| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mehrere Trojaner/Viren entfernen?, Internet funktioniert nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2012, 01:34
| #1 | |
 |  Mehrere Trojaner/Viren entfernen?, Internet funktioniert nicht Hallo, der PC meiner Freundin hat seit gestern immer wieder eine Meldung (Avira) über ein und den selben Trojaner gebracht. Die Meldung kam auch als er in Quarantänte verschoben wurde. Habe anschließend mal Malwarebytes installiert und einen Quick- bzw. Vollscan durchgeführt wo er dann edliche Trojaner/Viren entdeckt und entfernt hat. Logfiles davon habe ich leider nicht gespeichert. Nun habe ich heute mal nen Vollscan mit Malwarebytes durchgeführt wo dann nichts mehr gefunden wurde aber Avira hat 8 schädliche Datein/Software etc. gefunden und hab sie dann in Quarantäne verschoben. Vor ein paar Stunden ist dann aufeinmal das Internet kurz am PC ausgefallen. Hatte mir nichts dabei gedacht nur als ich dann versucht habe erneut ins Netz zu gehen konnte keine Verbindung mehr aufgebaut werden bzw. ist immer nach 2 Sekunden wenn eine seite geladen hat das Internet ausgefallen. Jetzt gerade funktioniert es wieder aber erst nachdem ich "Defrogger" benutzt habe und "Disable" gedrückt habe, "OTL" scan durchgeführt habe und "Gmer" auch. Keine Ahnung ob das zusammenhängt. Hier der OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.07.2012 20:33:36 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\sarah\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 65,10% Memory free 7,23 Gb Paging File | 5,84 Gb Available in Paging File | 80,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 153,38 Gb Total Space | 38,20 Gb Free Space | 24,91% Space Free | Partition Type: NTFS Drive D: | 727,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SARAH-PC | User Name: sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.21 20:27:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sarah\Desktop\OTL.exe PRC - [2012.07.03 20:37:20 | 001,192,664 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.06 21:33:31 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:48:48 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files\avira\antivir desktop\avscan.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.02 00:22:53 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files\avira\antivir desktop\avcenter.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () -- C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2009.12.04 15:48:54 | 001,728,512 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009.04.27 15:20:02 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2009.04.27 15:19:38 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.04.11 00:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe ========== Modules (No Company Name) ========== MOD - [2012.07.03 20:37:20 | 001,192,664 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.05.06 21:33:31 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2009.11.03 11:11:50 | 047,628,288 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll MOD - [2009.05.07 16:53:18 | 000,106,496 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009.05.07 16:50:46 | 000,073,728 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2008.02.14 13:57:00 | 000,094,208 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.16 17:59:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.18 13:59:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.06 21:33:31 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE -- (ICQ Service) SRV - [2012.02.19 18:53:49 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\AsrCDDrv.sys -- (AsrCDDrv) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.25 21:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 40 8F E5 70 30 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=334&systemid=406&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaulturl: "hxxp://www.searchcanvas.com/web?ot=7&q=" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=334&systemid=406&sr=0&q=" FF - prefs.js..network.proxy.http: "193.84.22.97" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.06 22:14:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 13:59:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 18:49:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 13:59:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 18:49:05 | 000,000,000 | ---D | M] [2012.07.03 23:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sarah\AppData\Roaming\mozilla\Extensions [2012.07.08 14:12:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sarah\AppData\Roaming\mozilla\Firefox\Profiles\r8v3ln8a.default\extensions [2012.05.09 22:05:29 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Users\sarah\AppData\Roaming\mozilla\Firefox\Profiles\r8v3ln8a.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012.07.20 18:06:17 | 000,000,950 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\searchplugins\icqplugin-1.xml [2011.09.07 15:04:05 | 000,000,950 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\searchplugins\icqplugin-3.xml [2011.09.07 21:18:50 | 000,000,950 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\searchplugins\icqplugin-4.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\searchplugins\icqplugin.xml [2012.07.03 23:26:02 | 000,002,519 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\searchplugins\Search_Results.xml [2012.07.17 18:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.07.03 23:26:08 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION [2012.02.29 17:13:28 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8V3LN8A.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI [2012.06.15 15:44:44 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8V3LN8A.