 298,09GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Kaddel\AppData\Local\Temp\uwdiipob.sys ---- User code sections - GMER 2.1 ---- .text C:\Users\Kaddel\Downloads\Defogger (1).exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754e1465 2 bytes [4E, 75] .text C:\Users\Kaddel\Downloads\Defogger (1).exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754e14bb 2 bytes [4E, 75] .text ... * 2 ---- EOF - GMER 2.1 ---- Anna Nachtrag: Direkt nach dem ich in euer Forum gepostet habe ist mein PC mit einem Warnhinweis auf ein Sicherheitsrisiko heruntergefahren! Geändert von AnWe (30.05.2013 um 10:07 Uhr) |
![]() | #2 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7![]() Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen. |
![]() | #3 | |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 Servus,
__________________Zitat:
Wenn du dich einloggst und der Rechner den Desktop und alle Programme lädt? Wenn du im Internet surfst? Welchen Browser verwendest du? Fixen mit OTL
Code:
ATTFilter :OTL IE - HKCU\..\SearchScopes\{1D612C5E-3727-4CD4-9345-C10596373F06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=143078F4-C967-4292-BBE3-9B7EEE40E95C&apn_sauid=3D6D21BF-F850-4DB1-814E-D2E8BE298C1A O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. :Commands [resethosts] [emptytemp]
Geändert von M-K-D-B (30.05.2013 um 11:04 Uhr) |
![]() | #4 |
![]() ![]() | ![]() Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 Hallo Matthias, ich arbeite die meiste Zeit mit Internet Explorer, die letzten Tage aber vermehrt mit Google Die Meldung kommt nur zeitweise und meines Wissens nach bisher nur beim Surfen (wohl bisher nur unter IE, da ich ja erst die letzten Tage mit Google Chrome arbeite) Nachstehend der OTL Text nach dem FIX: Code:
ATTFilter All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D612C5E-3727-4CD4-9345-C10596373F06}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D612C5E-3727-4CD4-9345-C10596373F06}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Error: Unble to create default HOSTS file! [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Kaddel ->Temp folder emptied: 9977117 bytes ->Temporary Internet Files folder emptied: 202729339 bytes ->Google Chrome cache emptied: 32817573 bytes ->Flash cache emptied: 1946 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 114839365 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46440790 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 388,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05302013_121949 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. C:\Users\Kaddel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
![]() | #5 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 Servus, Schritt 1 Scan mit Combofix
Schritt 2 Downloade dir HitmanPro (64 Bit) auf deinen Desktop.
Surfe anschließend bitte mit dem IE und berichte mir, ob du du immer noch diese Aufforderung bekommst. Bitte poste mit deiner nächsten Antwort
|
![]() | #6 |
![]() ![]() | ![]() Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 Hi Matthias, diese Aufforderung imp.js von tracker.tradedoubler.com ist bisher nur sporadisch aufgetreten. Heute morgen z. B. noch gar nicht, auch nicht mit dem IE. Aus dem IE kann ich die Links aus diesem Thread nicht öffnen. Aber ich denken, das ist nur ein Einstellungsproblem? Nachstehend die Logdateien: Logdatei von Combofix. Code:
ATTFilter ComboFix 13-05-30.02 - Kaddel 30.05.2013 12:59:20.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4061.2970 [GMT 2:00] ausgeführt von:: c:\users\Kaddel\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . E:\Autorun.inf . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-28 bis 2013-05-30 )))))))))))))))))))))))))))))) . . 2013-05-30 11:05 . 2013-05-30 11:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-30 10:19 . 2013-05-30 10:19 -------- d-----w- C:\_OTL 2013-05-30 09:51 . 2013-05-30 09:51 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2013-05-30 09:34 . 2013-05-30 09:34 -------- d-----w- c:\programdata\McAfee 2013-05-29 20:13 . 2013-05-29 20:13 -------- d-----w- c:\windows\system32\EventProviders 2013-05-28 17:03 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll 2013-05-27 16:27 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2013-05-27 16:27 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2013-05-27 16:27 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys 2013-05-27 16:27 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys 2013-05-27 16:27 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2013-05-27 16:27 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2013-05-27 16:27 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2013-05-27 16:26 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys 2013-05-27 16:26 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys 2013-05-27 16:26 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys 2013-05-27 16:26 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll 2013-05-27 16:26 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll 2013-05-27 16:26 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys 2013-05-27 16:26 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys 2013-05-27 16:26 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys 2013-05-27 16:26 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe 2013-05-27 16:26 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe 2013-05-27 16:26 . 2011-03-11 04:31 91136 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS 2013-05-26 15:14 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2013-05-26 15:14 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2013-05-26 14:39 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll 2013-05-26 14:39 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll 2013-05-26 14:20 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-05-26 14:20 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-05-26 14:20 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-05-26 14:00 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2013-05-26 13:37 . 2013-05-03 14:15 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-26 13:26 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-05-26 13:26 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-05-26 13:26 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-05-26 13:26 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-05-26 13:26 . 2009-10-19 14:46 100864 ----a-w- c:\windows\system32\fontsub.dll 2013-05-26 13:26 . 2009-10-19 14:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2013-05-26 13:24 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-05-26 13:24 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-05-26 13:24 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-05-26 13:24 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-05-26 13:24 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-05-26 13:24 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-05-26 13:24 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-05-26 13:10 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2013-05-26 13:10 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2013-05-26 13:10 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2013-05-26 13:10 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll 2013-05-26 13:10 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2013-05-26 12:59 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2013-05-26 12:59 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys 2013-05-26 11:08 . 