| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: mystart incredibar virusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.01.2013, 23:15
| #1 |
| |  mystart incredibar virus Hallo, ich habe folgendes Problem, wenn ich im FF einen neuen Tab öffne zeigt er mir in der Adresszeile mystart.incredibar.com an, woraf die Seite sich nicht öffnet. Ich habe schon etliche AntiVir und Maleware Programme durchlaufen lassen mit ein paar Erfloge, nur leider habe ich keine Logfiles mehr. Mystart.incredibar.com wird zwar nicht mehr in der Adresszeile angezeigt aber trotzdem stimmt irgendwas mit meinem Laptop nicht. Ich hoffe ihr könnt mir weiterhelfen denn ich bin mit meinem latein am Ende. Danke im vorraus |
|
20.01.2013, 14:03
| #2 |
| /// TB-Ausbilder   | mystart incredibar virus Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Bitte
Bitte poste mit deiner nächsten Antwort
|
|
20.01.2013, 22:44
| #3 |
| | mystart incredibar virus danke für die schnelle Antwort. Hoffe ich hab das hier so richtig gemacht.
__________________Code:
ATTFilter OTL logfile created on: 20.01.2013 20:58:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 991,48 Mb Total Physical Memory | 710,93 Mb Available Physical Memory | 71,70% Memory free 2,33 Gb Paging File | 2,17 Gb Available in Paging File | 93,03% Paging File free Paging file location(s): C:\pagefile.sys 1486 1486 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,88 Gb Total Space | 39,43 Gb Free Space | 70,55% Space Free | Partition Type: NTFS Computer Name: BABYGIRL | User Name: Besitzer | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.20 20:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.07.03 09:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.01.20 10:01:17 | 002,045,952 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\13012000\algo.dll MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2009.08.16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - File not found [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.01.15 09:04:52 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.01.09 00:55:51 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2008.04.14 06:52:14 | 000,036,864 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\iprip.dll -- (Iprip) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva398.sys -- (XDva398) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\wbsecdrv.sys -- (wbsecdrv) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Install. Programme\Everest Ultimate Edition\Lavalys.EVEREST.Ultimate.Edition.v5.30.1983.Beta\kerneld.wnt -- (EverestDriver) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- C:\Programme\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys -- (atitray) DRV - [2012.11.27 10:01:26 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.22 15:51:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.11.22 15:50:51 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.10.30 23:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.10.30 23:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.10.30 23:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012.10.30 23:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW) DRV - [2012.10.30 23:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.10.30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012.09.21 10:26:08 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.04.16 20:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2006.03.08 07:31:00 | 003,842,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) DRV - [2006.03.08 07:31:00 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.03.08 06:31:00 | 000,028,672 | ---- | M] (ULi Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULILAN51.SYS -- (ULI5261XP) DRV - [2006.02.21 17:32:04 | 000,143,904 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\W33ND.SYS -- (W33ND) DRV - [2005.02.12 21:45:46 | 000,986,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2001.08.17 11:11:18 | 000,027,678 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALI5261.SYS -- (ALI5261) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1202660629-1614895754-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-1202660629-1614895754-1801674531-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1202660629-1614895754-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1202660629-1614895754-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1205 FF - prefs.js..extensions.enabledAddons: %7B3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d%7D:1.9 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.19 05:03:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.19 04:59:28 | 000,000,000 | ---D | M] [2013.01.17 05:52:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions [2013.01.19 06:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bc8j9sh9.default\extensions [2013.01.15 19:45:18 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bc8j9sh9.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2013.01.17 00:16:01 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bc8j9sh9.default\extensions\donottrackplus@abine.com [2013.01.17 10:20:37 | 000,048,844 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bc8j9sh9.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2013.01.19 06:46:53 | 000,533,221 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bc8j9sh9.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.27 09:53:12 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bc8j9sh9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.05 16:11:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\bc8j9sh9.