| |
| |||||||
Log-Analyse und Auswertung: Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.10.2012, 01:52
| #1 |
 |  Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen Hallo liebe Trojaner-Board Experten, ich habe von Avira die Meldung über einen Fund bekommen: TR/Crypt.Xpack.Gen Die Google Suche ergab, dass man im abgesicherten Modus einen Scan durchführen sollte und anschliessend die Trojaner vom Programm in die Quarantäne verschieben lassen sollte. Ich startete deshalb den Computer neu und führte im abgesicherten Modus den Scan mit Avira erneut durch. Das Ergebnis waren folgende Funde: TR/ATRAPS.Gen2 TR/ATRAPS.Gen BDS/ZAccess.V TR/ZAccessHX.A.1 JAVA/Dldr.Lamar.FU TR/Dldr.OpenConnection.ON.1 TR/Dropper.Gen Der zuvor im normalen Modus gefundene TR/Crypt.Xpack.Gen wurde im abgesicherten Modus nicht aufgelistet! Ich ließ die Trojaner von Avira in Quarantäne verschieben und speicherte den Log-File. Dann startete ich den Computer wieder neu und lud mir im normalen Modus die Malwarebytes Anti-Malware. Hier das Ergebnis des Scans: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.06.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Christian :: SHC [Administrator] 06.10.2012 18:00:03 mbam-log-2012-10-06 (22-19-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 398044 Laufzeit: 4 Stunde(n), 17 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\n. -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 2 HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-18\$a3b4898990cecf77e8df413dbb6d7c90\n.) Gut: (fastprox.dll) -> Keine Aktion durchgeführt. HKCR\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\InProcServer32| (Trojan.0Access) -> Bösartig: (C:\$Recycle.Bin\S-1-5-21-1781722448-2793394607-2059629828-1003\$a3b4898990cecf77e8df413dbb6d7c90\n.) Gut: (shell32.dll) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\$RECYCLE.BIN\S-1-5-18\$a3b4898990cecf77e8df413dbb6d7c90\n (Trojan.0Access) -> Keine Aktion durchgeführt. C:\$RECYCLE.BIN\S-1-5-18\$a3b4898990cecf77e8df413dbb6d7c90\U\00000001.@ (Trojan.0Access) -> Keine Aktion durchgeführt. C:\Users\Christian\Desktop\iphone_3g_jailbreak\Custom Firmware_4.2.1\sn0wbreeze-2.2.1\sn0wbreeze-2.2.1.exe (Trojan.MSIL) -> Keine Aktion durchgeführt. (Ende) Hier das Ergebnis: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:30 on 06/10/2012 (Christian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Hier die OTL.txt Code:
ATTFilter OTL logfile created on: 06.10.2012 22:36:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,75% Memory free 4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 67,36 Gb Total Space | 14,15 Gb Free Space | 21,00% Space Free | Partition Type: NTFS Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,51% Space Free | Partition Type: NTFS Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS Computer Name: SHC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.06 22:31:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2012.08.09 18:48:57 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 13:13:33 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe PRC - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe PRC - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () -- c:\Programme\Ocster Backup\bin\backupService-ox.exe PRC - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2009.07.03 00:20:26 | 000,148,856 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Inputps.exe PRC - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\conime.exe PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxslt.dll MOD - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2012.09.07 15:27:39 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.29 13:58:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 13:13:39 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 13:13:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service) SRV - [2010.09.01 11:23:14 | 000,018,200 | ---- | M] () [Auto | Running] -- c:\Programme\Ocster Backup\bin\backupService-ox.exe -- (ocster_backup) SRV - [2010.03.25 15:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009.06.17 03:20:26 | 000,095,536 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Programme\BUFFALO\SLManagerEasy\Bufssvr.exe -- (Bufssvr) SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.11.24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$KONTOR_NET) SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.11.05 14:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc) SRV - [2007.01.09 14:55:34 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [File_System | On_Demand | Stopped] -- -- (Evssrchpschm) DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.08 13:13:41 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 13:13:40 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2011.03.26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.08.27 07:30:12 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2008.03.03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007.07.10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.07.09 14:17:36 | 000,095,744 | ---- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Gt51Ip.sys -- (GT72NDISIPXP) DRV - [2007.06.26 13:38:46 | 000,051,968 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gt72ubus.sys -- (GT72UBUS) DRV - [2007.03.30 13:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\gtptser.sys -- (GTPTSER) DRV - [2007.03.01 15:52:42 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) DRV - [2007.02.22 05:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2006.11.30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006.11.02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tpm.sys -- (TPM) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (R300) DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2006.11.02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr) DRV - [2006.06.28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2005.08.30 11:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2005.08.30 11:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2005.08.30 11:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ss_bus.sys -- (ss_bus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=fp-yie9 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://home.microsoft.com/access/allinone.asp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {554D6078-29FF-45D8-81E5-615E71F0A3DB} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2D2B8742-3259-4368-8CA7-2E5C8FCB04AE}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{554D6078-29FF-45D8-81E5-615E71F0A3DB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9 IE - HKCU\..