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.06.18 13:59:15 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.09 16:36:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.10 18:48:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.10 18:48:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.10 18:48:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.10 18:48:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.03 23:26:02 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2011.11.10 18:48:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.10 18:48:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc) O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - 10 - Reg Error: Value error. File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Spotify] C:\Users\sarah\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E2341BC-7121-4792-A4CF-EA2D259D491E}: DhcpNameServer = 82.212.62.62 78.42.43.62 O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.01.26 10:41:23 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ] O32 - AutoRun File - [2007.01.26 10:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2007.01.26 10:40:58 | 000,000,149 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007.01.26 09:06:20 | 000,651,264 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ] O33 - MountPoints2\{00201398-8620-11e0-a05d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{00201398-8620-11e0-a05d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2007.01.26 10:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.21 20:27:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\sarah\Desktop\OTL.exe [2012.07.20 19:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.07.20 19:24:09 | 000,000,000 | ---D | C] -- C:\Users\sarah\Documents\Simply Super Software [2012.07.20 19:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.07.20 19:04:24 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.20 19:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.17 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\sarah\AppData\Roaming\Malwarebytes [2012.07.17 18:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.17 18:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.17 18:33:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.17 18:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.16 18:08:18 | 000,000,000 | ---D | C] -- C:\Users\sarah\AppData\Local\Macromedia [2012.07.15 21:14:45 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.07.15 21:14:45 | 000,000,000 | RH-D | C] -- C:\Users\sarah\AppData\Roaming\SecuROM [2012.07.15 00:50:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games [2012.07.14 22:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2012.07.14 22:39:43 | 000,000,000 | ---D | C] -- C:\Users\sarah\Documents\EA Games [2012.07.04 13:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012.07.03 23:23:18 | 000,000,000 | ---D | C] -- C:\Users\sarah\AppData\Local\Ilivid Player [2012.07.03 23:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid [2012.07.03 23:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar [2012.07.02 17:48:26 | 000,000,000 | ---D | C] -- C:\Users\sarah\AppData\Roaming\.minecraft [2012.07.02 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\sarah\AppData\Roaming\.Nitrous ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\ [2012.07.21 20:32:34 | 000,000,000 | ---- | M] () -- C:\Users\sarah\defogger_reenable [2012.07.21 20:27:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sarah\Desktop\OTL.exe [2012.07.21 20:25:46 | 000,050,477 | ---- | M] () -- C:\Users\sarah\Desktop\Defogger.exe [2012.07.21 19:59:41 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000UA.job [2012.07.21 19:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.21 19:54:37 | 000,008,704 | ---- | M] () -- C:\Users\sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.21 19:44:42 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.21 19:44:42 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.21 17:44:55 | 000,105,719 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.07.21 17:44:55 | 000,105,719 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.07.21 17:44:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.21 17:44:35 | 3757,367,296 | -HS- | M] () -- C:\hiberfil.sys [2012.07.20 20:00:27 | 000,002,708 | ---- | M] () -- C:\Users\sarah\.recently-used.xbel [2012.07.20 19:51:11 | 000,652,528 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.20 19:51:11 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.20 19:51:11 | 000,134,766 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.20 19:51:11 | 000,113,694 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.20 19:09:23 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.18 23:09:27 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000Core.job [2012.07.17 18:55:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.15 21:14:45 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.07.15 21:12:18 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Glamour-Accessoires.lnk [2012.07.15 21:08:37 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Teen Style-Accessoires.lnk [2012.07.15 21:03:20 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk [2012.07.15 20:59:36 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk [2012.07.15 20:53:16 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims 2 Nightlife.lnk [2012.07.14 22:41:14 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims 2.lnk [2012.07.13 23:55:45 | 000,257,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.02 17:37:10 | 000,278,561 | ---- | M] () -- C:\Users\sarah\Desktop\Minecraft.exe ========== Files Created - No Company Name ========== File not found -- C:\Windows\System32\ [2012.07.21 20:32:34 | 000,000,000 | ---- | C] () -- C:\Users\sarah\defogger_reenable [2012.07.21 20:25:46 | 000,050,477 | ---- | C] () -- C:\Users\sarah\Desktop\Defogger.exe [2012.07.20 20:00:27 | 000,002,708 | ---- | C] () -- C:\Users\sarah\.recently-used.xbel [2012.07.20 19:01:39 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.17 19:00:30 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{25089251-7a80-c313-294e-90f4e8342035}\U\80000000.