Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: live security platinum warnung, wirklich entfernt?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.08.2012, 22:54   #1
Frohmischnet
 
live security platinum warnung, wirklich entfernt? - Icon17

live security platinum warnung, wirklich entfernt?



Hallo zusammen,

heute gegen 17Uhr bekam ich die Warnung: live security platinum. nac Recherchen im Netz habe ich das Programm: Sysinternals Process Explorer heruntergeladen und den Anweisungen des Youtubevideos von britec09 (Remove Live Security Platinum By Britec)gefolgt.
Habe daraufhin Malwarebytes heruntergeladen und das System gescant. Habe 6 Objekte gefunden und in Quarantäne genommen.
Dann habe ich noch ein paar Infos gesammelt, die mich aber verunsichern, ob das Problem nun wirklich gelöst ist. Daraufhin habe ich alle scans gemacht und hoffe ihr önnt mir dabei helfen

OTL logfile created on: 14.08.2012 22:09:10 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Tanja\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,49% Memory free
4,22 Gb Paging File | 3,07 Gb Available in Paging File | 72,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 22,34 Gb Free Space | 19,98% Space Free | Partition Type: NTFS

Computer Name: TANJA-NOTEBOOK | User Name: Tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.08.14 21:55:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe
PRC - [2012.08.01 09:33:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.23 12:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012.02.16 15:29:02 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2012.01.31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.29 14:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.08.26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012.01.31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012.01.31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012.01.31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012.01.31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012.01.31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012.01.31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012.01.31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012.01.31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012.01.31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012.01.31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012.01.31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012.01.31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.31 10:12:06 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.03.30 11:04:48 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.08.26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.26 19:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010.12.07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010.12.07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010.12.07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.18 23:42:14 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={A17B1D94-1180-4623-AA26-D470408EA3A5}
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={A17B1D94-1180-4623-AA26-D470408EA3A5}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{31167AAA-71FF-45B1-A788-E89944512F4C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=7d500024-b4a5-40ea-9064-1d8e32b85dfb&apn_sauid=44FD5384-38C2-4913-8FA6-DDB79A103FA6
IE - HKCU\..\SearchScopes\{796E4D28-9101-40A4-B015-84B5FBA42AD8}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&q={searchTerms}&barid={A17B1D94-1180-4623-AA26-D470408EA3A5}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Programme\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\Tanja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tanja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F950B9C-5E88-42F3-AFA1-EA8525F7DB71}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.08.14 21:54:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe
[2012.08.14 18:58:36 | 000,000,000 | ---D | C] -- C:\Users\Tanja\AppData\Roaming\Malwarebytes
[2012.08.14 18:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.14 18:58:31 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.14 18:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.14 18:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.14 18:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF860056C3A6EA92E12CE56C3443
[2012.08.14 17:55:48 | 002,691,192 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Tanja\Desktop\iexplore.exe
[2012.08.14 16:52:59 | 000,000,000 | ---D | C] -- C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.08.14 16:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF860056C3A6EA92E12C2F3B6FDA
[2012.07.27 16:17:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.27 16:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.27 16:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.27 16:06:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.16 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Tanja\Documents\121___07
[2012.07.16 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Tanja\Documents\119___05
[2012.07.16 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Tanja\Documents\118___04
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2012.08.14 21:55:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Tanja\Desktop\OTL.exe
[2012.08.14 21:54:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.14 21:52:57 | 000,000,000 | ---- | M] () -- C:\Users\Tanja\defogger_reenable
[2012.08.14 21:51:29 | 000,050,477 | ---- | M] () -- C:\Users\Tanja\Desktop\Defogger.exe
[2012.08.14 20:52:17 | 000,005,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 20:52:17 | 000,005,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.14 20:52:17 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.14 20:52:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.14 20:50:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.14 18:58:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.14 17:55:57 | 002,691,192 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Tanja\Desktop\iexplore.exe
[2012.08.13 14:38:18 | 000,626,588 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.13 14:38:18 | 000,594,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.13 14:38:18 | 000,125,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.13 14:38:18 | 000,103,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.13 14:37:49 | 000,022,016 | ---- | M] () -- C:\Users\Tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.27 16:17:24 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\System32\
[2012.08.14 21:52:57 | 000,000,000 | ---- | C] () -- C:\Users\Tanja\defogger_reenable
[2012.08.14 21:51:29 | 000,050,477 | ---- | C] () -- C:\Users\Tanja\Desktop\Defogger.exe
[2012.08.14 18:58:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.14 16:50:33 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{f594eed8-9dd6-3424-5d2a-1c4e50eb959a}\U\80000000.@
[2012.08.14 16:50:32 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{f594eed8-9dd6-3424-5d2a-1c4e50eb959a}\U\00000001.@
[2012.07.27 16:17:24 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.11 14:43:24 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f594eed8-9dd6-3424-5d2a-1c4e50eb959a}\@
[2012.01.11 14:43:24 | 000,002,048 | -HS- | C] () -- C:\Users\Tanja\AppData\Local\{f594eed8-9dd6-3424-5d2a-1c4e50eb959a}\@
[2011.10.07 19:40:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011.10.07 19:40:16 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.04.01 08:43:08 | 000,022,016 | ---- | C] () -- C:\Users\Tanja\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.30 13:55:46 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.30 13:55:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.30 13:54:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.03.30 13:54:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.03.30 09:45:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.03.30 09:28:28 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.03.28 13:15:07 | 000,006,324 | ---- | C] () -- C:\Users\Tanja\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012.04.22 09:07:22 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\.minecraft
[2012.07.08 23:50:19 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\DVDVideoSoft
[2012.07.08 23:40:03 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.14 20:37:12 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\LolClient
[2012.05.29 17:28:14 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\LolClient2
[2012.04.14 08:56:37 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\MP3toiPodAudioBookConverter
[2011.03.31 22:40:55 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\OpenOffice.org
[2011.06.19 12:29:53 | 000,000,000 | ---D | M] -- C:\Users\Tanja\AppData\Roaming\Samsung
[2012.08.14 20:50:52 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 14.08.2012 22:09:10 - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Tanja\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 62,49% Memory free
4,22 Gb Paging File | 3,07 Gb Available in Paging File | 72,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 22,34 Gb Free Space | 19,98% Space Free | Partition Type: NTFS

