|
(Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") Hallo ;) Antivir hat mich diese Tage mit einem Fund erschreckt . Hab nach Anleitung hier mal gehandelt , im abgesicherten Modus und mit deaktivierter Syswiederherstellung , nen Malwarebytes Scan gemacht. Auch nen OTL und nen Gmer nach Plan . Aber fangen wir mal mit MB an , ist nur ein Fund (siehe threadname) :heilig: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.17.07 Windows XP Service Pack 3 x86 NTFS (Safe Mode) Internet Explorer 7.0.5730.13 Administrator :: CHEWIE [administrator] Protection: Disabled 17.06.2012 23:07:56 mbam-log-2012-06-17 (23-07-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 216781 Time elapsed: 8 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) :confused::confused::confused::confused::confused: OTL OTL logfile created on: 18.06.2012 01:49:06 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Dokumente und Einstellungen\Vero\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,48 Mb Total Physical Memory | 428,34 Mb Available Physical Memory | 41,85% Memory free 2,40 Gb Paging File | 1,76 Gb Available in Paging File | 73,23% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,00 Gb Total Space | 68,60 Gb Free Space | 85,76% Space Free | Partition Type: NTFS Drive E: | 218,09 Gb Total Space | 184,61 Gb Free Space | 84,65% Space Free | Partition Type: NTFS Computer Name: CHEWIE | User Name: Vero | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.18 01:45:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Vero\Eigene Dateien\Downloads\OTL.exe PRC - [2012.06.07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2009.12.09 14:44:20 | 000,713,032 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012.06.17 02:02:17 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll MOD - [2012.06.07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll MOD - [2012.06.07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012.06.07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012.06.07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012.06.07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012.06.07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012.06.07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.06.17 17:05:55 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.17 02:27:45 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.12.04 22:11:41 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) SRV - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.10.22 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2010.10.22 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.02.09 11:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hxctlflt.sys -- (hxctlflt) DRV - [2008.04.14 01:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008.04.14 01:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007.09.10 10:50:56 | 000,457,984 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2006.09.28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{E6A9C426-46D4-4FCD-9964-BE45862C5959}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.17 17:05:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.17 16:25:11 | 000,000,000 | ---D | M] [2011.03.13 19:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\Mozilla\Extensions [2012.06.17 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\Mozilla\Firefox\Profiles\hettkaws.default\extensions [2012.06.17 01:42:17 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\Mozilla\Firefox\Profiles\hettkaws.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2012.06.17 17:06:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.17 17:08:06 | 000,021,543 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\VERO\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\HETTKAWS.DEFAULT\EXTENSIONS\LEETHAX@LEETHAX.NET.XPI [2012.06.17 17:05:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.17 17:05:52 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.17 17:05:52 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.17 17:05:52 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 17:05:52 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 17:05:52 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 17:05:52 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Programme\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll Hosts file not found O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: FoFileAssociate = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{840096B9-6800-4DAD-AE52-4FFA6263ED0B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E67AFA2C-E5B9-4522-8758-A561BC5CC0FD}: NameServer = 82.212.62.62,78.42.43.62 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2010.11.01 19:21:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.18 00:30:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Vero\Recent [2012.06.17 23:04:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\Malwarebytes [2012.06.17 23:03:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.17 23:03:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.17 23:03:47 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.17 23:03:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.17 22:50:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2012.06.17 17:06:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla [2012.06.17 17:06:00 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2012.06.17 16:25:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime [2012.06.17 16:24:42 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2012.06.17 16:19:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2012.06.17 16:18:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2012.06.17 01:32:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2012.06.16 18:25:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\Avira [2012.06.16 18:19:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.06.16 18:19:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2012.06.16 18:19:41 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.06.16 18:19:41 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2012.06.16 18:19:41 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2012.06.16 18:19:34 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.06.16 18:19:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.18 01:47:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Vero\defogger_reenable [2012.06.18 01:31:26 | 000,000,507 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.06.18 01:31:25 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2012.06.18 01:30:50 | 000,000,582 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job [2012.06.18 01:30:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.18 00:27:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.18 00:15:02 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1958367476-725345543-1005UA.job [2012.06.17 18:15:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1958367476-725345543-1005Core.job [2012.06.17 16:45:22 | 000,006,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.17 16:00:28 | 000,517,130 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.06.17 16:00:28 | 000,493,998 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.06.17 16:00:28 | 000,101,416 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.06.17 16:00:28 | 000,084,542 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.06.16 18:11:50 | 000,203,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.06.16 17:23:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.18 01:47:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Vero\defogger_reenable [2012.06.17 02:02:18 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.16 17:28:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.16 17:28:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2011.05.14 15:29:37 | 000,000,098 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.05.07 21:24:07 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Vero\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.03 05:35:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.03.20 00:52:18 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010.12.25 18:51:21 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010.12.25 18:51:18 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.12.25 18:51:18 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.12.25 18:51:17 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010.12.25 17:33:56 | 000,042,124 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.12.22 17:15:54 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2010.12.18 20:08:24 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.12.12 13:30:33 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.INI [2010.12.04 10:54:41 | 000,000,056 | ---- | C] () -- C:\WINDOWS\cryavitowmv.ini [2010.12.04 10:46:07 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\SySavitowmv.dat [2010.11.22 16:28:00 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2010.11.21 21:16:09 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.11.05 21:47:25 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\st50220.dll [2010.11.05 19:08:16 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.11.02 00:13:49 | 000,004,990 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe [2010.11.01 23:38:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.11.01 19:23:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.11.01 19:19:51 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.11.01 16:56:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.11.01 16:56:08 | 000,203,328 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== LOP Check ========== [2011.06.13 16:58:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2010.12.11 10:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2011.05.14 15:32:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2010.12.04 23:21:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Stardock [2010.12.04 22:10:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.12.24 21:18:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.12.04 22:10:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2011.06.13 16:58:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\ACD Systems [2011.03.14 23:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\BitTorrent [2011.05.14 12:13:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.05.15 14:55:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\OpenOffice.org [2011.05.13 01:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\PriceGong [2011.05.14 15:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\Stardock [2011.03.13 19:34:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\Subversion [2011.03.13 19:39:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\TuneUp Software [2011.05.14 14:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vero\Anwendungsdaten\Uniblue [2012.06.18 01:30:50 | 000,000,582 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Problemsuche.job ========== Purity Check ========== < End of report > Danke im vorraus fürs Licht ins Dunkel bringen ;D der berb |
Zitat:
Wo sind die AntiVir-Logs dazu? :wtf: Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: hier steht das Log |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 10:41 Uhr. |
Copyright ©2000-2025, Trojaner-Board