Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.06.2013, 15:45   #1
Bbarbara
 
Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Der hat mich gerade angerufen und ich fahre zu ihm und schaue mir das mal an.
Er hat XP und ich nehme mein Netbook mit, so dass ich arbeiten kann.

Ich werde mir schonmal das OTL-Programm auf einen USB-Stick laden und mitnehmen.
Ein Brenner ist nicht da, aber ich habe gelesen, das es auch mit einem USB-Stick geht.

Was ich damit machen soll, weiss ich noch nicht, irgendeinen Scan laufen lassen...

Alt 28.06.2013, 15:58   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Hi,

einfach auf Quick scan klicken und das Logfile posten.
__________________

__________________

Alt 28.06.2013, 16:22   #3
Bbarbara
 
Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Mach ich, danke!
__________________

Alt 28.06.2013, 17:15   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.06.2013, 17:45   #5
Bbarbara
 
Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



So, der Scan ist fertig, erste Datei:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.06.2013 18:18:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dicker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 54,76% Memory free
3,87 Gb Paging File | 2,78 Gb Available in Paging File | 71,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222,25 Gb Total Space | 182,43 Gb Free Space | 82,09% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,79 Gb Free Space | 16,98% Space Free | Partition Type: NTFS
Drive G: | 3,89 Gb Total Space | 2,57 Gb Free Space | 65,93% Space Free | Partition Type: FAT32
 
