Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win Vista BKA 1.13 Trojaner (https://www.trojaner-board.de/121828-win-vista-bka-1-13-trojaner.html)

deko 11.08.2012 13:48
Win Vista BKA 1.13 Trojaner
 
Hey Leute,
ich habe mir mit meinem PC den BKA Trojaner 1.13 eingefangen und brauche nun eure Hilfe, um diesen wieder zu entfernen. Die OTL-Dateien findet ihr im Anhang. Bitte um schnelle Hilfe.

Gruß Deko

Anhang 40395

Anhang 40396

t'john 11.08.2012 15:50
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{2AD9BACB-2264-4A41-A318-6F1BDE25A2A7}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes,DefaultScope = {E9841929-28EC-4DFD-9889-81B466BAD772}
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{2AD9BACB-2264-4A41-A318-6F1BDE25A2A7}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{E9841929-28EC-4DFD-9889-81B466BAD772}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O3 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000..\Run: [duezsckmcjzrlms] C:\ProgramData\duezsckm.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.08.09 22:40:08 | 000,000,000 | ---D | C] -- C:\ProgramData\gryzgrwacuqycuj
[2012.08.11 14:05:48 | 000,098,861 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.11 14:05:21 | 000,098,861 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.09 22:40:12 | 000,000,051 | ---- | M] () -- C:\ProgramData\jdcgvuopknttfbb
[2012.08.09 22:39:52 | 000,061,440 | ---- | M] () -- C:\Users\Sonja\ms.exe
[2012.08.09 22:39:52 | 000,061,440 | ---- | M] () -- C:\ProgramData\duezsckm.exe
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:C31F31E6
 
[2012.08.11 14:05:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.07 23:03:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.12 18:57:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

deko 13.08.2012 10:12
Hey,
erstmal danke für den Fix-Code. Ich habe alle Anweisungen befolgt und der neue Scan ergibt dieses Ergebnis. Den BKA-Trojaner blockt nichts mehr auf dem PC und Avast Antivirus hat auch nichts mehr gefunden. Hoffe, dass nun alles runter ist.

Gruß Deko

Code:
OTL logfile created on: 12.08.2012 19:02:19 - Run 2
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Sonja\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,55% Memory free
6,19 Gb Paging File | 5,23 Gb Available in Paging File | 84,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,90 Gb Total Space | 96,97 Gb Free Space | 43,31% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,65 Gb Free Space | 18,35% Space Free | Partition Type: NTFS
 
Computer Name: COMPAC | User Name: Sonja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.12 19:01:02 | 001,541,144 | ---- | M] (Google Inc.) -- C:\Windows\Temp\CR_AD240.tmp\setup.exe
PRC - [2012.08.11 14:10:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sonja\Desktop\OTL.exe
PRC - [2012.08.08 19:00:00 | 000,668,072 | ---- | M] () -- C:\Programme\Google\Update\Install\{070826F9-EE6F-4D10-BA04-FAF9568C582F}\21.0.1180.75_21.0.1180.60_chrome_updater.exe
PRC - [2011.09.06 23:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.09.06 23:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2010.03.11 01:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\wfcrun32.exe
PRC - [2010.03.11 01:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Citrix\ICA Client\concentr.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.03.22 15:23:49 | 002,652,056 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2008.12.11 17:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Firewall Plus\FWService.exe
PRC - [2008.12.11 10:16:28 | 000,026,112 | ---- | M] () -- C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.08.24 08:00:48 | 000,033,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.08.24 05:45:42 | 000,101,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2007.08.17 11:50:00 | 000,483,144 | ---- | M] (Corel, Inc.) -- C:\Programme\Corel\Corel MediaOne\Corel Photo Downloader.exe
PRC - [2007.08.02 21:08:00 | 000,095,504 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.12.11 10:16:28 | 000,026,112 | ---- | M] () -- C:\Programme\Steganos Safe OEM\SteganosHotKeyService.exe
MOD - [2008.10.01 15:30:08 | 000,135,168 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxbase28uh_net_vc.dll
MOD - [2008.10.01 15:30:06 | 003,162,112 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxmsw28uh_core_vc.dll
MOD - [2008.10.01 15:30:06 | 001,318,912 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxbase28uh_vc.dll
MOD - [2008.10.01 15:30:06 | 000,704,512 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxmsw28uh_adv_vc.dll
MOD - [2008.10.01 15:30:06 | 000,483,328 | ---- | M] () -- C:\Programme\Steganos Safe OEM\wxmsw28uh_html_vc.dll
MOD - [2008.10.01 15:24:38 | 000,147,456 | ---- | M] () -- C:\Programme\Steganos Safe OEM\ShellExtension.dll
MOD - [2008.06.11 22:18:38 | 000,120,216 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008.06.11 22:18:36 | 000,259,480 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008.06.11 22:18:34 | 000,345,384 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2008.06.11 22:17:08 | 000,066,856 | ---- | M] () -- C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007.08.14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.08.02 21:07:56 | 000,034,064 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
MOD - [2007.07.12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.06 23:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.12.11 17:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.24 07:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.08.24 04:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.01.19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.06 23:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 23:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 23:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 23:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 23:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.09.06 23:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.10.05 11:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009.03.22 15:24:12 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009.03.22 15:23:51 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008.12.11 09:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008.10.03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.10.01 15:24:24 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen16.sys -- (SLEE_16_DRIVER)
DRV - [2008.09.22 13:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctfw.sys -- (SFilter)
DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.10 00:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.10 00:23:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.04.27 11:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.07.12 12:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7GPEA_de
IE - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.10 20:26:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.04 18:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.26 21:42:59 | 000,000,000 | ---D | M]
 