\SearchScopes\{AABB6A37-108F-434E-8945-D347908F88EC}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{FFB022B8-0115-4C5D-AE73-5F824281BCC7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=9A39DDE1-B23B-49BA-A8BC-EC2F813C6214&apn_sauid=2D081756-F625-4114-9017-68424CEDD0D1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}&sspv=FFA2" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&sspv=FFA2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 21:36:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.17 10:22:56 | 000,000,000 | ---D | M] [2009.09.11 22:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2012.09.07 21:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions [2012.09.07 21:36:57 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.08.24 04:34:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\lp2ftooe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.23 15:05:24 | 000,026,136 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\lp2ftooe.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2012.09.07 15:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.07 15:27:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.07 15:27:39 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.05.04 21:27:27 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 12:51:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.04 21:27:27 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.04 21:27:27 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.04 21:27:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.04 21:27:27 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.75\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2011.09.27 20:31:06 | 000,000,815 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe () O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Free YouTube Download - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10607FE8-97EB-4928-A7B0-E14D6C66E3C8}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41C2F10C-B047-42E6-B164-41DB5472422D}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78A6DE41-9CC5-491C-92EC-4284B1ED838B}: DhcpNameServer = 217.200.200.42 213.230.129.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E5DEC3-BA43-4DA5-8E41-9F3E7B8DD490}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.04.30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell - "" = AutoRun O33 - MountPoints2\{34ea63ad-053b-11e0-9863-001b3830bbb4}\Shell\AutoRun\command - "" = H:\Windows\CHECK\DriveNavigator.exe O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell - "" = AutoRun O33 - MountPoints2\{82727222-5953-11df-9669-001b3830bbb4}\Shell\AutoRun\command - "" = G:\Install.exe O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell - "" = AutoRun O33 - MountPoints2\{aed40e64-af1b-11de-8bf9-001b3830bbb4}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.06 22:31:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.10.06 17:56:35 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2012.10.06 17:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.06 17:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.06 17:56:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.06 17:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.01 12:32:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Neuer Ordner [2012.09.24 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.24 23:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.24 23:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.09.24 23:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.09.17 09:11:40 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxxxx [2012.09.17 09:07:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\xxxxx [2012.09.09 13:21:37 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org [2012.09.09 11:57:05 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.09.09 11:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2012.09.09 00:43:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Turbo Lister Backup [2012.09.09 00:36:15 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Turbo Lister [2012.09.09 00:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay [2012.09.09 00:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay [2012.09.09 00:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\eBay [2012.09.07 21:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.09.07 21:36:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Conduit [2012.09.07 15:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== File not found -- C:\Windows\System32\ [2012.10.06 22:31:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe [2012.10.06 22:30:45 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2012.10.06 22:29:07 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\Defogger.exe [2012.10.06 21:47:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.06 21:47:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.06 19:39:23 | 049,934,254 | ---- | M] () -- C:\Users\Christian\Desktop\xxxxx [2012.10.06 19:15:26 | 000,711,362 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.06 19:15:26 | 000,159,498 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.06 19:15:26 | 000,013,782 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.06 19:15:26 | 000,011,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.06 17:56:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.06 17:47:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.06 15:28:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.05 19:56:38 | 000,001,032 | ---- | M] () -- C:\Users\Christian\Desktop\DVDVideoSoft Free Studio.lnk [2012.10.05 14:21:10 | 000,024,723 | ---- | M] () -- C:\Users\Christian\Desktop\xxxxx [2012.09.24 23:26:57 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.19 10:23:51 | 003,876,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.17 14:23:18 | 000,011,874 | ---- | M] () -- C:\Users\Christian\Desktop\xxxxx [2012.09.17 12:33:10 | 003,207,446 | ---- | M] () -- C:\Users\Christian\Desktop\xxxxx [2012.09.17 10:22:56 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.09.09 13:21:57 | 000,001,028 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.09 