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2013.01.19 04:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.19 09:21:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.01.19 05:03:15 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll O1 HOSTS File: ([2013.01.17 05:05:45 | 000,941,370 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 29530 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe File not found O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1202660629-1614895754-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342568853453 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358294991656 (MUWebControl Class) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.06.09 21:47:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean.exe) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation) NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.20 09:38:48 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies [2013.01.20 09:38:45 | 000,000,000 | ---D | C] -- C:\Programme\ATI [2013.01.20 09:34:39 | 000,000,000 | ---D | C] -- C:\AMD [2013.01.20 04:16:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2013.01.20 03:10:44 | 000,106,560 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys [2013.01.20 03:10:19 | 000,199,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys [2013.01.20 03:10:13 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys [2013.01.20 03:09:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\avast! Internet Security [2013.01.20 02:57:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2013.01.20 01:36:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2013.01.20 01:27:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2013.01.20 00:32:24 | 000,020,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys [2013.01.19 23:35:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Temp [2013.01.19 23:30:37 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2013.01.19 23:30:37 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2013.01.19 23:30:28 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2013.01.19 23:30:27 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2013.01.19 23:30:26 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2013.01.19 23:30:24 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2013.01.19 23:30:24 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2013.01.19 23:30:23 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2013.01.19 23:28:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2013.01.19 23:27:57 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2013.01.19 23:25:45 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2013.01.19 23:25:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2013.01.19 20:58:18 | 000,000,000 | ---D | C] -- C:\c4ead7a09c8df9562437d99d8e [2013.01.19 08:26:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.19 08:24:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2013.01.19 08:24:17 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild [2013.01.19 08:24:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US [2013.01.19 08:23:48 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies [2013.01.19 08:14:47 | 000,000,000 | ---D | C] -- C:\ab1da130d15b21e2e3940aff [2013.01.19 07:24:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2013.01.19 07:14:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2013.01.19 06:58:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\My Downloads [2013.01.19 04:58:19 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.01.17 05:51:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\ESET [2013.01.17 05:51:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ESET [2013.01.17 05:48:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\ESET [2013.01.17 05:33:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Vorlagen [2013.01.16 19:11:15 | 000,018,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2013.01.16 19:11:13 | 000,275,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2013.01.16 06:33:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2013.01.15 19:04:52 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos [2013.01.15 19:04:51 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder [2013.01.15 18:41:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2013.01.15 18:11:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2013.01.15 16:57:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Sun [2013.01.15 09:08:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2013.01.15 09:08:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2013.01.15 09:06:24 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.01.15 09:06:20 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.01.15 09:06:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.01.15 09:06:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.01.15 09:06:00 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.01.15 09:03:58 | 000,000,000 | ---D | C] -- C:\Programme\Java [2013.01.15 08:50:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun [2013.01.15 07:29:26 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik [2013.01.15 07:18:35 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll [2013.01.15 07:18:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll [2013.01.15 07:18:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll [2013.01.15 07:18:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll [2013.01.14 22:04:28 | 000,000,000 | ---D | C] -- C:\HLServer [2013.01.14 11:47:30 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll [2013.01.14 11:47:30 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll [2013.01.14 11:47:25 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax [2013.01.14 11:47:25 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax [2013.01.14 04:38:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Steam [2013.01.10 04:01:41 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2013.01.10 04:01:29 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2013.01.10 04:01:29 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2013.01.10 