Anforderung imp.js von tracker.tradedoubler.com nach neu aufgesetztem System win7 Hallo und guten Morgen,
ich benötige gleich zweifach eure Hilfe. Aber - gemäß den Regeln des Forums - erst mal meine erste Frage:
Ich arbeite gerade jetzt am Laptop meiner Tochter. Auf diesem Laptop hat sie sich den GVU Virus eingefangen. Nachdem ich nach Recherche im Internet die infizierte Datei gelöscht habe, lief der PC wieder, allerdings immer mit dem Warnhinweis, dass es sich nicht um eine Original-Windows Version handelt. Ich hatte wohl eine Datei gelöscht, in der eine wichtige Information gespeichert war. Da es sich selbstverständlich um eine Original-Software handelt und ich die Original-CD ja noch habe, habe ich mich dazu entschlossen, das System neu aufzusetzen. Soweit wäre jetzt alles in Ordnung, wenn jetzt nicht noch die Aufforderung käme: imps.js von tracker.tradedoubler.com ausführen oder speichern.
Nachstehend der Inhalt von otl.txt, extras.txt und gmer.txt.
Ist der PC sauber bzw. was ist das für eine Anforderung?
Vielen Dank im voraus für eure Hilfe.
otl.txt: Code:
OTL logfile created on: 29.05.2013 13:44:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaddel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 37,32% Memory free
7,93 Gb Paging File | 5,12 Gb Available in Paging File | 64,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 151,70 Gb Free Space | 53,53% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 8,57 Gb Free Space | 58,49% Space Free | Partition Type: NTFS
Computer Name: KADDEL-PC | User Name: Kaddel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.29 13:44:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaddel\Desktop\OTL.exe
PRC - [2013.05.29 13:41:21 | 000,050,477 | ---- | M] () -- C:\Users\Kaddel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9WQ0MYC\Defogger.exe
PRC - [2013.05.25 22:19:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.25 22:18:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.25 22:18:33 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.25 11:47:18 | 004,573,184 | ---- | M] (Spotify Ltd) -- C:\Users\Kaddel\AppData\Roaming\Spotify\spotify.exe
PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.29 13:41:21 | 000,050,477 | ---- | M] () -- C:\Users\Kaddel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9WQ0MYC\Defogger.exe
MOD - [2013.05.25 11:47:18 | 024,985,600 | ---- | M] () -- C:\Users\Kaddel\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009.08.18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.25 22:19:16 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.25 22:18:36 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.25 13:48:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.05.25 22:19:30 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.05.25 22:19:30 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.05.25 22:19:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.08.18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.25 08:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 07:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 07:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 9A 52 4B 26 59 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1D612C5E-3727-4CD4-9345-C10596373F06}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=143078F4-C967-4292-BBE3-9B7EEE40E95C&apn_sauid=3D6D21BF-F850-4DB1-814E-D2E8BE298C1A
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=2I7NDKB_deDE0537______
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Kaddel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FAF0713-570B-45AC-83D5-A1D2440A78A4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56FC9497-F98E-4360-A201-355AEFC591CC}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.29 13:44:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kaddel\Desktop\OTL.exe
[2013.05.26 13:08:45 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.26 11:26:12 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\Documents\Schule
[2013.05.26 11:05:34 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\Documents\Lucas
[2013.05.26 08:34:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.05.26 07:20:17 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.05.26 07:19:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2013.05.26 07:18:30 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2013.05.26 07:18:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2013.05.26 07:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2013.05.26 07:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2013.05.26 07:18:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2013.05.26 07:16:08 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2013.05.26 07:15:56 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2013.05.26 07:15:55 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2013.05.26 07:15:55 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2013.05.26 07:06:41 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~Q
[2013.05.26 07:05:59 | 000,000,000 | -H-D | C] -- C:\$INPLACE.~TR
[2013.05.25 22:31:04 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Avira
[2013.05.25 22:29:18 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Diagnostics
[2013.05.25 22:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.25 22:21:59 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.25 22:21:59 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.25 22:21:59 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.25 22:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.25 22:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.05.25 22:06:06 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.05.25 21:26:58 | 000,000,000 | --SD | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Videos
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Saved Games
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Pictures
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Music
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Links
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Favorites
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Downloads
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Documents
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Desktop
[2013.05.25 21:26:58 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Vorlagen
