Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7

Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7


Log-Analyse und Auswertung: Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 30.05.2013, 09:33   #1
AnWe
 
Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 - Icon22

Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7


Hallo und guten Morgen,
ich benötige gleich zweifach eure Hilfe. Aber - gemäß den Regeln des Forums - erst mal meine erste Frage:
Ich arbeite gerade jetzt am Laptop meiner Tochter. Auf diesem Laptop hat sie sich den GVU Virus eingefangen. Nachdem ich nach Recherche im Internet die infizierte Datei gelöscht habe, lief der PC wieder, allerdings immer mit dem Warnhinweis, dass es sich nicht um eine Original-Windows Version handelt. Ich hatte wohl eine Datei gelöscht, in der eine wichtige Information gespeichert war. Da es sich selbstverständlich um eine Original-Software handelt und ich die Original-CD ja noch habe, habe ich mich dazu entschlossen, das System neu aufzusetzen. Soweit wäre jetzt alles in Ordnung, wenn jetzt nicht noch die Aufforderung käme: imps.js von tracker.tradedoubler.com ausführen oder speichern.

Nachstehend der Inhalt von otl.txt, extras.txt und gmer.txt.

Ist der PC sauber bzw. was ist das für eine Anforderung?

Vielen Dank im voraus für eure Hilfe.

otl.txt:
Code:
ATTFilter
OTL logfile created on: 29.05.2013 13:44:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kaddel\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 37,32% Memory free
7,93 Gb Paging File | 5,12 Gb Available in Paging File | 64,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 151,70 Gb Free Space | 53,53% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 8,57 Gb Free Space | 58,49% Space Free | Partition Type: NTFS
 
Computer Name: KADDEL-PC | User Name: Kaddel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.29 13:44:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaddel\Desktop\OTL.exe
PRC - [2013.05.29 13:41:21 | 000,050,477 | ---- | M] () -- C:\Users\Kaddel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9WQ0MYC\Defogger.exe
PRC - [2013.05.25 22:19:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.25 22:18:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.25 22:18:33 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.25 11:47:18 | 004,573,184 | ---- | M] (Spotify Ltd) -- C:\Users\Kaddel\AppData\Roaming\Spotify\spotify.exe
PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.29 13:41:21 | 000,050,477 | ---- | M] () -- C:\Users\Kaddel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9WQ0MYC\Defogger.exe
MOD - [2013.05.25 11:47:18 | 024,985,600 | ---- | M] () -- C:\Users\Kaddel\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.25 22:19:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.25 22:18:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.25 13:48:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.25 22:19:30 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.05.25 22:19:30 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.05.25 22:19:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.25 08:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 07:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 07:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 9A 52 4B 26 59 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D612C5E-3727-4CD4-9345-C10596373F06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=143078F4-C967-4292-BBE3-9B7EEE40E95C&apn_sauid=3D6D21BF-F850-4DB1-814E-D2E8BE298C1A
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=2I7NDKB_deDE0537______
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Kaddel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FAF0713-570B-45AC-83D5-A1D2440A78A4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56FC9497-F98E-4360-A201-355AEFC591CC}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.29 13:44:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaddel\Desktop\OTL.exe
[2013.05.26 13:08:45 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.26 11:26:12 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\Documents\Schule
[2013.05.26 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\Documents\Lucas
[2013.05.26 08:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.05.26 07:20:17 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.05.26 07:19:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2013.05.26 07:18:30 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2013.05.26 07:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2013.05.26 07:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2013.05.26 07:18:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2013.05.26 07:16:08 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.05.26 07:15:56 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.05.26 07:15:55 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.05.26 07:15:55 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.05.26 07:06:41 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2013.05.26 07:05:59 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2013.05.25 22:31:04 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Avira
[2013.05.25 22:29:18 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Diagnostics
[2013.05.25 22:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.25 22:21:59 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.25 22:21:59 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.25 22:21:59 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.25 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.25 22:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.05.25 21:26:58 | 000,000,000 | --SD | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Videos
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Saved Games
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Pictures
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Music
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Links
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Favorites
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Downloads
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Documents
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Desktop
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Vorlagen
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\AppData\Local\Verlauf
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\AppData\Local\Temporary Internet Files
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Startmenü
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\SendTo
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Recent
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Netzwerkumgebung
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Lokale Einstellungen
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Documents\Eigene Videos
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Documents\Eigene Musik
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Eigene Dateien
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Documents\Eigene Bilder
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Druckumgebung
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Cookies
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\AppData\Local\Anwendungsdaten
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Anwendungsdaten
[2013.05.25 21:26:58 | 000,000,000 | -H-D | C] -- C:\Users\Kaddel\AppData
[2013.05.25 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Temp
[2013.05.25 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Microsoft
[2013.05.25 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Media Center Programs
[2013.05.25 21:21:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.05.25 13:49:44 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Macromedia
[2013.05.25 13:49:42 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Adobe
[2013.05.25 13:49:41 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Google
[2013.05.25 13:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.05.25 13:49:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.05.25 13:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.05.25 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.25 13:49:00 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Google
[2013.05.25 13:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.05.25 13:48:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.05.25 13:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.05.25 13:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.05.25 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Spotify
[2013.05.25 11:46:54 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Spotify
[2013.05.25 10:53:44 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.25 10:53:44 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Searches
[2013.05.25 10:53:44 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.25 10:53:26 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Identities
[2013.05.25 10:53:23 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Contacts
[2013.05.25 10:53:21 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\VirtualStore
[2013.05.25 10:52:51 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.05.25 10:20:34 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013.05.25 00:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.29 13:44:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaddel\Desktop\OTL.exe
[2013.05.29 13:21:03 | 000,000,000 | ---- | M] () -- C:\Users\Kaddel\defogger_reenable
[2013.05.29 13:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 12:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.29 12:27:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 20:15:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.28 19:15:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 19:15:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 19:12:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.28 19:12:31 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.28 19:12:31 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.28 19:12:31 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.28 19:12:31 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.28 19:07:11 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 20:51:36 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.05.26 20:48:29 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.26 15:56:33 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.26 15:56:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.26 13:08:24 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.26 12:57:16 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.26 07:18:18 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2013.05.26 07:18:18 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2013.05.25 22:25:34 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.25 22:19:30 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.25 22:19:30 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.25 22:19:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.25 21:41:32 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.05.25 21:41:32 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.05.25 21:36:41 | 000,022,960 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2013.05.25 21:25:00 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.05.25 20:37:02 | 000,026,430 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013.05.25 20:36:52 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2013.05.25 11:47:18 | 000,001,815 | ---- | M] () -- C:\Users\Kaddel\Desktop\Spotify.lnk
 