[2009.04.03 22:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonja\AppData\Roaming\mozilla\Extensions
[2012.08.07 23:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions
[2009.09.10 21:21:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.07.08 16:18:11 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.05 16:42:27 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.24 16:24:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\h52j4lsb.default\extensions\engine@conduit.com
[2012.07.08 16:18:14 | 000,000,853 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\11-suche.xml
[2010.08.07 10:16:34 | 000,000,881 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\conduit.xml
[2012.07.08 16:18:14 | 000,002,209 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\englische-ergebnisse.xml
[2012.07.08 16:18:14 | 000,010,506 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\gmx-suche.xml
[2012.07.08 16:18:14 | 000,002,368 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\lastminute.xml
[2012.07.08 16:18:14 | 000,005,489 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\h52j4lsb.default\searchplugins\webde-suche.xml
[2011.07.26 21:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.10 20:26:18 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.12.17 17:36:56 | 000,011,510 | ---- | M] () (No name found) -- C:\USERS\SONJA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\H52J4LSB.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2011.09.04 18:26:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.11 01:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010.03.11 01:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010.03.11 01:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010.03.11 01:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010.03.11 01:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010.03.11 01:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O2 - BHO: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SAFEOEM HotKeys] C:\Program Files\Steganos Safe OEM\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2337828272-3112830461-2835860203-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://gate.ewe.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B7642CF-6107-4848-A804-A20F5A684EEA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Programme\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.12 18:12:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.11 14:10:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Sonja\Desktop\OTL.exe
[2012.07.29 11:37:03 | 000,000,000 | ---D | C] -- C:\Users\Sonja\Desktop\Neuer Ordner (2)
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.12 19:05:52 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.12 19:05:52 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.12 19:05:52 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.12 19:05:52 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.12 19:04:37 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.08.12 18:58:38 | 000,000,249 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012.08.12 18:58:37 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.08.12 18:58:36 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.08.12 18:58:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 18:58:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.12 18:58:11 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.12 18:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.12 18:57:58 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 14:10:52 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sonja\Desktop\OTL.exe
 
========== Files Created - No Company Name ==========
 
[2012.08.12 18:32:48 | 000,000,974 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.12 18:30:17 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.08.12 18:29:49 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.08.12 18:29:23 | 3218,284,544 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.29 21:13:19 | 000,000,000 | ---- | C] () -- C:\Users\Sonja\AppData\Local\{96D20519-2F95-4F8D-924F-274C864CBA40}
[2011.02.06 22:18:04 | 319,312,022 | ---- | C] () -- C:\Users\Sonja\Sonja Fotobuch.cpr
[2009.10.04 13:42:44 | 000,007,592 | ---- | C] () -- C:\Users\Sonja\AppData\Local\d3d9caps.dat
[2009.10.03 18:51:24 | 000,000,893 | ---- | C] () -- C:\Users\Sonja\.recently-used.xbel
[2008.10.25 16:32:47 | 000,086,016 | ---- | C] () -- C:\Users\Sonja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.08.06 00:59:54 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Ashampoo
[2011.01.04 11:39:43 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Canon
[2011.04.24 16:23:46 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.03 18:51:24 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\gtk-2.0
[2011.01.06 20:45:07 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\ICAClient
[2011.01.06 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Juniper Networks
[2009.03.29 15:30:16 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\OpenOffice.org
[2009.01.17 18:24:04 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Opera
[2009.01.17 18:56:52 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\PCToolsFirewallPlus
[2010.04.26 21:34:54 | 000,000,000 | ---D | M] -- C:\Users\Sonja\AppData\Roaming\Ulead Systems
[2012.08.12 18:39:46 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >

t'john 13.08.2012 14:06
Wo ist das FIX-Log?

Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

deko 14.08.2012 14:03
Wird die Fix-Datei danach iwo abgespeichert? Ich dachte, dass ich bloß die neue Scan Datei erneut hochladen sollte.

Gruß Deko

t'john 14.08.2012 15:16
kannst du lesen?

was habe ich hier gschrieben: http://www.trojaner-board.de/121828-...tml#post890823?

t'john 27.09.2012 19:43
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19