Computer Name: DICKER-PC | User Name: Dicker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.28 17:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dicker\Desktop\OTL.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.08.09 02:39:47 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.10 05:14:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.10 05:13:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.14 16:32:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.05.10 05:14:03 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.10 05:13:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.29 04:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.10 05:14:03 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.10 05:14:03 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.13 16:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.19 03:34:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.10.09 03:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 04:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.02.12 15:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009.02.12 15:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009.02.12 15:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008.10.03 04:40:12 | 000,264,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008.03.28 03:06:00 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2006.06.17 23:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{0BE678AD-3DF2-4649-9FE3-D614398EDB39}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{55F273D8-B89D-4910-AD48-0E7F06C37926}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9DF85A25-8F33-4DBB-9DB7-F873ACFA7BE0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/home.phph [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A 1F 44 D9 E7 D5 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{0BE678AD-3DF2-4649-9FE3-D614398EDB39}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{3BE3A2B4-2B60-467E-B5BF-17B55C503EC1}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=B46790AE-B553-4CBA-88E7-22776D34E1C4&apn_sauid=88B985DB-8892-4272-9F51-1326DC1C3BB1
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{55D05575-C4E8-416F-9A9C-AD47F4FD5737}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{55F273D8-B89D-4910-AD48-0E7F06C37926}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5D2C7A7D-75B6-4C40-8685-94A62BF731EC}: "URL" = hxxp://wetter.rtl.de/cp/shared/php/search_plz_ort.php?in={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_de
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6DB998A2-CB7C-4C38-841A-4499D060CD8E}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{9DF85A25-8F33-4DBB-9DB7-F873ACFA7BE0}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{D0AD4CC2-BC4D-4C44-A2DA-A52FB0DF4838}: "URL" = hxxp://www.dict.cc/?s={searchTerms}
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..keyword.URL: ""
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.18 22:23:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.18 22:42:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.01.18 22:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dicker\AppData\Roaming\mozilla\Extensions
[2012.07.16 18:59:20 | 000,002,299 | ---- | M] () -- C:\Users\Dicker\AppData\Roaming\mozilla\firefox\profiles\dsbuh0ik.default\searchplugins\askcom.xml
[2012.10.22 08:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.16 18:47:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.22 08:04:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2011.12.21 09:50:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [ctfmon32.exe] C:\ProgramData\dwi2ri.dat (ggggggggggggggggggggggggggg)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{980E1DA9-B20B-4714-896D-7C0170CA7A77}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC376FAD-EBCA-4B0C-9567-9C4DFE448968}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.28 18:17:46 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dicker\Desktop\tdsskiller.exe
[2013.06.28 18:17:40 | 098,077,435 | ---- | C] (Igor Pavlov) -- C:\Users\Dicker\Desktop\OTLPEStd.exe
[2013.06.28 18:17:40 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Dicker\Desktop\aswMBR.exe
[2013.06.28 18:17:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dicker\Desktop\OTL.exe
[2013.06.28 11:19:11 | 000,162,304 | ---- | C] (ggggggggggggggggggggggggggg) -- C:\ProgramData\dwi2ri.dat
[2013.06.28 11:19:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.06.15 16:07:57 | 000,000,000 | ---D | C] -- C:\b1c51f1a24260cd03aed
[2013.06.15 16:07:20 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013.06.14 15:20:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.14 15:20:17 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.14 15:20:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.14 15:20:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.14 15:20:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.14 15:20:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.14 15:20:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.14 15:20:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.14 15:20:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.14 15:20:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.14 15:20:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.14 15:20:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.14 15:20:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.14 15:20:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.14 15:20:09 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.14 15:01:39 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.14 15:01:39 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.14 15:01:21 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.14 15:01:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.14 15:00:05 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.14 14:57:53 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.14 14:57:52 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.14 14:57:51 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.14 14:57:51 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.14 14:57:51 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.14 14:57:30 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.14 14:57:29 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 07:46:46 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.28 18:23:03 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 18:23:03 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.28 18:20:20 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.28 18:20:20 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.28 18:20:20 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.28 18:20:20 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.28 18:20:20 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.28 18:15:17 | 000,000,292 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013.06.28 18:14:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.28 18:13:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.28 18:13:53 | 1556,500,480 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.28 17:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dicker\Desktop\OTL.exe
[2013.06.28 17:19:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Dicker\Desktop\aswMBR.exe
[2013.06.28 17:17:44 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dicker\Desktop\tdsskiller.exe
[2013.06.28 17:13:52 | 000,648,201 | ---- | M] () -- C:\Users\Dicker\Desktop\adwcleaner.exe
[2013.06.28 17:09:20 | 000,515,892 | ---- | M] () -- C:\Users\Dicker\Desktop\eeepcfr.zip
[2013.06.28 17:06:56 | 000,793,536 | ---- | M] () -- C:\Users\Dicker\Desktop\ZipOpenerSetup.exe
[2013.06.28 17:04:00 | 098,077,435 | ---- | M] (Igor Pavlov) -- C:\Users\Dicker\Desktop\OTLPEStd.exe
[2013.06.28 16:10:58 | 095,023,320 | ---- | M] () -- C:\ProgramData\ir2iwd.pad
[2013.06.28 16:08:43 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.28 11:19:17 | 000,002,680 | ---- | M] () -- C:\ProgramData\ir2iwd.js
[2013.06.28 11:19:17 | 000,000,152 | ---- | M] () -- C:\ProgramData\ir2iwd.reg
[2013.06.28 11:19:17 | 000,000,057 | ---- | M] () -- C:\ProgramData\ir2iwd.bat
[2013.06.28 11:19:12 | 000,162,304 | ---- | M] (ggggggggggggggggggggggggggg) -- C:\ProgramData\dwi2ri.dat
[2013.06.28 11:19:11 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\rundll32.exe
[2013.06.28 10:31:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.14 16:32:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.14 16:32:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.06.28 18:17:40 | 000,793,536 | ---- | C] () -- C:\Users\Dicker\Desktop\ZipOpenerSetup.exe
[2013.06.28 18:17:40 | 000,648,201 | ---- | C] () -- C:\Users\Dicker\Desktop\adwcleaner.exe
[2013.06.28 18:17:40 | 000,515,892 | ---- | C] () -- C:\Users\Dicker\Desktop\eeepcfr.zip
[2013.06.28 11:19:17 | 000,002,680 | ---- | C] () -- C:\ProgramData\ir2iwd.js
[2013.06.28 11:19:17 | 000,000,152 | ---- | C] () -- C:\ProgramData\ir2iwd.reg
[2013.06.28 11:19:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\ir2iwd.bat
[2013.06.28 11:19:14 | 095,023,320 | ---- | C] () -- C:\ProgramData\ir2iwd.pad
[2013.04.09 23:44:59 | 000,001,439 | ---- | C] () -- C:\Users\Dicker\Internet Explorer.lnk
[2012.01.19 00:17:40 | 000,000,292 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012.01.18 15:52:23 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

--------------------- zweite datei ----------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.06.2013 18:18:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dicker\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 54,76% Memory free
3,87 Gb Paging File | 2,78 Gb Available in Paging File | 71,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222,25 Gb Total Space | 182,43 Gb Free Space | 82,09% Space Free | Partition Type: NTFS
Drive D: | 10,53 Gb Total Space | 1,79 Gb Free Space | 16,98% Space Free | Partition Type: NTFS
Drive G: | 3,89 Gb Total Space | 2,57 Gb Free Space | 65,93% Space Free | Partition Type: FAT32
 