Computer Name: TANJA-NOTEBOOK | User Name: Tanja | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5B58EF61-85F2-4977-97A5-84C19F926579}" = SweetPacks Toolbar for Internet Explorer 4.5
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"Digital Editions" = Adobe Digital Editions
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 3.0.18.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.07.2012 13:08:17 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1208087

Error - 27.07.2012 13:08:18 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27.07.2012 13:08:18 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1209101

Error - 27.07.2012 13:08:18 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1209101

Error - 27.07.2012 13:08:20 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27.07.2012 13:08:20 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1210583

Error - 27.07.2012 13:08:20 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1210583

Error - 27.07.2012 13:08:21 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27.07.2012 13:08:21 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1211738

Error - 27.07.2012 13:08:21 | Computer Name = Tanja-Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1211738

Error - 28.07.2012 03:41:41 | Computer Name = Tanja-Notebook | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_NlaSvc, Version 6.0.6001.18000,
Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000005, Fehleroffset 0x00048762, Prozess-ID 0x628,
Anwendungsstartzeit 01cd6c946895f224.

[ System Events ]
Error - 08.08.2012 19:04:35 | Computer Name = Tanja-Notebook | Source = DCOM | ID = 10010
Description =

Error - 11.08.2012 03:53:51 | Computer Name = Tanja-Notebook | Source = Service Control Manager | ID = 7011
Description =

Error - 12.08.2012 12:53:58 | Computer Name = Tanja-Notebook | Source = DCOM | ID = 10010
Description =

Error - 13.08.2012 07:36:03 | Computer Name = Tanja-Notebook | Source = DCOM | ID = 10010
Description =

Error - 13.08.2012 07:36:30 | Computer Name = Tanja-Notebook | Source = DCOM | ID = 10010
Description =

Error - 14.08.2012 11:25:42 | Computer Name = Tanja-Notebook | Source = DCOM | ID = 10010
Description =