@ [2012.07.17 18:33:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.16 17:43:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.15 21:12:18 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Glamour-Accessoires.lnk [2012.07.15 21:08:37 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Teen Style-Accessoires.lnk [2012.07.15 21:03:20 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk [2012.07.15 20:59:36 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk [2012.07.15 20:53:16 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2 Nightlife.lnk [2012.07.14 22:41:14 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2.lnk [2012.07.02 17:37:09 | 000,278,561 | ---- | C] () -- C:\Users\sarah\Desktop\Minecraft.exe [2012.06.01 17:27:12 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini [2012.06.01 17:25:03 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll [2012.06.01 17:25:03 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll [2012.06.01 17:25:03 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll [2012.06.01 17:25:03 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll [2012.06.01 17:25:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll [2012.06.01 17:25:03 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll [2012.06.01 17:25:03 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe [2012.06.01 17:25:03 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll [2012.06.01 17:25:03 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll [2012.06.01 17:25:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll [2012.06.01 17:25:03 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll [2012.06.01 17:25:03 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe [2012.06.01 17:25:03 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe [2012.06.01 17:25:03 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll [2012.06.01 17:25:03 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll [2012.06.01 17:25:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll [2012.06.01 17:25:03 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll [2012.01.11 16:43:32 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{25089251-7a80-c313-294e-90f4e8342035}\@ [2012.01.11 16:43:32 | 000,002,048 | -HS- | C] () -- C:\Users\sarah\AppData\Local\{25089251-7a80-c313-294e-90f4e8342035}\@ [2011.11.01 19:48:48 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.11.01 19:48:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.11.01 19:47:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.11.01 18:29:02 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.11.01 18:29:02 | 000,138,056 | ---- | C] () -- C:\Users\sarah\AppData\Roaming\PnkBstrK.sys [2011.11.01 18:28:51 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.11.01 18:28:50 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.09.04 16:57:29 | 000,000,538 | RHS- | C] () -- C:\Users\sarah\ntuser.pol [2011.09.02 16:42:52 | 000,008,704 | ---- | C] () -- C:\Users\sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.25 17:50:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.05.25 17:50:03 | 000,652,528 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.05.25 17:50:03 | 000,134,766 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.05.25 17:50:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.05.24 22:03:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.05.24 20:29:21 | 000,105,719 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.05.24 20:29:21 | 000,105,719 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.05.24 18:25:34 | 000,000,680 | ---- | C] () -- C:\Users\sarah\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012.07.02 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\.minecraft [2012.07.02 17:40:42 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\.Nitrous [2011.09.14 20:31:58 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\DVDVideoSoft [2011.09.14 20:31:02 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.20 20:00:27 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\gtk-2.0 [2012.06.07 02:24:59 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\ICQ [2012.05.06 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\ICQ Search [2012.01.04 23:11:12 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\LolClient [2011.08.21 20:32:53 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\OpenOffice.org [2011.07.04 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\Skip-Bo [2012.07.21 17:45:13 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\Spotify [2012.07.18 23:09:27 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000Core.job [2012.07.21 19:59:41 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000UA.job [2012.07.21 17:43:44 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Hier der OTL Extra Log: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.07.2012 20:33:36 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\sarah\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 65,10% Memory free
7,23 Gb Paging File | 5,84 Gb Available in Paging File | 80,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,38 Gb Total Space | 38,20 Gb Free Space | 24,91% Space Free | Partition Type: NTFS
Drive D: | 727,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: SARAH-PC | User Name: sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[verify-U]_AVS_IE_Add-on" = [verify-U]_AVS_IE_Add-on
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"facemoods" = Facemoods Toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Guard.Mail.ru" = Guard.ICQ
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Searchqu Toolbar" = Searchqu Toolbar
"Skip-Bo: Castaway Caper" = Skip-Bo: Castaway Caper (entfernen)
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.07.2012 19:10:37 | Computer Name = sarah-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.07.2012 07:21:35 | Computer Name = sarah-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.07.2012 18:57:33 | Computer Name = sarah-PC | Source = WinMgmt | ID = 10
Description =
Error - 19.07.2012 01:54:51 | Computer Name = sarah-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.07.2012 05:55:19 | Computer Name = sarah-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.07.2012 13:21:48 | Computer Name = sarah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tc6.exe, Version 6.0.0.0, Zeitstempel 0x2a425e19,
fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47967,
Ausnahmecode 0xc0000005, Fehleroffset 0x000bfea5, Prozess-ID 0x16b8, Anwendungsstartzeit
01cd669c23936e45.