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\AppData\Local\Verlauf
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\AppData\Local\Temporary Internet Files
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Startmenü
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\SendTo
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Recent
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Netzwerkumgebung
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Lokale Einstellungen
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Documents\Eigene Videos
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Documents\Eigene Musik
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Eigene Dateien
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Documents\Eigene Bilder
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Druckumgebung
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Cookies
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\AppData\Local\Anwendungsdaten
[2013.05.25 21:26:58 | 000,000,000 | -HSD | C] -- C:\Users\Kaddel\Anwendungsdaten
[2013.05.25 21:26:58 | 000,000,000 | -H-D | C] -- C:\Users\Kaddel\AppData
[2013.05.25 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Temp
[2013.05.25 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Microsoft
[2013.05.25 21:26:58 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Media Center Programs
[2013.05.25 21:21:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.05.25 13:49:44 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Macromedia
[2013.05.25 13:49:42 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Adobe
[2013.05.25 13:49:41 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Google
[2013.05.25 13:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013.05.25 13:49:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.05.25 13:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.05.25 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.25 13:49:00 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Google
[2013.05.25 13:48:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.05.25 13:48:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.05.25 13:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.05.25 13:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.05.25 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\Spotify
[2013.05.25 11:46:54 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Spotify
[2013.05.25 10:53:44 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.25 10:53:44 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Searches
[2013.05.25 10:53:44 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.25 10:53:26 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Roaming\Identities
[2013.05.25 10:53:23 | 000,000,000 | R--D | C] -- C:\Users\Kaddel\Contacts
[2013.05.25 10:53:21 | 000,000,000 | ---D | C] -- C:\Users\Kaddel\AppData\Local\VirtualStore
[2013.05.25 10:52:51 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.05.25 10:20:34 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013.05.25 00:37:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2013.05.29 13:44:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kaddel\Desktop\OTL.exe
[2013.05.29 13:21:03 | 000,000,000 | ---- | M] () -- C:\Users\Kaddel\defogger_reenable
[2013.05.29 13:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 12:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.29 12:27:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 20:15:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.28 19:15:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 19:15:37 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 19:12:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.28 19:12:31 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.28 19:12:31 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.28 19:12:31 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.28 19:12:31 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.28 19:07:11 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.26 20:51:36 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.05.26 20:48:29 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.26 15:56:33 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.26 15:56:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.26 13:08:24 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.26 12:57:16 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.26 07:18:18 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2013.05.26 07:18:18 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2013.05.25 22:25:34 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.25 22:19:30 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.05.25 22:19:30 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.05.25 22:19:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.05.25 21:41:32 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.05.25 21:41:32 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.05.25 21:36:41 | 000,022,960 | ---- | M] () -- C:\Windows\SysNative\emptyregdb.dat
[2013.05.25 21:25:00 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013.05.25 20:37:02 | 000,026,430 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013.05.25 20:36:52 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2013.05.25 11:47:18 | 000,001,815 | ---- | M] () -- C:\Users\Kaddel\Desktop\Spotify.lnk
========== Files Created - No Company Name ==========
[2013.05.29 13:21:03 | 000,000,000 | ---- | C] () -- C:\Users\Kaddel\defogger_reenable
[2013.05.26 20:51:36 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2013.05.26 16:20:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.05.26 15:56:33 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.26 15:56:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.26 15:24:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.05.26 07:19:13 | 000,000,024 | RH-- | C] () -- C:\Windows\DELL_version
[2013.05.26 07:18:53 | 000,654,166 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.26 07:18:53 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2013.05.26 07:18:53 | 000,130,006 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.26 07:18:53 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2013.05.25 22:25:34 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.25 22:06:30 | 000,001,407 | ---- | C] () -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.05.25 22:06:27 | 000,001,441 | ---- | C] () -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.25 21:43:39 | 3193,585,664 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.25 21:36:42 | 000,022,960 | ---- | C] () -- C:\Windows\SysNative\emptyregdb.dat