Computer Name: DICKER-PC | User Name: Dicker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007B8893-1504-48FD-BA95-3057DBA8CD2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{04A88B4A-D102-46E7-B50C-6CD44BCCB5A1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12A1F941-1E0F-4E4C-A9FF-5420DDD04A25}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{17BAD0A7-8F9B-4BB4-9D83-C2F6088F3747}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{19FFE2D6-B008-4D17-A2DA-F78BE7AFBBC9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{235EB3D4-9267-40F0-9986-44809F6C9137}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2372528A-6B06-4ED2-AB90-12FDC5F6E3B4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{283C90B4-DD4E-450D-80B1-C2CC8DE4E151}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C85AF5C-57F4-48A4-B27A-5305013E3A48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4D5640F9-5EB5-4ED9-9F34-ADD9EA82ED4E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{540E17F4-F9B3-4A67-97A3-D3A9991F12BA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{55C2021E-74CC-4E39-9059-8A638580890F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{62D55600-C977-4212-A4A0-924DC715E5C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{951C6DA1-CDED-4405-B589-B16FC9FB2C2E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9F978EA9-4B50-490F-AF5F-DE30F779D4F4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A1B78D1E-CCBD-4B40-90A1-4BCCFA1F9F1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B1DDC640-8AA1-4046-96F8-C18AED5BC8DE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B8964D95-3F1C-49B6-B2F9-D4A93B691B15}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BCE3F074-47CC-47F0-BC14-A4DF535469B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2B3813A-E691-4B81-B60C-C8113A25AB08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D37EE588-5264-47E7-8480-DA52DC1E64D3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D8A1822C-978B-414E-A3C6-1B5FAC42BD15}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DC242F35-88AE-4381-A435-D74D29165619}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E6AC7CBC-C884-485A-A479-A2526ACBFCA9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F476E0D5-AFFE-4EC8-B132-74C68DB5C466}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01911769-8889-4179-98F2-5C03301B981A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FEC59C1-F4C7-441C-B0F5-696FA4EE0CB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1144069B-C923-4D2C-8B3B-D02028993331}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1CD47A07-9B08-4380-B6EC-E8CFEB6118C4}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe | 
"{277F3924-594B-4271-969D-A6DFC05668F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2F19CE53-8BD8-430E-9FD6-062F5507127D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{32AE9113-78D8-42C0-8F99-59711F3A220D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32E5A4D9-C391-47E0-A8B6-4271B97C201B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4BD28E02-69CF-4EA7-9AA2-356169CE3F57}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5C15DA14-AB87-402F-A32C-440BEE3FAE62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66F71B20-8796-4BA8-A407-CD7ABA05166C}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe | 
"{700E2B9B-CB50-42E0-9342-8D3C88582C3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{703F8BFD-642F-4EAE-8AB6-9CF47487EB5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{76C5896C-7747-4FCF-8158-770C0814CBDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8493AB73-03DA-44C1-B242-2F1EA75552D1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8B57D287-15C6-4550-B922-C400D7E45CFA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9701AD01-C499-4340-B726-DE2AB57C2139}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B034EA8-C3A0-4D21-BD02-C7B5D9AC7584}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9FA851BA-C0BF-4D75-9FB3-AA53819D7424}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{AF904866-7146-4E93-A0A7-2C1356FFB350}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B66FE1AC-F716-468A-B727-C62FA58B28BE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C09E8595-1579-4C53-8BD6-3E96A66E9F4D}" = protocol=6 | dir=out | app=system | 
"{CC73ED29-289E-475F-A7EB-B9894F7FB1AE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CDD469DD-8B32-4583-8787-1CB4180CCFA6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E2392A7B-05C5-4E76-AE48-362C0D80645A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E4E3597C-F5D7-44ED-B9C5-C5BBD4A04D2C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EAC32004-536E-4587-B33C-45458718ABA3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{F51EAF86-4628-4E47-BB5D-2C7758FC9E99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F533DA12-8FCD-4744-93E6-9AB13B8A85EE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.11.2012 13:56:01 | Computer Name = Dicker-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.11.2012 13:56:01 | Computer Name = Dicker-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9672
 
Error - 26.11.2012 13:56:01 | Computer Name = Dicker-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9672
 
Error - 26.11.2012 16:13:36 | Computer Name = Dicker-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.11.2012 16:13:36 | Computer Name = Dicker-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8264683
 
Error - 26.11.2012 16:13:36 | Computer Name = Dicker-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8264683
 
Error - 26.11.2012 16:17:43 | Computer Name = Dicker-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16455,
 Zeitstempel: 0x507284ba  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x1e6eb245  ID des fehlerhaften
 Prozesses: 0xab0  Startzeit der fehlerhaften Anwendung: 0x01cdcc12b176ab7d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 5529f84f-3806-11e2-9f32-001f1660cabe
 
Error - 29.11.2012 04:13:41 | Computer Name = Dicker-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: adc    Startzeit: 01cdce02bc14fa1c    Endzeit: 22    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID: aa3d9913-39fc-11e2-af41-001f1660cabe

 
Error - 30.11.2012 10:25:39 | Computer Name = Dicker-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1338    Startzeit: 01cdcf00145e8bc5    Endzeit: 520    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 06.12.2012 02:40:11 | Computer Name = Dicker-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16455 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 910    Startzeit: 01cdd37c3124f6eb    Endzeit: 75    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
[ Hewlett-Packard Events ]
Error - 08.11.2012 14:55:57 | Computer Name = Dicker-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1979  Ram Utilization: 70  TargetSite: Void UpdateAndDetect()  
 