2013-05-26 11:08 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-05-26 10:45 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll 2013-05-26 10:44 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll 2013-05-26 10:43 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll 2013-05-26 10:42 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll 2013-05-26 10:41 . 2012-12-07 05:41 441856 ----a-w- c:\windows\system32\Wpc.dll 2013-05-26 10:40 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll 2013-05-26 10:40 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2013-05-26 10:40 . 2011-02-05 12:41 556928 ----a-w- c:\windows\system32\winresume.efi 2013-05-26 10:40 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi 2013-05-26 10:40 . 2011-02-05 12:41 20352 ----a-w- c:\windows\system32\kdusb.dll 2013-05-26 10:40 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll 2013-05-26 10:40 . 2011-02-05 12:41 17792 ----a-w- c:\windows\system32\kdcom.dll 2013-05-26 10:40 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe 2013-05-26 10:40 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe 2013-05-26 10:40 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll 2013-05-26 10:40 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll 2013-05-26 10:38 . 2013-03-19 05:54 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-05-26 10:10 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll 2013-05-26 10:10 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-26 10:10 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-26 10:10 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-26 10:10 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-26 10:10 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-26 10:09 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll 2013-05-26 10:09 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll 2013-05-26 06:34 . 2013-05-26 06:34 -------- d-----w- c:\program files (x86)\Microsoft.NET 2013-05-26 05:20 . 2013-05-25 20:06 -------- d-----w- c:\windows\Panther 2013-05-26 05:19 . 2013-05-26 05:19 -------- d-----w- c:\windows\system32\oem 2013-05-26 05:18 . 2013-05-26 05:18 -------- d-----w- c:\windows\de-DE 2013-05-26 05:18 . 2013-05-26 18:44 -------- d-----w- c:\windows\SysWow64\wbem\de-DE 2013-05-26 05:18 . 2013-05-26 05:18 -------- d-----w- c:\windows\SysWow64\XPSViewer 2013-05-26 05:18 . 2013-05-26 05:18 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\de-DE 2013-05-26 05:18 . 2013-05-26 05:18 -------- d-----w- c:\windows\SysWow64\drivers\de-DE 2013-05-26 05:18 . 2013-05-26 05:18 -------- d-----w- c:\windows\SysWow64\de 2013-05-26 05:18 . 2013-05-26 05:18 -------- d-----w- c:\windows\SysWow64\0407 2013-05-26 05:18 . 2013-05-26 18:44 -------- d-----w- c:\windows\system32\drivers\de-DE 2013-05-26 05:18 . 2013-05-26 05:18 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE 2013-05-26 05:18 . 2013-05-26 05:18 -------- d-----w- c:\windows\system32\0407 2013-05-26 05:18 . 2013-05-26 18:44 -------- d-----w- c:\windows\system32\wbem\de-DE 2013-05-26 05:18 . 2013-05-26 05:18 -------- d-----w- c:\windows\system32\de 2013-05-26 05:16 . 2009-07-14 03:05 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\de-DE\LXKPTPRC.DLL.mui 2013-05-26 05:06 . 2013-05-25 19:37 -------- d-----w- C:\$WINDOWS.~Q 2013-05-26 05:05 . 2013-05-26 05:06 -------- d-----w- C:\$INPLACE.~TR 2013-05-25 23:07 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2013-05-25 23:06 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2013-05-25 23:06 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2013-05-25 23:06 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2013-05-25 23:06 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2013-05-25 23:06 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2013-05-25 23:06 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-05-25 23:06 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2013-05-25 23:06 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2013-05-25 23:06 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2013-05-25 20:21 . 2013-05-25 20:19 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-05-25 20:21 . 2013-05-25 20:19 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-05-25 20:21 . 2013-05-25 20:19 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-05-25 20:21 . 2013-05-25 20:25 -------- d-----w- c:\programdata\Avira 2013-05-25 20:21 . 2013-05-25 20:21 -------- d-----w- c:\program files (x86)\Avira 2013-05-25 19:52 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll 2013-05-25 19:52 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll 2013-05-25 19:52 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2013-05-25 19:52 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll 2013-05-25 19:52 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2013-05-25 19:42 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2013-05-25 19:42 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2013-05-25 19:42 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2013-05-25 19:42 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2013-05-25 19:41 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2013-05-25 19:41 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2013-05-25 19:41 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2013-05-25 19:41 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\Kaddel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-25 1105408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-25 345312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-05-30 834544] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-05-25 28600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-05-25 86752] S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-26 10:57 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-25 11:48] . 2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25 11:49] . 2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-25 11:49] . . --------- X64 Entries ----------- . . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.2.1 . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-05-30 13:08:01 ComboFix-quarantined-files.txt 2013-05-30 11:08 . Vor Suchlauf: 23 Verzeichnis(se), 164.134.109.184 Bytes frei Nach Suchlauf: 29 Verzeichnis(se), 163.764.072.448 Bytes frei . - - End Of File - - FC7D0C3ED3BBA7EAD3A1C15FEE9DD306 Code:
ATTFilter
Geändert von AnWe (30.05.2013 um 13:14 Uhr) |
![]() |
Themen zu Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 |
adobe, antivir, autorun, avira, datei gelöscht, entfernen, error, firefox, flash player, format, frage, google, home, homepage, iexplore.exe, install.exe, logfile, programm, registry, rundll, scan, security, software, system, system neu, udp, virus, warnhinweis, windows |