Error - 14.08.2012 11:56:50 | Computer Name = Tanja-Notebook | Source = DCOM | ID = 10010
Description =

Error - 14.08.2012 14:53:09 | Computer Name = Tanja-Notebook | Source = Service Control Manager | ID = 7023
Description =

Error - 14.08.2012 14:53:09 | Computer Name = Tanja-Notebook | Source = Service Control Manager | ID = 7003
Description =

Error - 14.08.2012 14:53:09 | Computer Name = Tanja-Notebook | Source = Service Control Manager | ID = 7003
Description =


GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-14 23:02:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHY2120BH rev.890B
Running: 6jsnw381.exe; Driver: C:\Users\Tanja\AppData\Local\Temp\kwddyaog.sys


---- System - GMER 1.0.15 ----

SSDT 889CFA7E ZwCreateSection
SSDT 889CFA88 ZwRequestWaitReplyPort
SSDT 889CFA83 ZwSetContextThread
SSDT 889CFA8D ZwSetSecurityObject
SSDT 889CFA92 ZwSystemDebugControl
SSDT 889CFA1F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 81CED8D8 4 Bytes [7E, FA, 9C, 88]
.text ntkrnlpa.exe!KeSetEvent + 539 81CEDBFC 4 Bytes [88, FA, 9C, 88]
.text ntkrnlpa.exe!KeSetEvent + 56D 81CEDC30 4 Bytes [83, FA, 9C, 88]
.text ntkrnlpa.exe!KeSetEvent + 5D1 81CEDC94 4 Bytes [8D, FA, 9C, 88]
.text ntkrnlpa.exe!KeSetEvent + 619 81CEDCDC 4 Bytes [92, FA, 9C, 88]
.text ...
? System32\drivers\kfwae.sys Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4680] kernel32.dll!CreateThread 7632CB2E 5 Bytes JMP 6EB075CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!CreateDialogParamW 773F72A2 5 Bytes JMP 6EC990F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!GetAsyncKeyState 773F863C 5 Bytes JMP 6EAEDEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!SetWindowsHookExW 773F87AD 5 Bytes JMP 6EB425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!CallNextHookEx 773F8E3B 5 Bytes JMP 6EB67FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!UnhookWindowsHookEx 773F98DB 5 Bytes JMP 6EB8ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!EnableWindow 773FCD8B 5 Bytes JMP 6EB49EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!DefWindowProcA 773FDB88 7 Bytes JMP 6EB097F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!CreateWindowExA 773FDC2A 5 Bytes JMP 6EB1362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!CreateWindowExW 77401305 5 Bytes JMP 6EB703B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!GetKeyState 77408CB1 5 Bytes JMP 6EAEDD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!DefWindowProcW 774103B4 7 Bytes JMP 6EB68042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!IsDialogMessageW 77410745 5 Bytes JMP 6EC99855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!CreateDialogParamA 774117AA 5 Bytes JMP 6EC990B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!IsDialogMessage 77411847 5 Bytes JMP 6EC9982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!CreateDialogIndirectParamA 774126F1 5 Bytes JMP 6EC99128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!CreateDialogIndirectParamW 77419A62 5 Bytes JMP 6EC99160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!SetKeyboardState 77420987 5 Bytes JMP 6EC9A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!DialogBoxParamW 774210B0 5 Bytes JMP 6EAA187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!DialogBoxIndirectParamW 77422EF5 5 Bytes JMP 6EC98D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!SendInput 77422F75 5 Bytes JMP 6EC9A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!EndDialog 7742326E 5 Bytes JMP 6EC99B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!SetCursorPos 77436FB2 5 Bytes JMP 6EC9A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!DialogBoxParamA 77438152 5 Bytes JMP 6EC98D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!DialogBoxIndirectParamA 7743847D 5 Bytes JMP 6EC98DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!MessageBoxIndirectA 7744D4D9 5 Bytes JMP 6EC98CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!MessageBoxIndirectW 7744D5D3 5 Bytes JMP 6EC98C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!MessageBoxExA 7744D639 5 Bytes JMP 6EC98BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!MessageBoxExW 7744D65D 5 Bytes JMP 6EC98B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] USER32.dll!keybd_event 7744D972 5 Bytes JMP 6EC9A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] SHELL32.dll!SHRestricted + D95 764489A8 4 Bytes [CF, 01, E7, 6F] {IRET ; ADD EDI, ESP; OUTSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] SHELL32.dll!SHRestricted + D9D 764489B0 8 Bytes [E0, 61, E6, 6F, 79, F7, E6, ...] {LOOPNZ 0x63; OUT 0x6f, AL; JNS 0xfffffffffffffffd; OUT 0x6f, AL}
.text C:\Program Files\Internet Explorer\iexplore.exe[4680] ole32.dll!OleLoadFromStream 76F01E80 5 Bytes JMP 6EC9955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5140] USER32.dll!EnableWindow 773FCD8B 5 Bytes JMP 6EB49EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5140] USER32.dll!DialogBoxParamW 774210B0 5 Bytes JMP 6EAA187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5140] USER32.dll!DialogBoxIndirectParamW 77422EF5 5 Bytes JMP 6EC98D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5140] USER32.dll!DialogBoxParamA 77438152 5 Bytes JMP 6EC98D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5140] USER32.dll!DialogBoxIndirectParamA 7743847D 5 Bytes JMP 6EC98DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5140] USER32.dll!MessageBoxIndirectA 7744D4D9 5 Bytes JMP 6EC98CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5140] USER32.dll!MessageBoxIndirectW 7744D5D3 5 Bytes JMP 6EC98C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5140] USER32.dll!MessageBoxExA 7744D639 5 Bytes JMP 6EC98BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5140] USER32.dll!MessageBoxExW 7744D65D 5 Bytes JMP 6EC98B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37660673
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37660673@2cd2e7ec7001 0x95 0xE5 0x1E 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37660673 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37660673@2cd2e7ec7001 0x95 0xE5 0x1E 0x78 ...