04:01:29 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2013.01.10 03:56:21 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\explorer [2013.01.10 00:15:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2013.01.09 22:17:50 | 000,000,000 | ---D | C] -- C:\Programme\Realtek AC97 [2013.01.09 22:17:45 | 010,476,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.exe [2013.01.09 22:17:32 | 018,776,064 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\alsndmgr.cpl [2013.01.09 22:17:32 | 003,842,560 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\alcxwdm.sys [2013.01.09 22:17:32 | 000,577,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe [2013.01.09 22:17:29 | 000,307,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe [2013.01.09 22:17:29 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcrmv.exe [2013.01.07 05:40:59 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.20 20:55:21 | 000,365,568 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe [2013.01.20 20:55:06 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Defogger.exe [2013.01.20 20:54:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.20 20:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe [2013.01.20 20:35:24 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.01.20 20:32:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.20 09:04:49 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.01.20 04:38:34 | 000,000,333 | ---- | M] () -- C:\WINDOWS\wininit.ini [2013.01.20 03:10:17 | 000,003,010 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013.01.19 21:10:49 | 000,095,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.19 20:56:52 | 000,432,976 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.19 20:56:51 | 000,449,136 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.19 20:56:51 | 000,080,530 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.19 20:56:51 | 000,067,932 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.19 20:32:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.19 07:52:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.01.17 05:05:45 | 000,941,370 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.17 05:05:45 | 000,445,026 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_PTbackup2.bak [2013.01.17 04:12:23 | 000,941,308 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_PTBackup.bak [2013.01.16 06:36:53 | 000,000,239 | -HS- | M] () -- C:\boot.ini [2013.01.16 03:48:17 | 000,000,022 | -HS- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows1569_SettingsRepository.bin [2013.01.16 03:48:17 | 000,000,022 | -HS- | M] () -- C:\WINDOWS\90C7D912BE2316.sys [2013.01.15 09:04:59 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.01.15 09:04:45 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.01.15 09:04:45 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.01.15 09:04:45 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.01.15 09:04:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.01.15 09:04:41 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.01.15 09:04:40 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.01.14 11:42:54 | 000,472,576 | ---- | M] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe [2013.01.14 05:00:30 | 000,000,214 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Counter-Strike.url [2013.01.14 04:38:31 | 000,000,214 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Counter-Strike Condition Zero.url [2013.01.09 01:38:53 | 000,444,820 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130109-024459.backup [2013.01.09 00:55:44 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.09 00:55:43 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.07 05:40:59 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe [2013.01.07 04:40:51 | 000,002,510 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin [2013.01.06 06:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [2013.01.02 18:39:20 | 000,018,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.20 20:55:21 | 000,365,568 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe [2013.01.20 20:55:06 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Defogger.exe [2013.01.19 23:30:27 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2013.01.19 21:02:53 | 000,062,304 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2013.01.16 03:48:17 | 000,000,022 | -HS- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Windows1569_SettingsRepository.bin [2013.01.16 03:48:17 | 000,000,022 | -HS- | C] () -- C:\WINDOWS\90C7D912BE2316.sys [2013.01.16 01:54:42 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Internet Explorer.lnk [2013.01.15 07:31:50 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Windows Media Player.lnk [2013.01.15 07:18:35 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib [2013.01.15 07:18:35 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib [2013.01.15 07:18:34 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib [2013.01.15 07:18:34 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib [2013.01.15 07:18:34 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib [2013.01.15 07:18:34 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib [2013.01.15 07:18:34 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib [2013.01.15 07:18:34 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib [2013.01.15 07:18:34 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib [2013.01.15 07:18:34 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib [2013.01.15 07:18:33 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib [2013.01.15 07:18:33 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib [2013.01.15 07:18:33 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib [2013.01.15 07:18:31 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib [2013.01.15 07:18:31 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib [2013.01.15 07:18:30 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib [2013.01.15 07:18:30 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib [2013.01.14 11:42:54 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe [2013.01.14 05:00:29 | 000,000,214 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Counter-Strike.url [2013.01.14 04:38:30 | 000,000,214 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Counter-Strike Condition Zero.url [2013.01.09 22:21:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2013.01.09 22:17:45 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav [2013.01.09 22:17:32 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2013.01.09 01:08:42 | 000,000,333 | ---- | C] () -- C:\WINDOWS\wininit.ini [2012.12.30 03:35:07 | 000,002,510 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin [2012.11.01 19:11:10 | 000,095,072 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.14 22:39:38 | 000,018,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.11 01:26:15 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\UnLAN.exe [2012.06.10 14:06:08 | 000,001,273 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat [2012.06.10 01:40:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.06.09 22:19:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.06.09 22:11:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.06.09 21:53:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.06.09 21:38:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2012.07.02 15:47:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 12:33:21 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012.11.01 01:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012.11.01 01:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012.11.01 01:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Programme\Internet Explorer\iexplore.exe" -extoff [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Programme\Internet Explorer\iexplore.exe [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012.11.01 01:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012.11.01 01:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012.11.01 01:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Programme\Internet Explorer\iexplore.exe" -extoff [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Programme\Internet Explorer\iexplore.exe [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.01.2013 20:58:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
991,48 Mb Total Physical Memory | 710,93 Mb Available Physical Memory | 71,70% Memory free
2,33 Gb Paging File | 2,17 Gb Available in Paging File | 93,03% Paging File free
Paging file location(s): C:\pagefile.sys 1486 1486 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,88 Gb Total Space | 39,43 Gb Free Space | 70,55% Space Free | Partition Type: NTFS
Computer Name: BABYGIRL | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Valve\Steam\SteamApps\common\Frontline Tactics\Frontline PC v1.exe" = C:\Programme\Valve\Steam\SteamApps\common\Frontline Tactics\Frontline PC v1.exe:*:Enabled:Frontline Tactics -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dxdiag.exe" = C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX-Diagnoseprogramm -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)
"C:\Programme\Valve\Steam\SteamApps\westberlinstyler17\condition zero\hl.exe" = C:\Programme\Valve\Steam\SteamApps\westberlinstyler17\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBD2CEED-E1C8-8FFC-5A7F-AB8D55BDE5C1}" = AMD Catalyst Install Manager
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Internet Security
"Creatix 2.0 AC'97 Soft Modem" = Creatix 2.0 AC'97 Modem
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Steam App 80" = Counter-Strike: Condition Zero
"VLC media player" = VLC media player 2.0.3
"WBFS Manager 3.0" = WBFS Manager 3.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.01.2013 15:28:56 | Computer Name = BABYGIRL | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.01.2013 15:28:56 | Computer Name = BABYGIRL | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.01.2013 15:28:56 | Computer Name = BABYGIRL | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.01.2013 15:28:57 | Computer Name = BABYGIRL | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.01.2013 15:28:57 | Computer Name = BABYGIRL | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.01.2013 15:28:57 | Computer Name = BABYGIRL | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.01.2013 15:28:57 | Computer Name = BABYGIRL | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.01.2013 15:28:59 | Computer Name = BABYGIRL | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.01.2013 15:29:00 | Computer Name = BABYGIRL | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 20.01.2013 15:33:49 | Computer Name = BABYGIRL | Source = .NET Runtime Optimization Service | ID = 1111
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Service reached limit of transient errors. Will shut down. Last error returned
from Service Manager: 0x80029c4a.
[ System Events ]
Error - 20.01.2013 15:28:26 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows-Bilderfassung
(WIA).
Error - 20.01.2013 15:28:26 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Bilderfassung (WIA)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 20.01.2013 15:28:26 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
atitray wbsecdrv
Error - 20.01.2013 15:34:04 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ati HotKey Poller" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 20.01.2013 15:34:04 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error - 20.01.2013 15:34:04 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%3
Error - 20.01.2013 15:34:04 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Java
Quick Starter.