Error - 08.11.2012 14:57:46 | Computer Name = Dicker-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 08.11.2012 14:57:46 | Computer Name = Dicker-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.11.2012 15:46:08 | Computer Name = Dicker-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 15.11.2012 15:46:43 | Computer Name = Dicker-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1979  Ram Utilization: 80  TargetSite: Void UpdateAndDetect()  
 
Error - 22.11.2012 11:06:27 | Computer Name = Dicker-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1979  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  
 
Error - 29.11.2012 12:59:42 | Computer Name = Dicker-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1979  Ram Utilization: 70  TargetSite: Void UpdateAndDetect()  
 
Error - 29.11.2012 13:00:51 | Computer Name = Dicker-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 29.11.2012 13:00:51 | Computer Name = Dicker-PC | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 07.12.2012 01:10:40 | Computer Name = Dicker-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   bei HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   bei HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 de-DE  RAM: 1979  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  
 
[ HP Software Framework Events ]
Error - 14.12.2012 04:39:04 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:04.890|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 14.12.2012 04:39:04 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:04.930|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 14.12.2012 04:39:04 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:04.967|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 14.12.2012 04:39:05 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:05.001|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 14.12.2012 04:39:05 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:05.047|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 14.12.2012 04:39:05 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:05.087|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 14.12.2012 04:39:05 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:05.123|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 14.12.2012 04:39:05 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:05.157|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 14.12.2012 04:39:05 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:05.191|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
Error - 14.12.2012 04:39:05 | Computer Name = Dicker-PC | Source = CaslSmBios | ID = 5
Description = 2012.12.14 09:39:05.226|0000109C|Error      |[CaslWmi]CommandDiags::C{bool()}|Error,
 eRet: e_BIOS_INVALID_COMMAND_TYPE
 
[ System Events ]
Error - 17.06.2013 08:14:54 | Computer Name = Dicker-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 17.06.2013 08:14:55 | Computer Name = Dicker-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 17.06.2013 08:14:55 | Computer Name = Dicker-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 28.06.2013 05:23:16 | Computer Name = Dicker-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?06.?2013 um 11:21:27 unerwartet heruntergefahren.
 
Error - 28.06.2013 05:33:27 | Computer Name = Dicker-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?06.?2013 um 11:28:04 unerwartet heruntergefahren.
 
Error - 28.06.2013 10:01:04 | Computer Name = Dicker-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?06.?2013 um 15:58:57 unerwartet heruntergefahren.
 
Error - 28.06.2013 10:07:36 | Computer Name = Dicker-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?06.?2013 um 16:03:50 unerwartet heruntergefahren.
 
Error - 28.06.2013 12:14:02 | Computer Name = Dicker-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?06.?2013 um 16:10:24 unerwartet heruntergefahren.
 
Error - 28.06.2013 12:15:01 | Computer Name = Dicker-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Live ID Sign-in Assistant erreicht.
 
Error - 28.06.2013 12:15:01 | Computer Name = Dicker-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---


Alt 28.06.2013, 18:35   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Der rechner bootet normal?

Systemscan mit FRST
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
__________________
--> Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner

Alt 28.06.2013, 18:56   #7
Bbarbara
 
Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Ja, der Rechner bootet normal.... d.h. es kommt erst ein Fenster, ob man im abgesicherten Modus arbeiten will.

Ich konnte eben auch ganz normal arbeiten, da kam nix Ungewöhnliches.
Aber der Freund sagt, ab und zu kommt dieses Fenster mit der Bezahlaufforderung und dann kann er nur noch ausschalten, weil keine Taste mehr funktioniert.

Ich fahre morgen wieder zu dem Freund und lasse den Scan mit FRST laufen.

Danke einstweilen!

Alt 29.06.2013, 08:20   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Besteht die Möglichkeit dass Du mal länger als 5 Minuten am Rechner bist?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 10:54   #9
Bbarbara
 
Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Ich versuche ihm den für heute mittag zu entführen.

Alt 29.06.2013, 11:47   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



gudd
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 14:26   #11
Bbarbara
 
Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



So, jetzt habe ich das Notebook hier, gerade hochgefahren und da kommt diese Seite.
Nix geht mehr, nur noch kalt runterfahren?

Alt 29.06.2013, 14:27   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 14:37   #13
Bbarbara
 
Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Okay, Stick ist angestöpselt, er fragt mich ob ich im abgesicherten Modus starten will, mit Netzwertreibern oder Eingabeaufforderung. ??

Alt 29.06.2013, 14:38   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Genau bei der Auswahl muss auch das mit COmputer reparieren kommen, oder Du musst von der Win DVD booten.

Oder boote mal in den Safe Mode und las FRST dann laufen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.06.2013, 14:41   #15
Bbarbara
 
Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Standard

Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner



Windows konnte nicht erfolgreich heruntergefahren werden....

Abges. Modus
" mit Netzwerktreibern
" mit Eingabeaufforderung

windows normal starten

eine dvd gibts nicht, leider

habe den abgesicherten modus ausgewählt...