[2013.05.25 21:26:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.05.25 21:26:31 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.05.25 21:25:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.05.25 20:36:50 | 000,026,430 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013.05.25 20:36:50 | 000,001,890 | ---- | C] () -- C:\Windows\diagerr.xml
[2013.05.25 13:49:17 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.25 13:49:04 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.25 13:49:03 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.25 13:48:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.25 11:47:18 | 000,001,815 | ---- | C] () -- C:\Users\Kaddel\Desktop\Spotify.lnk
[2013.05.25 11:47:18 | 000,001,801 | ---- | C] () -- C:\Users\Kaddel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.05.29 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Kaddel\AppData\Roaming\Spotify
========== Purity Check ==========
< End of report > extras.txt Code:
OTL Extras logfile created on: 29.05.2013 13:44:37 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kaddel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 37,32% Memory free
7,93 Gb Paging File | 5,12 Gb Available in Paging File | 64,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 151,70 Gb Free Space | 53,53% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 8,57 Gb Free Space | 58,49% Space Free | Partition Type: NTFS
Computer Name: KADDEL-PC | User Name: Kaddel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{1096351D-56FF-43F8-938E-FF5C72DF503F}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe |
"TCP Query User{AFD462DF-EE0B-475E-B002-15867BE1316D}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe |
"UDP Query User{4CD07370-CEB2-458D-9AA9-10943F1ABB95}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe |
"UDP Query User{82669CCE-62B0-4EAD-A00B-EA9D3E863B54}C:\users\kaddel\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\kaddel\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Google Chrome" = Google Chrome
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.05.2013 15:41:52 | Computer Name = Kaddel-PC | Source = System Restore | ID = 8193
Description =
Error - 25.05.2013 15:41:58 | Computer Name = Kaddel-PC | Source = VSS | ID = 12347
Description =
Error - 25.05.2013 15:41:58 | Computer Name = Kaddel-PC | Source = System Restore | ID = 8193
Description =
Error - 25.05.2013 15:42:09 | Computer Name = Kaddel-PC | Source = VSS | ID = 12347
Description =
Error - 25.05.2013 15:42:09 | Computer Name = Kaddel-PC | Source = System Restore | ID = 8193
Description =
Error - 25.05.2013 16:24:16 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16385,
Zeitstempel: 0x4a5bc69e Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdbdf Ausnahmecode: 0xe06d7363 Fehleroffset: 0x0000b727 ID des fehlerhaften
Prozesses: 0x808 Startzeit der fehlerhaften Anwendung: 0x01ce5985d226a291 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 11af40a8-c579-11e2-8394-0026b9118661
Error - 26.05.2013 14:46:40 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mscorsvw.exe, Version: 4.0.30319.1,
Zeitstempel: 0x4ba1da21 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73846a64 ID des fehlerhaften
Prozesses: 0x6a4 Startzeit der fehlerhaften Anwendung: 0x01ce5a40fe45a664 Pfad der
fehlerhaften Anwendung: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 99c42dd1-c634-11e2-a908-0026b9118661
Error - 26.05.2013 14:46:52 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 13.6.0.778,
Zeitstempel: 0x511e406d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73846a64 ID des fehlerhaften
Prozesses: 0x9e0 Startzeit der fehlerhaften Anwendung: 0x01ce5a4163454945 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a12af52c-c634-11e2-a908-0026b9118661
Error - 26.05.2013 14:46:57 | Computer Name = Kaddel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: avguard.exe, Version: 13.6.0.778,
Zeitstempel: 0x511e406d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x73846a64 ID des fehlerhaften
Prozesses: 0xab8 Startzeit der fehlerhaften Anwendung: 0x01ce5a41667f46c4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: a4309465-c634-11e2-a908-0026b9118661
Error - 26.05.2013 14:56:29 | Computer Name = Kaddel-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16483 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 730 Startzeit: 01ce5a42ac586a75 Endzeit: 16 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: f44421c4-c635-11e2-ba00-0026b9118661
[ System Events ]
Error - 28.05.2013 12:55:22 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.05.2013 12:55:55 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.05.2013 13:07:55 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 28.05.2013 13:07:55 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.05.2013 14:15:43 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.05.2013 20:38:29 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 29.05.2013 02:55:12 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 29.05.2013 03:46:02 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 29.05.2013 06:12:01 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 29.05.2013 06:27:06 | Computer Name = Kaddel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report > gmer.txt Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-30 10:11:34
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320II rev.2AC101C4 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kaddel\AppData\Local\Temp\uwdiipob.sys
---- User code sections - GMER 2.1 ----
.text C:\Users\Kaddel\Downloads\Defogger (1).exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754e1465 2 bytes [4E, 75]
.text C:\Users\Kaddel\Downloads\Defogger (1).exe[2240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754e14bb 2 bytes [4E, 75]
.text ... * 2
---- EOF - GMER 2.1 ---- Liebe Grüße
Anna
Nachtrag: Direkt nach dem ich in euer Forum gepostet habe ist mein PC mit einem Warnhinweis auf ein Sicherheitsrisiko heruntergefahren! |