---- EOF - GMER 1.0.15 ----


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:52 on 14/08/2012 (Tanja)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-




Ich hoffe sehr, dass alle nötigen Infos vorhanden sind, vielen lieben Dank vorab,
Tanja



< End of report >

Alt 17.08.2012, 16:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
live security platinum warnung, wirklich entfernt? - Standard

live security platinum warnung, wirklich entfernt?



Ohne die Logs von Malwarebytes und Co wird das hier nichts.
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 02.09.2012, 16:17   #3
Frohmischnet
 
live security platinum warnung, wirklich entfernt? - Standard

live security platinum warnung, wirklich entfernt?



Hallo,

nach dem Urlaub, ein Versuch das Problem Laptop abzuschließen.
Vielen Dank für die Antwort, hatte gehofft alle Infos reingepackt zu haben
Nächster Versuch
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.14.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tanja :: TANJA-NOTEBOOK [Administrator]

Schutz: Aktiviert

14.08.2012 19:00:21
mbam-log-2012-08-14 (19-00-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 326926
Laufzeit: 1 Stunde(n), 29 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Tanja\AppData\Local\{f594eed8-9dd6-3424-5d2a-1c4e50eb959a}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Tanja\Downloads\SoftonicDownloader_fuer_jordy-downloader.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{f594eed8-9dd6-3424-5d2a-1c4e50eb959a}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
2012/08/14 18:58:46 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting protection
2012/08/14 18:58:46 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Executing scheduled update:  Daily
2012/08/14 18:58:49 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Protection started successfully
2012/08/14 18:58:52 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting IP protection
2012/08/14 18:58:54 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	IP Protection started successfully
2012/08/14 18:59:42 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting database refresh
2012/08/14 18:59:42 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.07.03.05 to version v2012.08.14.04
2012/08/14 18:59:42 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Stopping IP protection
2012/08/14 18:59:44 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	IP Protection stopped
2012/08/14 18:59:46 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Database refreshed successfully
2012/08/14 18:59:46 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting IP protection
2012/08/14 18:59:48 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	IP Protection started successfully
2012/08/14 19:01:47 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.229.243 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:02:27 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:02:51 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:02:51 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:02:59 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:06:44 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:07:17 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:11:26 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:11:26 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:11:42 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:11:42 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:15:12 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:15:20 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:15:53 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:16:01 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:16:09 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:16:49 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:17:21 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:17:29 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:17:37 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:17:45 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:17:45 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:18:01 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:19:54 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:20:02 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:20:18 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.216.9 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:22:19 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.226.242 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:23:47 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:23:47 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:24:04 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:24:28 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:24:28 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:25:48 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.249.128 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:26:21 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:26:37 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:26:37 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:26:45 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:26:53 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:28:05 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:28:46 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:28:46 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:29:02 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:29:02 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:29:18 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:29:34 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:29:34 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:30:46 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	89.28.74.237 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:32:23 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:32:23 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:33:59 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:34:07 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.229.243 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:36:32 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.226.241 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:36:40 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:41:22 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:41:22 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:41:38 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:45:07 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:45:07 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:45:31 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:45:39 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:45:47 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:46:03 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:46:59 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.216.9 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:49:24 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:49:24 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:49:48 