Och, es ist gar kein XP, sondern Windows 7 Home Premium..
Die Systemsteuerung sagt, 64 bit. Okay...

FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by Dicker at 2013-06-29 15:45:47
Running from C:\Users\Dicker\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 12.1.9.1236)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.27)
Conexant HD Audio (Version: 4.58.1.0)
CyberLink YouCam (x32 Version: 2.0.3115)
D3DX10 (x32 Version: 15.4.2368.0902)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.145)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP DVD Play 3.7 (x32 Version: 3.7.2.6908)
HP Support Assistant (x32 Version: 7.0.39.15)
iTunes (Version: 10.5.2.11)
Java Auto Updater (x32 Version: 2.0.7.2)
Java(TM) 6 Update 37 (x32 Version: 6.0.370)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 9.0.1 (x86 de) (x32 Version: 9.0.1)
Mozilla Thunderbird 9.0.1 (x86 de) (x32 Version: 9.0.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
RealSpeak Solo fur Deutsch - Steffi (x32 Version: 4.00.0000)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

15-05-2013 03:58:43 Windows Update
19-05-2013 08:16:07 Windows Update
22-05-2013 16:37:17 Windows Update
26-05-2013 06:42:42 Windows Update
04-06-2013 22:34:02 Windows Update
08-06-2013 10:10:46 Windows Update
11-06-2013 15:56:30 Windows Update
12-06-2013 06:02:37 Windows Update
14-06-2013 12:37:33 Wiederherstellungsvorgang
14-06-2013 13:17:51 Windows Update
14-06-2013 20:20:20 Windows Update
15-06-2013 14:06:46 Windows Update
18-06-2013 08:13:41 Windows Update
24-06-2013 14:13:02 Windows Update
28-06-2013 16:27:04 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {0EFAE154-B199-4078-B298-24FD16B4D1C5} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {138B2483-872F-461A-8F26-28F2558FF7B9} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {27010AD7-0D8E-4D89-9E8C-C64D8308A05F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {306CB0E2-A123-41A2-A5AC-961D48211AD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {47363221-6BCE-4863-A6BD-98783F50769E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4EBC9583-A8A0-458E-B986-18DA16161D8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {50C7E0EB-B1DA-496E-80B3-C2FAC2F5F86B} - System32\Tasks\User_Feed_Synchronization-{F4C36974-201A-41CC-8ED2-917622BCB331} => C:\Windows\system32\msfeedssync.exe [2013-05-02] (Microsoft Corporation)
Task: {730A4671-021F-4F61-BF13-2A848607FC4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {7F59617B-FFFA-4DB9-896F-04690720D736} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-14] (Adobe Systems Incorporated)
Task: {87C1962F-BD2C-4CFB-9402-066C771AF791} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {9381F302-EB72-4A04-A634-82F31059016A} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {C4C8B004-2698-492D-A02B-EC067A3AC7B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-18] (Google Inc.)
Task: {EC6723D3-1333-4228-9216-2E8BCB031B8C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2013 03:30:42 PM) (Source: ESENT) (User: )
Description: taskhost (1736) WebCacheLocal: Fehler -1811 beim Öffnen von Protokolldatei C:\Users\Dicker\AppData\Local\Microsoft\Windows\WebCache\V0100010.log.

Error: (06/29/2013 01:19:59 AM) (Source: ESENT) (User: )
Description: taskhost (3716) Versuch, Datei "C:\Users\Dicker\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (06/29/2013 01:19:32 AM) (Source: ESENT) (User: )
Description: DllHost (1964) WebCacheLocal: Fehler -1811 beim Öffnen von Protokolldatei C:\Users\Dicker\AppData\Local\Microsoft\Windows\WebCache\V0100003.log.

Error: (06/29/2013 01:15:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14867

Error: (06/29/2013 01:15:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14867

Error: (06/29/2013 01:15:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2013 01:15:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13791

Error: (06/29/2013 01:15:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13791

Error: (06/29/2013 01:15:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2013 01:15:50 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8253


System errors:
=============
Error: (06/29/2013 03:42:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/29/2013 03:42:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/29/2013 03:42:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/29/2013 03:42:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/29/2013 03:42:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/29/2013 03:42:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/29/2013 03:42:26 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/29/2013 03:42:26 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/29/2013 03:42:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (06/29/2013 03:42:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (06/29/2013 03:30:42 PM) (Source: ESENT)(User: )
Description: taskhost1736WebCacheLocal: C:\Users\Dicker\AppData\Local\Microsoft\Windows\WebCache\V0100010.log-1811

Error: (06/29/2013 01:19:59 AM) (Source: ESENT)(User: )
Description: taskhost3716C:\Users\Dicker\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (06/29/2013 01:19:32 AM) (Source: ESENT)(User: )
Description: DllHost1964WebCacheLocal: C:\Users\Dicker\AppData\Local\Microsoft\Windows\WebCache\V0100003.log-1811