Error - 20.01.2013 15:34:04 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Java Quick Starter" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 20.01.2013 15:34:04 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
atitray wbsecdrv
Error - 20.01.2013 15:58:26 | Computer Name = BABYGIRL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "avast! Antivirus" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
< End of report >
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:17 on 20/01/2013 (Besitzer)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-20 22:17:31
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD600UE-22HCT0 rev.09.07D09 55,89GB
Running: iqwuqvp9.exe; Driver: C:\DOKUME~1\Besitzer\LOKALE~1\Temp\fxryqpow.sys
---- System - GMER 2.0 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF5F714BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF601EC22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF5F71ED6]
SSDT F7AA3244 ZwClose
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF5F7CFA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF5F7CFF4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF5F7D176]
SSDT F7AA31FE ZwCreateKey
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF5F7CF16]
SSDT F7AA324E ZwCreateSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF5F7CF5E]
SSDT F7AA31F4 ZwCreateThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF5F7D130]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF5F7293E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF5F71508]
SSDT F7AA3203 ZwDeleteKey
SSDT F7AA320D ZwDeleteValueKey
SSDT F7AA323F ZwDuplicateObject
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF5FB3D42]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF5FB3BAD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF601ECEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF5F71170]
SSDT F7AA3212 ZwLoadKey
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF5F71556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF5F76534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF5F733A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF5F7CFD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF5F7D016]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF5F7D19A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF5FB3521]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF5F7CF3C]
SSDT F7AA31E0 ZwOpenProcess
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF5F7D0BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF5F7CF86]
SSDT F7AA31E5 ZwOpenThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF5F7D154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF601EE4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF5FB3A28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF5F73272]
SSDT F7AA3267 ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF5F72DD4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF602B7D2]
SSDT F7AA321C ZwReplaceKey
SSDT F7AA3258 ZwRequestWaitReplyPort
SSDT F7AA3217 ZwRestoreKey
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF5F715A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF5F715F2]
SSDT F7AA3253 ZwSetContextThread
SSDT F7AA325D ZwSetSecurityObject
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF5F711FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF5F713AA]
SSDT F7AA3208 ZwSetValueKey
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF5F71350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF5F72AF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF5F72C54]
SSDT F7AA3262 ZwSystemDebugControl
SSDT F7AA31EF ZwTerminateProcess
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF5F72636]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xF601D41C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF5F71640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF5F71F1A]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF6037E56]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 24C8 80501D18 4 Bytes JMP E8F601EC
.text ntkrnlpa.exe!ZwCallbackReturn + 26C8 80501F18 12 Bytes [A4, 15, F7, F5, F2, 15, F7, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FC0 12 Bytes [F8, 2A, F7, F5, 54, 2C, F7, ...]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B956 4 Bytes CALL F5F73A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP F5F77B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP F5F77A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP F5F779F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP F5F770A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP F5F767C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP F5F77CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP F5F77EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP F5F778FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP F5F76688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP F5F7716A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP F5F76C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP F5F76EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP F5F76670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP F5F77A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 3651 BF87322E 5 Bytes JMP F5F76CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 418E BF873D6B 5 Bytes JMP F5F76E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890E66 5 Bytes JMP F5F77182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF894410 5 Bytes JMP F5F77BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894EE8 5 Bytes JMP