Error - 20.07.2012 13:21:57 | Computer Name = sarah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung tc6.exe, Version 6.0.0.0, Zeitstempel 0x2a425e19,
fehlerhaftes Modul kernel32.dll, Version 6.0.6002.18449, Zeitstempel 0x4da47967,
Ausnahmecode 0xc0000005, Fehleroffset 0x000bfea5, Prozess-ID 0x898, Anwendungsstartzeit
01cd669c28045cf0.
Error - 21.07.2012 07:35:19 | Computer Name = sarah-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.07.2012 10:56:26 | Computer Name = sarah-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: d14 Anfangszeit: 01cd673518b8515c Zeitpunkt der
Beendigung: 87
Error - 21.07.2012 11:46:21 | Computer Name = sarah-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 21.07.2012 07:35:19 | Computer Name = sarah-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 21.07.2012 07:35:19 | Computer Name = sarah-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 21.07.2012 07:35:19 | Computer Name = sarah-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 21.07.2012 11:42:31 | Computer Name = sarah-PC | Source = DCOM | ID = 10016
Description =
Error - 21.07.2012 11:45:25 | Computer Name = sarah-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Apollo P-1200 nicht unter dem
Namen Apollo P-1200 freigeben. Fehler: 1753. Der Drucker kann nicht von anderen
Benutzern im Netzwerk verwendet werden.
Error - 21.07.2012 11:46:21 | Computer Name = sarah-PC | Source = Service Control Manager | ID = 7023
Description =
Error - 21.07.2012 11:46:21 | Computer Name = sarah-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 21.07.2012 11:46:21 | Computer Name = sarah-PC | Source = Service Control Manager | ID = 7003
Description =
Error - 21.07.2012 11:46:47 | Computer Name = sarah-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
Error - 21.07.2012 11:55:35 | Computer Name = sarah-PC | Source = DCOM | ID = 10016
Description =
< End of report >
Hier der GMER Log: Zitat:
In Avira komm ich seit dem ich Defrogger benutzt habe nicht mehr in das AviraCenter um zu schauen welche TR/Viren in Quarantäne sind. MfG |
|
22.07.2012, 09:57
| #2 |
  | Mehrere Trojaner/Viren entfernen?, Internet funktioniert nicht Hi,
__________________Reste eines Rootkits, das Sicherheitscenter ist ausgeschaltet... OTL:
 Code:
ATTFilter :OTL
[2012.01.11 16:43:32 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{25089251-7a80-c313-294e-90f4e8342035}\@
[2012.01.11 16:43:32 | 000,002,048 | -HS- | C] () -- C:\Users\sarah\AppData\Local\{25089251-7a80-c313-294e-90f4e8342035}\@
:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01
:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... AdwareCleaner (AdwCleaner) Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Poste die Logfiles in Code-Tags Download über AdwCleaner by Xplode zum Desktop.  Starte AdwCleaner und klicke Search Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum. chris
__________________ |
|
22.07.2012, 15:52
| #3 | |||
| | Mehrere Trojaner/Viren entfernen?, Internet funktioniert nicht Hallo,
__________________bin nur bis zum Punkt "ComboFix" gekommen. Der Pc startete neu und meinte das die Log Datei nicht gefunden wurde und fragte in eine erstellt werden solle. Habe "Ja" gedrückt aber die Log Datei war komplett leer. Jetzt öffnet er keine Programme und soweiter mehr.. Fehlermedlung: es wurde versucht, einen Registrierungsschlüssel einem unzulässigem Vorgang zu unterziehen, der zum löschen markiert wurde. Unter C:/ ist eine Log Datei von Combo fix die ich aber wegen der Fehlermeldung nicht öffnen kann. MfG Schuldigung für einen Doppelpost aber der Fehler hat sich durch einen Simplen Neustart behoben  Hier die geforderten Logs: Hi, hier das was nach dem FIX geöffnet wurde: (%systemroot%\_OTL gibts bei mir nicht) Zitat:
Hier der Report von TDSS: Zitat:
Hier der Log von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-21.01 - sarah 22.07.2012 16:27:58.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1033.18.3582.2510 [GMT 2:00]
ausgeführt von:: c:\users\sarah\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\windows\system32\
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-22 bis 2012-07-22 ))))))))))))))))))))))))))))))
.
.