Error: (06/29/2013 01:15:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14867

Error: (06/29/2013 01:15:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14867

Error: (06/29/2013 01:15:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2013 01:15:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13791

Error: (06/29/2013 01:15:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13791

Error: (06/29/2013 01:15:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/29/2013 01:15:50 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8253


==================== Memory info =========================== 

Percentage of memory in use: 25%
Total physical RAM: 1979.2 MB
Available physical RAM: 1466.09 MB
Total Pagefile: 3958.39 MB
Available Pagefile: 3470.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.25 GB) (Free:182.31 GB) NTFS (Disk=0 Partition=2)
Drive d: (RECOVERY) (Fixed) (Total:10.53 GB) (Free:1.79 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive g: (SPACELOOP) (Removable) (Total:3.89 GB) (Free:2.56 GB) FAT32 (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 7B2D0067)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 736176FB)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================
         
--- --- ---


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by Dicker (administrator) on 29-06-2013 15:44:36
Running from C:\Users\Dicker\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\helppane.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO [5629720 2013-01-23] (Piriform Ltd)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\dwi2ri.dat,XFG00 [162304 2013-06-28] (ggggggggggggggggggggggggggg) <===== ATTENTION
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-08] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-09-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GMX - E-Mail, FreeMail, Themen- & Shopping-Portal
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/home.php
Wikipedia ? Die freie Enzyklopädie
Google
YouTube
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - {0BE678AD-3DF2-4649-9FE3-D614398EDB39} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {55F273D8-B89D-4910-AD48-0E7F06C37926} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM - {9DF85A25-8F33-4DBB-9DB7-F873ACFA7BE0} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
HKCU SearchScopes: DefaultScope {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {0BE678AD-3DF2-4649-9FE3-D614398EDB39} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {3BE3A2B4-2B60-467E-B5BF-17B55C503EC1} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=B46790AE-B553-4CBA-88E7-22776D34E1C4&apn_sauid=88B985DB-8892-4272-9F51-1326DC1C3BB1
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {55D05575-C4E8-416F-9A9C-AD47F4FD5737} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {55F273D8-B89D-4910-AD48-0E7F06C37926} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {5D2C7A7D-75B6-4C40-8685-94A62BF731EC} URL = hxxp://wetter.rtl.de/cp/shared/php/search_plz_ort.php?in={searchTerms}
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {6DB998A2-CB7C-4C38-841A-4499D060CD8E} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {9DF85A25-8F33-4DBB-9DB7-F873ACFA7BE0} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKCU - {D0AD4CC2-BC4D-4C44-A2DA-A52FB0DF4838} URL = hxxp://www.dict.cc/?s={searchTerms}
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Dicker\AppData\Roaming\Mozilla\Firefox\Profiles\dsbuh0ik.default
FF SelectedSearchEngine: Ask.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Mozilla Firefox 9.0.1\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 9.0.1\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins
FF HKLM-x32\...\Mozilla Thunderbird 9.0.1\Extensions: [Components] C:\Program Files (x86)\Mozilla Thunderbird\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Thunderbird\components
FF HKLM-x32\...\Mozilla Thunderbird 9.0.1\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Thunderbird\plugins