F5F77E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C29E 5 Bytes JMP F5F77090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D833 5 Bytes JMP F5F76834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A977 BF8C1CCC 5 Bytes JMP F5F76944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA15D 5 Bytes JMP F5F76A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA3DD 5 Bytes JMP F5F76B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD71 5 Bytes JMP F5F7656A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB31 BF8F4D74 5 Bytes JMP F5F770C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP F5F76760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2614 BF914FD5 5 Bytes JMP F5F768F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F8D BF91794E 5 Bytes JMP F5F76FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1934 BF947AAD 5 Bytes JMP F5F77D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 2.0 ----
.text C:\WINDOWS\system32\svchost.exe[272] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[524] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[524] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[600] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\afwServ.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\afwServ.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Java\jre7\bin\jqs.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1464] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1596] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1596] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2004] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2004] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003901F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003903FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00BB1014
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00BB0804
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00BB0A08
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00BB0C0C
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00BB0E10
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00BB01F8
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00BB03FC
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[2068] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00BB0600
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[2652] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[2652] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Programme\AVAST Software\Avast\AvastSvc.exe[2652] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2984] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2984] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2984] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003901F8
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003903FC
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003E1014
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003E0804
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003E0A08
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003E0C0C
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003E0E10
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003E01F8
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003E03FC
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003E0600
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Dokumente und Einstellungen\Besitzer\Desktop\iqwuqvp9.exe[3128] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\ctfmon.exe[3984] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[3984] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3984] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\ctfmon.exe[3984] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 009F1014
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 009F0804
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 009F0A08
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 009F0C0C
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 009F0E10
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 009F01F8
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 009F03FC
.text C:\WINDOWS\system32\ctfmon.exe[3984] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 009F0600
---- EOF - GMER 2.0 ----
|
|
21.01.2013, 17:43
| #4 |
| /// TB-Ausbilder | mystart incredibar virus Servus, erst schauen wir mal, was die folgenden Tools für uns erledigen können.  Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 3 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
21.01.2013, 23:26
| #5 |
| | mystart incredibar virus So folgendes, ich konnte 2 von 3 scans ausführen, den scan mit ComboFix hat net wirklich geklappt. Ich konnte zwar einen Wiederherstellungspunkt erstellen aber beim scannen hängt sich das tool komplett auf. Ich kann den Mauszeiger bewegen aber der rest ist gefreezed, dass merke ich daran das die Uhr unten rechts nicht weiter geht. Ich habe zudem noch gesehn das der Echtzeitscanner von avira läuft wobei ich den scanner längst gelöscht habe. Hab schon versucht den zu löschen und im Dienst zu stoppen, vergeblich. hier 2 Logfiles: Code:
ATTFilter # AdwCleaner v2.107 - Datei am 21/01/2013 um 20:15:42 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Besitzer - BABYGIRL
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Besitzer\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S4].txt - [592 octets] - [21/01/2013 20:15:42]
########## EOF - C:\AdwCleaner[S4].txt - [651 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.6 (01.20.2013:1)
OS: Microsoft Windows XP x86