11:57:05 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.09.09 00:18:37 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk [2012.09.08 00:00:51 | 000,001,456 | ---- | M] () -- C:\Users\Christian\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.09.07 21:37:02 | 000,000,009 | ---- | M] () -- C:\END [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== File not found -- C:\Windows\System32\ [2012.10.06 22:30:45 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2012.10.06 22:29:06 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\Defogger.exe [2012.10.06 19:38:27 | 049,934,254 | ---- | C] () -- C:\Users\Christian\Desktop\xxxxx [2012.10.06 17:56:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.05 14:21:10 | 000,024,723 | ---- | C] () -- C:\Users\Christian\Desktop\xxxxx [2012.09.24 23:26:57 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.24 23:19:01 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.09.17 10:22:56 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2012.09.17 10:22:56 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.09.09 13:21:57 | 000,001,028 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.09 11:57:05 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.09.09 00:18:37 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\eBay Turbo Lister 2.lnk [2012.09.07 21:37:01 | 000,000,009 | ---- | C] () -- C:\END [2012.08.22 05:06:41 | 000,001,456 | ---- | C] () -- C:\Users\Christian\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.07.30 05:31:47 | 000,000,077 | ---- | C] () -- C:\Users\Christian\Desktop.scf [2012.04.16 00:06:07 | 000,000,240 | ---- | C] () -- C:\Users\Christian\Window Switcher.lnk [2011.12.21 01:03:23 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2011.10.03 12:21:40 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2011.06.22 10:47:42 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp6ml3.dll [2010.12.14 13:19:41 | 000,009,305 | R--- | C] () -- C:\Windows\UN090430.INI [2009.12.30 10:40:42 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat [2009.08.12 12:15:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.09 10:50:24 | 000,036,864 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@ [2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L [2012.10.06 17:43:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U [2011.11.18 22:23:34 | 000,002,048 | -HS- | M] () -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\@ [2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\L [2011.11.18 22:23:34 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\U [2006.11.02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "ThreadingModel" = Both "" = C:\Users\Christian\AppData\Local\{a3b48989-90ce-cf77-e8df-413dbb6d7c90}\n. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1781722448-2793394607-2059629828-1003\$a3b4898990cecf77e8df413dbb6d7c90\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\$Recycle.Bin\S-1-5-18\$a3b4898990cecf77e8df413dbb6d7c90\n. -- File not found "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.21 12:56:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.08.13 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.05.27 19:41:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Cornelsen [2012.10.05 19:56:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft [2012.10.05 19:56:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.12 23:29:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla [2011.09.24 13:13:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FlashGet [2009.12.20 17:59:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InterVideo [2012.09.09 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenOffice.org [2012.08.14 00:09:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PDAppFlex [2012.04.02 10:35:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SampleView [2012.08.14 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.01.31 14:13:56 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Hier die Extras.txt Code:
ATTFilter OTL Extras logfile created on: 06.10.2012 22:36:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,75% Memory free
4,23 Gb Paging File | 3,18 Gb Available in Paging File | 75,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,36 Gb Total Space | 14,15 Gb Free Space | 21,00% Space Free | Partition Type: NTFS
Drive D: | 5,62 Gb Total Space | 0,76 Gb Free Space | 13,51% Space Free | Partition Type: NTFS
Drive E: | 1,55 Gb Total Space | 1,32 Gb Free Space | 84,86% Space Free | Partition Type: NTFS
Computer Name: SHC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (KONTOR_NET)
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 30
"{2E886C29-857C-4CE5-A205-F6AA7278E666}" = ESU for Microsoft Vista
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 C1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3AAFBD6A-7F68-4BDC-8280-22DCFACE13EB}" = HP Active Support Library
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{44715246-18E9-4EDF-AA03-94E4B4F80EA8}" = Download Navigator
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92CF22B7-04E4-4161-81A1-760C333C301D}" = Kontor.NET 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B51C3024-333B-4FB6-B1EC-49ECE2DE6056}" = HP User Guides 0077
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF46E334-6F35-49C3-B60A-034969BE25AB}" = Vista Default Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ExpressRip" = Express Rip
"Free Studio_is1" = Free Studio version 5.7.5.1005
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.29.823
"HashTab" = HashTab 4.0.0.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Ocster Backup" = Ocster Backup Pro 4.15
"PROSet" = Intel(R) Network Connections Drivers
"Samsung ML-2525W Series" = Wartung Samsung ML-2525W Series
"UN090430" = BUFFALO SecureLockManagerEasy for HD
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.1
"Kontor.NET 2010" = Kontor.NET 2010
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.10.2012 03:32:04 | Computer Name = SHC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.10.2012 03:32:04 | Computer Name = SHC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7223
Error - 06.10.2012 03:32:04 | Computer Name = SHC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7223
Error - 06.10.2012 08:49:24 | Computer Name = SHC | Source = MSSQL$KONTOR_NET | ID = 8313
Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren.