========== Files Created - No Company Name ==========
 
[2013.05.29 13:21:03 | 000,000,000 | ---- | C] () -- C:\Users\Kaddel\defogger_reenable
[2013.05.26 20:51:36 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.05.26 16:20:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.05.26 15:56:33 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.26 15:56:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.26 15:24:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.05.26 07:19:13 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version
[2013.05.26 07:18:53 | 000,654,166 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 07:18:53 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2013.05.26 07:18:53 | 000,130,006 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 07:18:53 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2013.05.25 22:25:34 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.25 22:06:30 | 000,001,407 | ---- | C] () -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.05.25 22:06:27 | 000,001,441 | ---- | C] () -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.25 21:43:39 | 3193,585,664 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.25 21:36:42 | 000,022,960 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2013.05.25 21:26:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.05.25 21:26:31 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.05.25 21:25:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.05.25 20:36:50 | 000,026,430 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013.05.25 20:36:50 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2013.05.25 13:49:17 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.25 13:49:04 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.25 13:49:03 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.25 13:48:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.25 11:47:18 | 000,001,815 | ---- | C] () -- C:\Users\Kaddel\Desktop\Spotify.lnk
[2013.05.25 11:47:18 | 000,001,801 | ---- | C] () -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.29 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Kaddel\AppData\Roaming\Spotify
 
========== Purity Check ==========
 
 

< End of report >
extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 29.05.2013 13:44:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kaddel\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 37,32% Memory free
7,93 Gb Paging File | 5,12 Gb Available in Paging File | 64,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 151,70 Gb Free Space | 53,53% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 8,57 Gb Free Space | 58,49% Space Free | Partition Type: NTFS
 
Computer Name: KADDEL-PC | User Name: Kaddel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{1096351D-56FF-43F8-938E-FF5C72DF503F}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{AFD462DF-EE0B-475E-B002-15867BE1316D}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{4CD07370-CEB2-458D-9AA9-10943F1ABB95}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{82669CCE-62B0-4EAD-A00B-EA9D3E863B54}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.05.2013 15:41:52 | Computer Name = Kaddel-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 25.05.2013 15:41:58 | Computer Name = Kaddel-PC | Source = VSS | ID = 12347
Description = 
 
Error - 25.05.2013 15:41:58 | Computer Name = Kaddel-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 25.05.2013 15:42:09 | Computer Name = Kaddel-PC | Source = VSS | ID = 12347
Description = 
 
Error - 25.05.2013 15:42:09 | Computer Name = Kaddel-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 25.05.2013 16:24:16 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
 Zeitstempel: 0x4a5bc69e  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdbdf  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0x808  Startzeit der fehlerhaften Anwendung: 0x01ce5985d226a291  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 11af40a8-c579-11e2-8394-0026b9118661
 
Error - 26.05.2013 14:46:40 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
 Zeitstempel: 0x4ba1da21  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73846a64  ID des fehlerhaften
 Prozesses: 0x6a4  Startzeit der fehlerhaften Anwendung: 0x01ce5a40fe45a664  Pfad der
 fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 99c42dd1-c634-11e2-a908-0026b9118661
 