2012-07-22 14:33 . 2012-07-22 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 14:07 . 2012-07-22 14:07 -------- d-----w- C:\TDSS
2012-07-22 13:52 . 2012-07-22 13:52 -------- d-----w- C:\_OTL
2012-07-20 17:24 . 2012-07-20 17:24 -------- d-----w- c:\programdata\Simply Super Software
2012-07-17 16:33 . 2012-07-17 16:33 -------- d-----w- c:\users\sarah\AppData\Roaming\Malwarebytes
2012-07-17 16:33 . 2012-07-17 16:33 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 16:33 . 2012-07-17 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-17 16:33 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 16:08 . 2012-07-16 16:08 -------- d-----w- c:\users\sarah\AppData\Local\Macromedia
2012-07-15 19:14 . 2012-07-15 19:14 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-07-15 19:14 . 2012-07-15 19:14 -------- d--h--r- c:\users\sarah\AppData\Roaming\SecuROM
2012-07-13 11:47 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 12:42 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 12:42 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 12:42 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 12:42 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 12:42 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 12:42 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-04 11:51 . 2012-07-04 11:51 -------- d-----w- c:\programdata\boost_interprocess
2012-07-03 21:23 . 2012-07-03 21:23 -------- d-----w- c:\users\sarah\AppData\Local\Ilivid Player
2012-07-03 21:22 . 2012-07-20 17:10 -------- d-----w- c:\program files\iLivid
2012-07-03 21:21 . 2012-07-03 21:26 -------- d-----w- c:\program files\Searchqu Toolbar
2012-07-02 15:48 . 2012-07-02 15:55 -------- d-----w- c:\users\sarah\AppData\Roaming\.minecraft
2012-07-02 15:40 . 2012-07-02 15:40 -------- d-----w- c:\users\sarah\AppData\Roaming\.Nitrous
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 15:59 . 2012-05-07 13:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 15:59 . 2011-06-02 12:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 15:43 . 2011-11-01 17:48 279552 ----a-w- c:\windows\system32\services.exe
2012-06-02 22:19 . 2012-06-21 10:25 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 10:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 10:25 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 10:25 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 10:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 10:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 10:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 10:25 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 10:25 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-08 16:40 . 2012-06-01 11:06 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{07B34BDB-A0E8-4BD5-8190-6D6233015301}\mpengine.dll
2012-05-01 14:03 . 2012-06-14 05:09 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-27 08:20 . 2012-06-04 16:01 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-24 22:32 . 2012-06-04 16:01 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-23 16:00 . 2012-06-14 05:09 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 05:09 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 05:09 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-18 11:59 . 2011-07-04 14:38 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 12:21 128064 ----a-w- c:\program files\icq\Internet Explorer\icq.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\sarah\AppData\Roaming\Spotify\Spotify.exe" [2012-07-03 7609560]
"Facebook Update"="c:\users\sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Spotify Web Helper"="c:\users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-03 1192664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 1728512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Guard.Mail.ru.gui"="c:\program files\Guard-ICQ\GuardICQ.exe" [2012-05-06 1564368]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2009-04-27 74408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
.
[HKLM\~\startupfolder\C:^Users^sarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2012-05-06 19:33 127040 ----a-w- c:\program files\ICQ7M\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-10-11 17:09 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 15:59]
.
2012-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000Core.job
- c:\users\sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-07 20:54]
.
2012-07-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000UA.job
- c:\users\sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-07 20:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchnu.com/406
IE: Free YouTube to MP3 Converter - c:\users\sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 82.212.62.62 78.42.43.62
FF - ProfilePath - c:\users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.searchcanvas.com/web?ot=7&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=334&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.http - 193.84.22.97
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\ICQ6TO~1\ICQSER~1.EXE
c:\windows\system32\lxczcoms.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Lexmark 1200 Series\lxczbmon.exe
c:\windows\system32\vssvc.exe
c:\program files\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-22 16:44:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-22 14:43
.
Vor Suchlauf: 10 Verzeichnis(se), 40.750.092.288 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 40.254.488.576 Bytes frei
.