SQL Server-Leistungsindikatoren sind deaktiviert.
Error - 06.10.2012 08:49:24 | Computer Name = SHC | Source = MSSQL$KONTOR_NET | ID = 3409
Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für
Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz
neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen
Registrierungsberechtigungen verfügt.
Error - 06.10.2012 09:19:42 | Computer Name = SHC | Source = VSS | ID = 8194
Description =
Error - 06.10.2012 09:31:38 | Computer Name = SHC | Source = EventSystem | ID = 4609
Description =
Error - 06.10.2012 11:46:32 | Computer Name = SHC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =
Error - 06.10.2012 11:47:41 | Computer Name = SHC | Source = MSSQL$KONTOR_NET | ID = 8313
Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren.
SQL Server-Leistungsindikatoren sind deaktiviert.
Error - 06.10.2012 11:47:41 | Computer Name = SHC | Source = MSSQL$KONTOR_NET | ID = 3409
Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für
Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz
neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen
Registrierungsberechtigungen verfügt.
[ System Events ]
Error - 06.10.2012 09:32:20 | Computer Name = SHC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.10.2012 09:32:20 | Computer Name = SHC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.10.2012 09:32:20 | Computer Name = SHC | Source = Service Control Manager | ID = 7001
Description =
Error - 06.10.2012 09:43:49 | Computer Name = SHC | Source = DCOM | ID = 10005
Description =
Error - 06.10.2012 11:47:22 | Computer Name = SHC | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =
Error - 06.10.2012 11:47:33 | Computer Name = SHC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Samsung ML-2525W Series nicht
unter dem Namen ML-2525W Series freigeben. Fehler: 1753. Der Drucker kann nicht
von anderen Benutzern im Netzwerk verwendet werden.
Error - 06.10.2012 11:48:44 | Computer Name = SHC | Source = Service Control Manager | ID = 7023
Description =
Error - 06.10.2012 11:48:44 | Computer Name = SHC | Source = Service Control Manager | ID = 7000
Description =
Error - 06.10.2012 11:50:55 | Computer Name = SHC | Source = WMPNetworkSvc | ID = 866293
Description =
Error - 06.10.2012 11:51:40 | Computer Name = SHC | Source = WMPNetworkSvc | ID = 866293
Description =
< End of report >
Hier das Ergebnis: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-07 01:34:35
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 Hitachi_HTS541680J9SA00 rev.SB2OC7BP
Running: clvggjqo.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\pxldypow.sys
---- System - GMER 1.0.15 ----
SSDT 8A44C936 ZwCreateSection
SSDT 8A44C940 ZwRequestWaitReplyPort
SSDT 8A44C93B ZwSetContextThread
SSDT 8A44C945 ZwSetSecurityObject
SSDT 8A44C94A ZwSystemDebugControl
SSDT 8A44C8D7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 820C38D8 4 Bytes [36, C9, 44, 8A]
.text ntkrnlpa.exe!KeSetEvent + 539 820C3BFC 4 Bytes [40, C9, 44, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 820C3C30 4 Bytes [3B, C9, 44, 8A]
.text ntkrnlpa.exe!KeSetEvent + 5D1 820C3C94 4 Bytes [45, C9, 44, 8A]
.text ntkrnlpa.exe!KeSetEvent + 619 820C3CDC 4 Bytes [4A, C9, 44, 8A]
.text ...
---- User code sections - GMER 1.0.15 ----
? C:\Windows\system32\svchost.exe[3460] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dllunknown module: urlmon.dllunknown module: VERSION.dll
.text C:\Windows\system32\svchost.exe[3460] USER32.dll!DialogBoxIndirectParamAorW 75C82EB6 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\z (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1032] 0x6A300000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
TR/ATRAPS.Gen, wenn in "In Quarantäne verschieben" anwende, wiederhollt sich die Meldung trotzdem immer und immer wieder. Ich hoffe Ihr könnt mir helfen  Grüße, Nadja |
| Themen zu Avira: 7 Funde! Darunter TR/ATRAPS.Gen2 und TR/ATRAPS.Gen |
| 32 bit, antivir, autorun, avira, bho, bonjour, computer, converter, desktop, error, fehler, firefox, flash player, google, home, launch, logfile, mozilla, mp3, netzwerk, plug-in, programm, recycle.bin, registry, scan, security, software, svchost.exe, t-mobile, tr/crypt.xpack.ge, trojaner-board, vista |
Baum-Darstellung