Ran by Besitzer on 21.01.2013 at 20:26:39,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\firefox\profiles\bc8j9sh9.default\user.js
Successfully deleted: [Folder] C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\firefox\profiles\bc8j9sh9.default\conduitcommon
Successfully deleted the following from C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\mozilla\firefox\profiles\bc8j9sh9.default\prefs.js
user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT3196716.BrowserCompStateIsOpen_6889964918226042031", true);
user_pref("CT3196716.CT3196716", "CT3196716");
user_pref("CT3196716.DSInstall", false);
user_pref("CT3196716.DialogsAlignMode", "LTR");
user_pref("CT3196716.DialogsGetterLastCheckTime", "Wed Jul 18 2012 03:44:39 GMT+0200");
user_pref("CT3196716.DownloadReferralCookieData", "");
user_pref("CT3196716.EMailNotifierPollDate", "Wed Jul 18 2012 03:44:35 GMT+0200");
user_pref("CT3196716.ExternalComponentPollDate129844886120028321", "Wed Jul 18 2012 03:44:35 GMT+0200");
user_pref("CT3196716.ExternalComponentPollDate129844886120340820", "Wed Jul 18 2012 03:44:35 GMT+0200");
user_pref("CT3196716.FirstTime", true);
user_pref("CT3196716.FirstTimeFF3", true);
user_pref("CT3196716.FirstTimeHiddenVer", true);
user_pref("CT3196716.FixPageNotFoundErrors", true);
user_pref("CT3196716.HPInstall", false);
user_pref("CT3196716.HasUserGlobalKeys", true);
user_pref("CT3196716.HomePageProtectorEnabled", false);
user_pref("CT3196716.HomepageBeforeUnload", "hxxp://zoomumba.bigpoint.com/#contentBottom");
user_pref("CT3196716.Initialize", true);
user_pref("CT3196716.InitializeCommonPrefs", true);
user_pref("CT3196716.InstallationAndCookieDataSentCount", 1);
user_pref("CT3196716.InstallationType", "Unknown");
user_pref("CT3196716.InstalledDate", "Wed Jul 18 2012 03:44:44 GMT+0200");
user_pref("CT3196716.InvalidateCache", false);
user_pref("CT3196716.IsGrouping", false);
user_pref("CT3196716.IsInitSetupIni", true);
user_pref("CT3196716.IsMulticommunity", false);
user_pref("CT3196716.IsOpenThankYouPage", true);
user_pref("CT3196716.IsOpenUninstallPage", true);
user_pref("CT3196716.IsProtectorsInit", true);
user_pref("CT3196716.LanguagePackLastCheckTime", "Wed Jul 18 2012 03:44:43 GMT+0200");
user_pref("CT3196716.Locale", "en");
user_pref("CT3196716.MCDetectTooltipHeight", "83");
user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT3196716.MCDetectTooltipWidth", "295");
user_pref("CT3196716.MyStuffEnabledAtInstallation", true);
user_pref("CT3196716.OriginalFirstVersion", "3.14.1.0");
user_pref("CT3196716.RadioIsPodcast", false);
user_pref("CT3196716.RadioLastCheckTime", "Wed Jul 18 2012 03:44:39 GMT+0200");
user_pref("CT3196716.RadioLastUpdateIPServer", "3");
user_pref("CT3196716.RadioLastUpdateServer", "3");
user_pref("CT3196716.RadioMediaID", "9962");
user_pref("CT3196716.RadioMediaType", "Media Player");
user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962");
user_pref("CT3196716.RadioShrinkedFromSetup", false);
user_pref("CT3196716.RadioStationName", "California%20Rock");
user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx");
user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search");
user_pref("CT3196716.SearchEngineBeforeUnload", "MyStart Search");
user_pref("CT3196716.SearchFromAddressBarIsInit", true);
user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3230027&SearchSource=2&q=");
user_pref("CT3196716.SearchProtectorEnabled", false);
user_pref("CT3196716.SearchProtectorToolbarDisabled", false);
user_pref("CT3196716.SendProtectorDataViaLogin", true);
user_pref("CT3196716.ServiceMapLastCheckTime", "Wed Jul 18 2012 03:44:33 GMT+0200");
user_pref("CT3196716.SettingsLastCheckTime", "Wed Jul 18 2012 03:44:34 GMT+0200");
user_pref("CT3196716.SettingsLastUpdate", "1342194020");
user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3230027&SearchSource=13");
user_pref("CT3196716.ThirdPartyComponentsInterval", 504);
user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Wed Jul 18 2012 03:44:33 GMT+0200");
user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT3196716.ToolbarShrinkedFromSetup", false);
user_pref("CT3196716.UserID", "UN57241492070546279");
user_pref("CT3196716.ValidationData_Toolbar", 0);
user_pref("CT3196716.WeatherNetwork", "");
user_pref("CT3196716.WeatherPollDate", "Wed Jul 18 2012 03:44:40 GMT+0200");
user_pref("CT3196716.WeatherUnit", "C");
user_pref("CT3196716.alertChannelId", "1667894");
user_pref("CT3196716.backendstorage.cb", "31");
user_pref("CT3196716.backendstorage.event_data", "253542253544");
user_pref("CT3196716.backendstorage.fired_events", "");
user_pref("CT3196716.backendstorage.key_date", "3138");
user_pref("CT3196716.backendstorage.mam.gk.firsttime", "31");
user_pref("CT3196716.backendstorage.mam.pg.state", "31");
user_pref("CT3196716.backendstorage.printitgreenstatus", "74727565");
user_pref("CT3196716.backendstorage.sf_status", "454E41424C4544");
user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Wed Jul 18 2012 03:44:35 GMT+0200");
user_pref("CT3196716.initDone", true);
user_pref("CT3196716.isAppTrackingManagerOn", true);
user_pref("CT3196716.isFirstRadioInstallation", false);
user_pref("CT3196716.navigateToUrlOnSearch", false);
user_pref("CT3196716.revertSettingsEnabled", true);
user_pref("CT3196716.testingCtid", "CT3230027");
user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Wed Jul 18 2012 03:44:35 GMT+0200");
user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Wed Jul 18 2012 03:44:43 GMT+0200");