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-10] (Avira Operations GmbH & Co. KG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-10] (Avira GmbH)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-10] (Avira GmbH)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-15] (Avira GmbH)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-29 15:44 - 2013-06-29 15:44 - 00000000 ____D C:\FRST
2013-06-29 15:44 - 2013-06-28 19:59 - 01933484 ____A (Farbar) C:\Users\Dicker\Desktop\FRST64.exe
2013-06-29 15:28 - 2013-06-29 15:34 - 00000280 ____A C:\Windows\setupact.log
2013-06-29 15:28 - 2013-06-29 15:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-28 18:43 - 2013-06-28 18:43 - 00065366 ____A C:\Users\Dicker\Desktop\Extras.Txt
2013-06-28 18:39 - 2013-06-28 18:39 - 00071820 ____A C:\Users\Dicker\Desktop\OTL.Txt
2013-06-28 18:17 - 2013-06-29 03:12 - 00071783 ____N C:\Windows\WindowsUpdate.log
2013-06-28 18:17 - 2013-06-28 17:20 - 00602112 ____A (OldTimer Tools) C:\Users\Dicker\Desktop\OTL.exe
2013-06-28 18:17 - 2013-06-28 17:19 - 04745728 ____A (AVAST Software) C:\Users\Dicker\Desktop\aswMBR.exe
2013-06-28 18:17 - 2013-06-28 17:17 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Dicker\Desktop\tdsskiller.exe
2013-06-28 18:17 - 2013-06-28 17:13 - 00648201 ____A C:\Users\Dicker\Desktop\adwcleaner.exe
2013-06-28 18:17 - 2013-06-28 17:09 - 00515892 ____A C:\Users\Dicker\Desktop\eeepcfr.zip
2013-06-28 18:17 - 2013-06-28 17:06 - 00793536 ____A C:\Users\Dicker\Desktop\ZipOpenerSetup.exe
2013-06-28 18:17 - 2013-06-28 17:04 - 98077435 ____A (Igor Pavlov) C:\Users\Dicker\Desktop\OTLPEStd.exe
2013-06-28 11:19 - 2013-06-29 15:34 - 95023320 ___AT C:\ProgramData\ir2iwd.pad
2013-06-28 11:19 - 2013-06-29 15:34 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-28 11:19 - 2013-06-28 11:19 - 00162304 ____A (ggggggggggggggggggggggggggg) C:\ProgramData\dwi2ri.dat
2013-06-28 11:19 - 2013-06-28 11:19 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-28 11:19 - 2013-06-28 11:19 - 00002680 ____A C:\ProgramData\ir2iwd.js
2013-06-28 11:19 - 2013-06-28 11:19 - 00000152 ____A C:\ProgramData\ir2iwd.reg
2013-06-28 11:19 - 2013-06-28 11:19 - 00000057 ____A C:\ProgramData\ir2iwd.bat
2013-06-15 16:07 - 2013-06-15 16:08 - 00000000 ____D C:\b1c51f1a24260cd03aed
2013-06-15 16:07 - 2013-06-15 16:07 - 00000000 ____D C:\Windows\CheckSur
2013-06-14 15:20 - 2013-05-17 03:25 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-14 15:20 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-14 15:20 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 15:20 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 15:20 - 2013-05-17 02:58 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 15:20 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-14 15:20 - 2013-05-14 15:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 15:20 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-14 15:20 - 2013-05-14 11:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-14 15:20 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-14 15:19 - 2013-05-17 03:25 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-14 15:02 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-14 15:01 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-14 15:01 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-14 15:01 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-14 15:01 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-14 15:00 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-14 15:00 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-14 14:57 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-14 14:57 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-14 14:57 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-14 14:57 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-14 14:57 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-14 14:57 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-14 14:57 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-14 14:57 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-14 14:57 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-14 14:57 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-14 14:57 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 07:46 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

==================== One Month Modified Files and Folders =======

2013-06-29 15:44 - 2013-06-29 15:44 - 00000000 ____D C:\FRST
2013-06-29 15:35 - 2012-01-19 00:17 - 00000292 ____A C:\ProgramData\hpqp.ini
2013-06-29 15:34 - 2013-06-29 15:28 - 00000280 ____A C:\Windows\setupact.log
2013-06-29 15:34 - 2013-06-28 11:19 - 95023320 ___AT C:\ProgramData\ir2iwd.pad
2013-06-29 15:34 - 2013-06-28 11:19 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-06-29 15:34 - 2012-01-18 22:58 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-29 15:33 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-29 15:31 - 2012-04-30 05:31 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-29 15:28 - 2013-06-29 15:28 - 00000000 ____A C:\Windows\setuperr.log
2013-06-29 03:12 - 2013-06-28 18:17 - 00071783 ____N C:\Windows\WindowsUpdate.log
2013-06-29 03:08 - 2012-01-18 22:58 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-29 01:26 - 2009-07-14 06:45 - 00014928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-29 01:26 - 2009-07-14 06:45 - 00014928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 19:59 - 2013-06-29 15:44 - 01933484 ____A (Farbar) C:\Users\Dicker\Desktop\FRST64.exe
2013-06-28 18:43 - 2013-06-28 18:43 - 00065366 ____A C:\Users\Dicker\Desktop\Extras.Txt
2013-06-28 18:39 - 2013-06-28 18:39 - 00071820 ____A C:\Users\Dicker\Desktop\OTL.Txt
2013-06-28 18:20 - 2009-07-14 19:58 - 00654400 ____A C:\Windows\System32\perfh007.dat
2013-06-28 18:20 - 2009-07-14 19:58 - 00130240 ____A C:\Windows\System32\perfc007.dat
2013-06-28 18:20 - 2009-07-14 07:13 - 01498742 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 17:20 - 2013-06-28 18:17 - 00602112 ____A (OldTimer Tools) C:\Users\Dicker\Desktop\OTL.exe
2013-06-28 17:19 - 2013-06-28 18:17 - 04745728 ____A (AVAST Software) C:\Users\Dicker\Desktop\aswMBR.exe
2013-06-28 17:17 - 2013-06-28 18:17 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Dicker\Desktop\tdsskiller.exe
2013-06-28 17:13 - 2013-06-28 18:17 - 00648201 ____A C:\Users\Dicker\Desktop\adwcleaner.exe
2013-06-28 17:09 - 2013-06-28 18:17 - 00515892 ____A C:\Users\Dicker\Desktop\eeepcfr.zip
2013-06-28 17:06 - 2013-06-28 18:17 - 00793536 ____A C:\Users\Dicker\Desktop\ZipOpenerSetup.exe
2013-06-28 17:04 - 2013-06-28 18:17 - 98077435 ____A (Igor Pavlov) C:\Users\Dicker\Desktop\OTLPEStd.exe
2013-06-28 11:19 - 2013-06-28 11:19 - 00162304 ____A (ggggggggggggggggggggggggggg) C:\ProgramData\dwi2ri.dat
2013-06-28 11:19 - 2013-06-28 11:19 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-28 11:19 - 2013-06-28 11:19 - 00002680 ____A C:\ProgramData\ir2iwd.js
2013-06-28 11:19 - 2013-06-28 11:19 - 00000152 ____A C:\ProgramData\ir2iwd.reg
2013-06-28 11:19 - 2013-06-28 11:19 - 00000057 ____A C:\ProgramData\ir2iwd.bat
2013-06-28 09:45 - 2012-01-19 00:06 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-06-28 09:44 - 2012-05-03 19:22 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-06-16 11:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-15 16:08 - 2013-06-15 16:07 - 00000000 ____D C:\b1c51f1a24260cd03aed
2013-06-15 16:07 - 2013-06-15 16:07 - 00000000 ____D C:\Windows\CheckSur
2013-06-14 16:32 - 2012-04-30 05:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-14 16:32 - 2012-01-18 23:08 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-14 15:30 - 2012-01-18 11:04 - 00000000 ____D C:\Windows\Panther
2013-06-14 15:21 - 2012-01-18 12:03 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-14 14:42 - 2012-01-18 23:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-06-14 14:42 - 2012-01-18 23:08 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-14 14:42 - 2012-01-18 11:15 - 00000000 ___RD C:\users\Dicker
2013-06-14 14:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-06-14 14:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-06-14 14:42 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-06-14 14:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-09 04:50 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\dwi2ri.dat
C:\ProgramData\ir2iwd.bat
C:\ProgramData\ir2iwd.pad
C:\ProgramData\ir2iwd.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-13 08:14