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:49:48 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:50:04 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:50:04 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:51:49 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.229.243 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:52:38 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.234.253 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:53:42 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:53:42 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:53:58 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:53:58 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:54:14 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:54:22 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:54:38 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:54:38 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:55:59 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.229.243 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:57:52 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:58:00 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:58:24 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:58:24 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:58:40 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:58:56 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 19:58:56 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:02:09 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:02:25 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:02:49 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:03:13 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.216.9 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:06:26 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:06:43 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:06:43 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:07:07 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:07:23 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:07:39 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:07:55 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:07:55 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:08:11 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:08:27 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:08:27 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:08:59 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.226.242 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:10:12 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.234.253 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:10:44 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:11:00 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:15:01 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:15:42 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:16:14 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:16:14 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:16:22 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:18:15 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.226.242 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:19:03 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.229.243 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:19:43 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:19:43 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:19:59 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:19:59 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:21:20 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	77.78.244.15 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:23:29 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:23:29 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:23:53 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:27:46 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:27:46 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:28:10 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:28:27 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:28:27 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:28:43 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:29:15 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:32:05 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:32:29 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:32:45 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:32:45 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:34:21 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:36:22 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:36:46 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:41:03 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:41:03 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:41:19 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:41:51 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:49:04 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:49:13 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:49:37 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:49:37 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:50:01 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:50:01 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:50:17 +0200	TANJA-NOTEBOOK	Tanja	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:50:34 +0200	TANJA-NOTEBOOK	(null)	IP-BLOCK	88.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:50:34 +0200	TANJA-NOTEBOOK	(null)	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:50:52 +0200	TANJA-NOTEBOOK	(null)	IP-BLOCK	117.254.254.254 (Type: outgoing, Port: 57103, Process: services.exe)
2012/08/14 20:52:50 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting protection
2012/08/14 20:52:54 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Protection started successfully
2012/08/14 20:52:57 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting IP protection
2012/08/14 20:52:57 +0200	TANJA-NOTEBOOK	Tanja	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/08/14 21:53:23 +0200	TANJA-NOTEBOOK	Tanja	DETECTION	C:\ProgramData\036DFF860056C3A6EA92E12C2F3B6FDA\036DFF860056C3A6EA92E12C2F3B6FDA.exe	Trojan.LameShield	QUARANTINE
2012/08/14 21:53:26 +0200	TANJA-NOTEBOOK	Tanja	DETECTION	c:\programdata\036dff860056c3a6ea92e12c2f3b6fda\036dff860056c3a6ea92e12c2f3b6fda.exe	Trojan.LameShield	DENY
2012/08/14 21:53:28 +0200	TANJA-NOTEBOOK	Tanja	DETECTION	c:\programdata\036dff860056c3a6ea92e12c2f3b6fda\036dff860056c3a6ea92e12c2f3b6fda.exe	Trojan.LameShield	DENY
2012/08/14 21:53:31 +0200	TANJA-NOTEBOOK	Tanja	DETECTION	c:\programdata\036dff860056c3a6ea92e12c2f3b6fda\036dff860056c3a6ea92e12c2f3b6fda.exe	Trojan.LameShield	DENY
2012/08/14 21:53:33 +0200	TANJA-NOTEBOOK	Tanja	DETECTION	c:\programdata\036dff860056c3a6ea92e12c2f3b6fda\036dff860056c3a6ea92e12c2f3b6fda.exe	Trojan.LameShield	DENY
2012/08/14 21:53:38 +0200	TANJA-NOTEBOOK	Tanja	DETECTION	c:\programdata\036dff860056c3a6ea92e12c2f3b6fda\036dff860056c3a6ea92e12c2f3b6fda.exe	Trojan.LameShield	DENY
         