- - End Of File - - 6A7533BD383421DAA06F5E82DF4BFD6E[/QUOTE]
Hier der Log von AdwCleaner: Zitat:
|
|
22.07.2012, 18:57
| #4 |
| | Mehrere Trojaner/Viren entfernen?, Internet funktioniert nicht Hi, sieht recht ordentlich aus... AdwareCleaner Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum. Erstelle und poste ein neues OTL-Log... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
22.07.2012, 19:36
| #5 | |
| | Mehrere Trojaner/Viren entfernen?, Internet funktioniert nicht Hey, hier der AdwareCleaner Log nach dem "Delete": Zitat:
Und hier nochmal ein neuer OTL Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.07.2012 20:32:41 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\sarah\Desktop Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 68,17% Memory free 7,18 Gb Paging File | 5,98 Gb Available in Paging File | 83,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 153,38 Gb Total Space | 36,76 Gb Free Space | 23,97% Space Free | Partition Type: NTFS Drive D: | 727,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SARAH-PC | User Name: sarah | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.21 20:27:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sarah\Desktop\OTL.exe PRC - [2012.07.16 17:59:05 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe PRC - [2012.07.03 20:37:20 | 001,192,664 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.18 13:59:15 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.05.06 21:33:31 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () -- C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe PRC - [2009.12.04 15:48:54 | 001,728,512 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009.04.27 15:20:02 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2009.04.27 15:19:38 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 00:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe ========== Modules (No Company Name) ========== MOD - [2012.07.16 17:59:05 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_265.dll MOD - [2012.07.03 20:37:20 | 001,192,664 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.06.18 13:59:14 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.05.06 21:33:31 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2011.03.21 20:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe MOD - [2009.11.03 11:11:50 | 047,628,288 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll MOD - [2009.05.07 16:53:18 | 000,106,496 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009.05.07 16:50:46 | 000,073,728 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2008.02.14 13:57:00 | 000,094,208 | ---- | M] () -- C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.16 17:59:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.18 13:59:14 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.06 21:33:31 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.20 11:16:08 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE -- (ICQ Service) SRV - [2012.02.19 18:53:49 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.01.21 04:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\AsrCDDrv.sys -- (AsrCDDrv) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.25 21:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 36 40 8F E5 70 30 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://www.searchcanvas.com/web?ot=7&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..network.proxy.http: "193.84.22.97" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.06 22:14:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 13:59:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 18:49:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 13:59:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 18:49:05 | 000,000,000 | ---D | M] [2012.07.03 23:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sarah\AppData\Roaming\mozilla\Extensions [2012.07.22 20:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sarah\AppData\Roaming\mozilla\Firefox\Profiles\r8v3ln8a.default\extensions [2012.05.09 22:05:29 | 000,000,000 | ---D | M] (FT SleekDark) -- C:\Users\sarah\AppData\Roaming\mozilla\Firefox\Profiles\r8v3ln8a.default\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66} [2012.07.20 18:06:17 | 000,000,950 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\searchplugins\icqplugin-1.xml [2011.09.07 15:04:05 | 000,000,950 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\searchplugins\icqplugin-3.xml [2011.09.07 21:18:50 | 000,000,950 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\searchplugins\icqplugin-4.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\sarah\AppData\Roaming\Mozilla\Firefox\Profiles\r8v3ln8a.default\searchplugins\icqplugin.xml [2012.07.17 18:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.02.29 17:13:28 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8V3LN8A.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI [2012.06.15 15:44:44 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R8V3LN8A.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.06.18 13:59:15 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.09 16:36:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.11.10 18:48:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.10 18:48:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.11.10 18:48:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.11.10 18:48:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.10 18:48:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.10 18:48:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.22 16:34:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: ([verify-U]_Add-on) - {F4552A56-119C-478E-AB3F-2C850F78B72E} - C:\Program Files\[verify-U]_AVS_IE_Add-on\[verify-U]_AVS.dll (Cybits AG) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Spotify] C:\Users\sarah\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\sarah\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E2341BC-7121-4792-A4CF-EA2D259D491E}: DhcpNameServer = 82.212.62.62 78.42.43.62 O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.01.26 10:41:23 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ] O32 - AutoRun File - [2007.01.26 10:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2007.01.26 10:40:58 | 000,000,149 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007.01.26 09:06:20 | 000,651,264 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.22 16:44:59 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.07.22 16:35:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.07.22 16:25:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.07.22 16:25:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.07.22 16:25:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.07.22 16:24:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.07.22 16:23:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.07.22 16:16:20 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\sarah\Desktop\ComboFix.exe [2012.07.22 16:07:06 | 000,000,000 | ---D | C] -- C:\TDSS [2012.07.22 15:52:27 | 000,000,000 | ---D | C] -- C:\_OTL [2012.07.21 20:27:11 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\sarah\Desktop\OTL.exe [2012.07.20 19:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.07.20 19:24:09 | 000,000,000 | ---D | C] -- C:\Users\sarah\Documents\Simply Super Software [2012.07.20 19:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.07.20 19:04:24 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.20 19:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.07.17 18:33:21 | 000,000,000 | ---D | C] -- C:\Users\sarah\AppData\Roaming\Malwarebytes [2012.07.17 18:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.17 18:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.17 18:33:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.17 18:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.16 18:08:18 | 000,000,000 | ---D | C] -- C:\Users\sarah\AppData\Local\Macromedia [2012.07.15 21:14:45 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.07.15 21:14:45 | 000,000,000 | RH-D | C] -- C:\Users\sarah\AppData\Roaming\SecuROM [2012.07.15 00:50:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games [2012.07.14 22:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2012.07.14 22:39:43 | 000,000,000 | ---D | C] -- C:\Users\sarah\Documents\EA Games [2012.07.02 17:48:26 | 000,000,000 | ---D | C] -- C:\Users\sarah\AppData\Roaming\.minecraft [2012.07.02 17:40:27 | 000,000,000 | ---D | C] -- C:\Users\sarah\AppData\Roaming\.Nitrous ========== Files - Modified Within 30 Days ========== [2012.07.22 20:26:00 | 000,105,719 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.07.22 20:25:59 | 000,105,719 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.07.22 20:25:49 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 20:25:49 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.22 20:25:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.22 20:25:39 | 3757,367,296 | -HS- | M] () -- C:\hiberfil.sys [2012.07.22 17:59:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.22 16:59:05 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000UA.job [2012.07.22 16:34:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.07.22 16:16:47 | 000,632,049 | ---- | M] () -- C:\Users\sarah\Desktop\adwcleaner.exe [2012.07.22 16:16:29 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\sarah\Desktop\ComboFix.exe [2012.07.22 16:14:07 | 000,652,528 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.22 16:14:07 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.22 16:14:07 | 000,134,766 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.22 16:14:07 | 000,113,694 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.21 22:59:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000Core.job [2012.07.21 20:45:46 | 000,302,592 | ---- | M] () -- C:\Users\sarah\Desktop\67ys2l3q.exe [2012.07.21 20:32:34 | 000,000,000 | ---- | M] () -- C:\Users\sarah\defogger_reenable [2012.07.21 20:27:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sarah\Desktop\OTL.exe [2012.07.21 20:25:46 | 000,050,477 | ---- | M] () -- C:\Users\sarah\Desktop\Defogger.exe [2012.07.21 19:54:37 | 000,008,704 | ---- | M] () -- C:\Users\sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.20 20:00:27 | 000,002,708 | ---- | M] () -- C:\Users\sarah\.recently-used.xbel [2012.07.20 19:09:23 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.17 18:55:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.15 21:14:45 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.07.15 21:12:18 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Glamour-Accessoires.lnk [2012.07.15 21:08:37 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Teen Style-Accessoires.lnk [2012.07.15 21:03:20 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk [2012.07.15 20:59:36 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk [2012.07.15 20:53:16 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims 2 Nightlife.lnk [2012.07.14 22:41:14 | 000,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims 2.lnk [2012.07.13 23:55:45 | 000,257,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.02 17:37:10 | 000,278,561 | ---- | M] () -- C:\Users\sarah\Desktop\Minecraft.exe ========== Files Created - No Company Name ========== [2012.07.22 16:25:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.07.22 16:25:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.07.22 16:25:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.07.22 16:25:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.07.22 16:25:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.07.22 16:16:47 | 000,632,049 | ---- | C] () -- C:\Users\sarah\Desktop\adwcleaner.exe [2012.07.21 20:45:46 | 000,302,592 | ---- | C] () -- C:\Users\sarah\Desktop\67ys2l3q.exe [2012.07.21 20:32:34 | 000,000,000 | ---- | C] () -- C:\Users\sarah\defogger_reenable [2012.07.21 20:25:46 | 000,050,477 | ---- | C] () -- C:\Users\sarah\Desktop\Defogger.exe [2012.07.20 