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Ich weiss grad nicht, wie ich im abgesicherten Modus ins Internet komme... aber über den Stick und den Zweit-PC gehts ja.

Antwort

Themen zu Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner
arbeiten, brenner, freund, laden, laufe, laufen, netbook, otl-programm, scan, schonmal, troja, trojane, trojaner, usb-stick



Ähnliche Themen: Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner


  1. GVU Virus Soll 100 Euro bezahlen oder COmputer wird in 48h gesperrt (10 stelliger Code)
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (2)
  2. Hotmail Private Nachricht mit Link von einem Freund erhalten geöffnet danach Spamverschickt
    Überwachung, Datenschutz und Spam - 06.09.2012 (7)
  3. GVU-Trojaner: Ihr Computer wurde aus einem oder mehreren ... WIN XP
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (10)
  4. Vermutlich von einem Virus oder Trojana betroffen
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (15)
  5. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  6. Virus/Trojaner, Windows-Security-Center, 100 euro per u-kash oder paysafecard zahlen
    Plagegeister aller Art und deren Bekämpfung - 02.06.2012 (4)
  7. Anzeige des Befalls und Zahlung von 50 Euro für Lösung /VIRUS oder TROJANER ?
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (25)
  8. GEMA-Virus (Pc von einem Freund)
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (10)
  9. WINNT.exe befallen mit einem Trojaner was kann oder muss ich tun
    Mülltonne - 28.07.2011 (3)
  10. Bin mir nicht Sicher ob ich mit einem Rootkit oder Trojaner infiziert bin
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (5)
  11. Wurm, Virus oder belügt mich mein Freund?
    Plagegeister aller Art und deren Bekämpfung - 08.02.2011 (1)
  12. trojaner oder virus? pc spinnt nach download von einem programm
    Log-Analyse und Auswertung - 16.02.2010 (17)
  13. Problem mit oder nach einem Trojaner
    Log-Analyse und Auswertung - 14.10.2008 (1)
  14. Kennt jemand diesen Trojaner/Virus? (Screenshot)
    Plagegeister aller Art und deren Bekämpfung - 10.07.2008 (3)
  15. [verseucht]Hijackthisfile von einem freund
    Log-Analyse und Auswertung - 01.01.2007 (1)
  16. Bitte diese Log-File von einem Freund anschauen
    Log-Analyse und Auswertung - 06.01.2006 (4)
  17. Freund oder Feind..??
    Plagegeister aller Art und deren Bekämpfung - 02.07.2005 (2)

Zum Thema Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner - Der hat mich gerade angerufen und ich fahre zu ihm und schaue mir das mal an. Er hat XP und ich nehme mein Netbook mit, so dass ich arbeiten kann. - Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner...
Archiv
Du betrachtest: Der PC von einem Freund hat diesen überweise-100-Euro-Virus oder Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.