Code:
ATTFilter
2012/08/16 03:27:19 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting protection
2012/08/16 03:27:21 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Protection started successfully
2012/08/16 03:27:24 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting IP protection
2012/08/16 03:27:25 +0200	TANJA-NOTEBOOK	Tanja	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
         
Code:
ATTFilter
2012/09/02 17:02:23 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting protection
2012/09/02 17:02:26 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Protection started successfully
2012/09/02 17:02:29 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting IP protection
2012/09/02 17:02:29 +0200	TANJA-NOTEBOOK	Tanja	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/09/02 17:02:29 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting IP protection
2012/09/02 17:02:29 +0200	TANJA-NOTEBOOK	Tanja	ERROR	IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/09/02 17:02:53 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Starting database refresh
2012/09/02 17:02:56 +0200	TANJA-NOTEBOOK	Tanja	MESSAGE	Database refreshed successfully
         
Ich hoffe es hat jetzt so funktioniert, wie es für euch am besten ist....

Viele Dank
Tanja
__________________

Alt 03.09.2012, 19:22   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
live security platinum warnung, wirklich entfernt? - Standard

live security platinum warnung, wirklich entfernt?



Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu live security platinum warnung, wirklich entfernt?
2.0.7, antivir, autorun, avira, avira searchfree toolbar, bho, bonjour, browser, conduit, converter, error, firefox, flash player, format, homepage, install.exe, logfile, mp3, ntdll.dll, object, plug-in, problem, programm, registry, rundll, security, software, svchost.exe, sweetim, sweetpacks, system, vista, warnung




Ähnliche Themen: live security platinum warnung, wirklich entfernt?


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. TR/Crypt.EPACK.Gen2 nach Platinum live security warnung
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (3)
  3. "Live Security Platinum" - erfolgreich entfernt?
    Log-Analyse und Auswertung - 10.09.2012 (1)
  4. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (3)
  5. LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (16)
  6. LIVE SECURITY PLATINUM: kein Browser ruft Webseiten auf - habe versehentlich alle Malwarebytes-Funde entfernt
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (1)
  7. Live Security Platinum Virus - wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (35)
  8. Live Security Platinum 3.6.1 vollständig entfernt?
    Log-Analyse und Auswertung - 14.08.2012 (24)
  9. "Live Security Platinum" vollständig entfernt? Logs anbei.
    Log-Analyse und Auswertung - 03.08.2012 (33)
  10. Live Security Platinum komplett entfernt??
    Log-Analyse und Auswertung - 30.07.2012 (3)
  11. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (14)
  12. Live Security Platinum nach System-Neuinstallation wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  13. Live Security Platinum entfernt?
    Log-Analyse und Auswertung - 29.07.2012 (1)
  14. Live Security Platinum vollständig entfernt?
    Log-Analyse und Auswertung - 16.07.2012 (1)
  15. Live Security Platinum entfernt?
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  16. ist live security platinum erfolgreich entfernt worden?
    Log-Analyse und Auswertung - 28.06.2012 (1)
  17. live security platinum entfernt, Bitte um Logfileanalyse
    Log-Analyse und Auswertung - 19.06.2012 (1)

Zum Thema live security platinum warnung, wirklich entfernt? - Hallo zusammen, heute gegen 17Uhr bekam ich die Warnung: live security platinum . nac Recherchen im Netz habe ich das Programm: Sysinternals Process Explorer heruntergeladen und den Anweisungen des Youtubevideos - live security platinum warnung, wirklich entfernt?...
Archiv
Du betrachtest: live security platinum warnung, wirklich entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.