20:00:27 | 000,002,708 | ---- | C] () -- C:\Users\sarah\.recently-used.xbel [2012.07.20 19:01:39 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.07.17 18:33:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.16 17:43:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.15 21:12:18 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Glamour-Accessoires.lnk [2012.07.15 21:08:37 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Teen Style-Accessoires.lnk [2012.07.15 21:03:20 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk [2012.07.15 20:59:36 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk [2012.07.15 20:53:16 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2 Nightlife.lnk [2012.07.14 22:41:14 | 000,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2.lnk [2012.07.02 17:37:09 | 000,278,561 | ---- | C] () -- C:\Users\sarah\Desktop\Minecraft.exe [2012.06.01 17:27:12 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini [2012.06.01 17:25:03 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll [2012.06.01 17:25:03 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll [2012.06.01 17:25:03 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll [2012.06.01 17:25:03 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll [2012.06.01 17:25:03 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll [2012.06.01 17:25:03 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll [2012.06.01 17:25:03 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe [2012.06.01 17:25:03 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll [2012.06.01 17:25:03 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll [2012.06.01 17:25:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll [2012.06.01 17:25:03 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll [2012.06.01 17:25:03 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe [2012.06.01 17:25:03 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe [2012.06.01 17:25:03 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll [2012.06.01 17:25:03 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll [2012.06.01 17:25:03 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll [2012.06.01 17:25:03 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll [2011.11.01 19:48:48 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.11.01 19:48:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.11.01 19:47:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.11.01 18:29:02 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.11.01 18:29:02 | 000,138,056 | ---- | C] () -- C:\Users\sarah\AppData\Roaming\PnkBstrK.sys [2011.11.01 18:28:51 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.11.01 18:28:50 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.09.04 16:57:29 | 000,000,538 | RHS- | C] () -- C:\Users\sarah\ntuser.pol [2011.09.02 16:42:52 | 000,008,704 | ---- | C] () -- C:\Users\sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.25 17:50:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.05.25 17:50:03 | 000,652,528 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.05.25 17:50:03 | 000,134,766 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.05.25 17:50:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.05.24 22:03:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.05.24 20:29:21 | 000,105,719 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.05.24 20:29:21 | 000,105,719 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.05.24 18:25:34 | 000,000,680 | ---- | C] () -- C:\Users\sarah\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012.07.02 17:55:24 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\.minecraft [2012.07.02 17:40:42 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\.Nitrous [2011.09.14 20:31:58 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\DVDVideoSoft [2011.09.14 20:31:02 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.20 20:00:27 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\gtk-2.0 [2012.06.07 02:24:59 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\ICQ [2012.05.06 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\ICQ Search [2012.01.04 23:11:12 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\LolClient [2011.08.21 20:32:53 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\OpenOffice.org [2011.07.04 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\Skip-Bo [2012.07.22 20:26:12 | 000,000,000 | ---D | M] -- C:\Users\sarah\AppData\Roaming\Spotify [2012.07.21 22:59:00 | 000,001,116 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000Core.job [2012.07.22 16:59:05 | 000,001,138 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2778025260-2901813310-1566513995-1000UA.job [2012.07.22 20:24:37 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > MfG |
|
22.07.2012, 19:43
| #6 |
| | Mehrere Trojaner/Viren entfernen?, Internet funktioniert nicht Hi, Gruß an Sahra, wir sind durch: Combofix deinstallieren: Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist. Combofix deinstallieren  OTL und das Verzeichnis C:\_OTL löschen.... Die restlichen Tools je nach Geschmack behalten und ab und zu updaten und Fullscann (MAM etc.)... chris
__________________ --> Mehrere Trojaner/Viren entfernen?, Internet funktioniert nicht |
|
22.07.2012, 19:53
| #7 |
| |  Mehrere Trojaner/Viren entfernen?, Internet funktioniert nicht Perfekt, danke dir vielmals für deine Hilf und Mühe ihr Problem zu lösen Jetzt kann ich den Pc auch wieder ohne Ängste benutzt  .Wünsch dir einen schönen Abend! MfG |
|
| Themen zu Mehrere Trojaner/Viren entfernen?, Internet funktioniert nicht |
| adobe, antivir, avira, bandoo, bho, converter, entfernen, error, firefox, flash player, format, google, grand theft auto, install.exe, internet, jdownloader, langs, limited.com/facebook, locker, mozilla, mp3, netzwerk, object, plug-in, port, programm, realtek, registry, rundll, searchqu toolbar, searchscopes, security, sekunden, spotify web helper, super, trojaner, vista |
Linear-Darstellung