Error - 26.05.2013 14:46:52 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 13.6.0.778,
 Zeitstempel: 0x511e406d  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73846a64  ID des fehlerhaften
 Prozesses: 0x9e0  Startzeit der fehlerhaften Anwendung: 0x01ce5a4163454945  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a12af52c-c634-11e2-a908-0026b9118661
 
Error - 26.05.2013 14:46:57 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 13.6.0.778,
 Zeitstempel: 0x511e406d  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73846a64  ID des fehlerhaften
 Prozesses: 0xab8  Startzeit der fehlerhaften Anwendung: 0x01ce5a41667f46c4  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: a4309465-c634-11e2-a908-0026b9118661
 
Error - 26.05.2013 14:56:29 | Computer Name = Kaddel-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16483 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 730    Startzeit: 01ce5a42ac586a75    Endzeit: 16    Anwendungspfad: 
C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: f44421c4-c635-11e2-ba00-0026b9118661

 
[ System Events ]
Error - 28.05.2013 12:55:22 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.05.2013 12:55:55 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.05.2013 13:07:55 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 28.05.2013 13:07:55 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.05.2013 14:15:43 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.05.2013 20:38:29 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 29.05.2013 02:55:12 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 29.05.2013 03:46:02 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 29.05.2013 06:12:01 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 29.05.2013 06:27:06 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
gmer.txt
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-30 10:11:34
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320II rev.2AC101C4 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kaddel\AppData\Local\Temp\uwdiipob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Users\Kaddel\Downloads\Defogger (1).exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000754e1465 2 bytes [4E, 75]
.text  C:\Users\Kaddel\Downloads\Defogger (1).exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000754e14bb 2 bytes [4E, 75]
.text  ...                                                                                                        * 2

---- EOF - GMER 2.1 ----
Liebe Grüße
Anna

Nachtrag: Direkt nach dem ich in euer Forum gepostet habe ist mein PC mit einem Warnhinweis auf ein Sicherheitsrisiko heruntergefahren!
Geändert von AnWe (30.05.2013 um 10:07 Uhr)

 

Themen zu Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7
adobe, antivir, autorun, avira, datei gelöscht, entfernen, error, firefox, flash player, format, frage, google, home, homepage, iexplore.exe, install.exe, logfile, programm, registry, rundll, scan, security, software, system, system neu, udp, virus, warnhinweis, windows


« Trojaner: \Users\Kerstin\AppData\Roaming\systeme\upsate.exe | GVU Trojaner Windows 7 64bit »


Ähnliche Themen: Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7


  1. Win7 mit Advanced System Protector, System Speedup und vielen weiteren Plagegeistern
    Plagegeister aller Art und deren Bekämpfung - 10.06.2014 (12)
  2. Avast Warnungen trotz neu aufgesetztem Windows 7
    Log-Analyse und Auswertung - 24.03.2014 (17)
  3. Div. Bluescreens bei Win7 und Win7-Installation nach durchgeb. Netzteil
    Alles rund um Windows - 24.11.2013 (8)
  4. Permant Traffic unbekannter Art auf völlig neu aufgesetztem System
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (3)
  5. Win7, Advanced System Protector, System verseucht?
    Log-Analyse und Auswertung - 15.09.2013 (19)
  6. Win7 Opera: Wärend des surfens popptet eine Seite auf und sperrte das System. Nach Neustart + Anmeldung: black sreen =(
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (2)
  7. system startet nicht nach Hitman-USB-Boot!!! WIN7
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (2)
  8. imp.js tracker.tradedoubler trotz virenprogramm und malwarebytes
    Log-Analyse und Auswertung - 19.03.2013 (28)
  9. Ich werde "imp.js von tracker.tradedoubler.com" nicht los
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (13)
  10. Tracker.Tradedoubler.com soll ausgeführt werden
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (30)
  11. Wiederholte Meldung "Download ... von tracker.tradedoubler.com" - was tun?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (19)
  12. imp.js von tracker.tradedoubler.com
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (21)
  13. Sparkasse Anforderung 20 Tan -Nummern
    Log-Analyse und Auswertung - 26.08.2011 (11)
  14. Viren auf neu aufgesetztem System?
    Log-Analyse und Auswertung - 12.07.2011 (15)
  15. Zeitüberschreitung der Anforderung (sporadisch und regelmäßig) beim Ping
    Netzwerk und Hardware - 06.07.2011 (30)
  16. cpu schnell ausgelastet ohne nenneswerte anforderung
    Log-Analyse und Auswertung - 03.07.2011 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 - Hallo und guten Morgen, ich benötige gleich zweifach eure Hilfe. Aber - gemäß den Regeln des Forums - erst mal meine erste Frage: Ich arbeite gerade jetzt am Laptop meiner - Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7...
Archiv
Du betrachtest: Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131