user_pref("CT3196716.usagesFlag", 1);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3230027/CT3230027", "\"c3bf26a3fc679dc342973cd35c46436b2\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3230027", "\"1340015012\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "UgzXjW7BIkfdx+x39Ruv3w==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3230027", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"2292e5c1512a30b86b91a7e3313d799f\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Dokumente und Einstellungen\\Besitzer\\Anwendungsdaten\\Mozilla\\Firefox\\Profiles\\bc8j9sh9.default\\conduitCommon\\
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.ToolbarsList", "CT3196716");
user_pref("CommunityToolbar.ToolbarsList2", "CT3196716");
user_pref("CommunityToolbar.ToolbarsList4", "CT3196716");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jul 18 2012 03:44:59 GMT+0200");
user_pref("CommunityToolbar.globalUserId", "e9573abf-9380-4641-91e1-7efd5bc7bae6");
user_pref("CommunityToolbar.originalHomepage", "hxxp://zoomumba.bigpoint.com/#contentBottom");
user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "006870270000000000000040d08d57b3");
user_pref("extensions.BabylonToolbar.instlDay", "15715");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.rvrt", "false");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=006870270000000000000040d08d57b3&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=0213_3");
user_pref("extensions.BabylonToolbar_i.excTlbr", false);
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.23:46:03");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.cntry", "DE");
user_pref("extensions.incredibar.dfltLng", "");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.did", "10665");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "12313F4B446F59A4130B8C583A7CF6CC");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.id", "006870270000000000000060b3552a2f");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15538");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.isDcmntCmplt", true);
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.141:41:03");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyIg8QeAD&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6OyIg8QeAD");
user_pref("extensions.incredibar.upn2n", "92261773452588023");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.141:41:03");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10665");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "006870270000000000000060b3552a2f");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15538");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyIg8QeAD&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6OyIg8QeAD");
user_pref("extensions.incredibar_i.upn2n", "92261773452588023");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.141:41:03");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://suport.leagueoflegends.c
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://suport.leagueoflegen
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.01.2013 at 20:36:10,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Geändert von dImA2o (21.01.2013 um 23:41 Uhr) |
|
22.01.2013, 18:05
| #6 |
| /// TB-Ausbilder | mystart incredibar virus Servus, Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern und führe dort ComboFix erneut aus. |
|
23.01.2013, 18:52
| #7 |
| | mystart incredibar virus Ich wollte nur nicht doppelt posten^^. Irgendwie klappt das nicht. Ich habe den Laptop im abgesichertem Modus mit Netzwerktreiber gestartet und Combofix ausgeführt nun sitze ich hier schon seit 2 Stunden und warte bis was passiert, leider ohne erfolg. Die Zeit läuft und der Balken blinkt im Scanfenster. Was mir aufgefallen ist, das die Festplatten LED nicht blinkt, was eigentlich der fall ist wenn die Festplatte arbeitet. Habe jetzt Combofix beim Administrator im abgesichertem Modus mit Netzwerktreiber gestartet und warte nun auch schon wieder seit ner ewigkeit bis es fertig wird. habe gestern noch geschaft den Echtzeitscanner von Avira zu entfernen dannach hab ich nochmal den scan mit combofix ausgeführt anfangs hat die Festplatten LED geblinkt dannach nicht mehr. |
|
24.01.2013, 20:20
| #9 |
| | mystart incredibar virus der Virus ist weg. Danke fuer eure muehe. Ich hab den laptop neu aufgesetzt weil ich combofix nicht vollstaendig ausfuehren konnte. Danke nochmal |
|
24.01.2013, 20:23
| #10 |
| /// TB-Ausbilder | mystart incredibar virus Servus, benötigst du noch Hilfe beim Absichern? Ich kann dir noch ein paar Tipps geben, wenn gewünscht. |
|
24.01.2013, 20:34
| #11 |
| | mystart incredibar virus ein paar tipps schaden nie ^^ ich beschaeftige mich selber seit jahren mit computern von daher wuerde ich mich freuen wenn du mir noch ein paar tipps aufn weg geben koenntest. Und ja braeuchte hilfe beim absichern solange der laptop nicht befallen ist |
|
25.01.2013, 18:04
| #12 |
| /// TB-Ausbilder | mystart incredibar virus Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
28.01.2013, 17:12
| #13 |
| /// TB-Ausbilder | mystart incredibar virus Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
29.01.2013, 22:45
| #14 |
| | mystart incredibar virus Danke dir nochmal, nun funzt mein laptop wieder 1a^^. paar programme die ich noch nicht hatte, hab ich mir rübergezogen und were nun besser aufpassen wo ich rauf klicke. mfg dima |
|
| Themen zu mystart incredibar virus |
| adresszeile, angezeigt, antivir, etliche, folge, folgendes, hoffe, incredibar, laptop, latein, logfiles, maleware, mystart, mystart incredibar, mystart.incredibar.com, neue, neuen, nicht mehr, problem, programme, seite, tab, virus, weiterhelfen |
Textbox.
WARNUNG an die MITLESER: 
