|
Plagegeister aller Art und deren Bekämpfung: Sparkasse 20 TansWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
04.07.2011, 21:47 | #1 |
| Sparkasse 20 Tans Guten Abend , ich bin über Google auf euer Forum gestoßen und habe mitbekommen dass einigen mit dem selben Problem wie mir hier geholfen wurde . Seit heute morgen soll ich jedes mal wenn ich mich bei der sparkasse anmelde 20 tans eingeben . Mir war zwar sofort klar dass es sich hierbei um ein Trojaner o.ä handeln muss , dennoch habe ich es nach 10 stunden nicht geschafft den Trojaner zu entfernen . Antivir und co. haben leider auch nichts gefunden . Ich hoffe auf eure Hife ! Vielen Dank ! EDIT : OTL Code:
ATTFilter OTL logfile created on: 04.07.2011 22:51:34 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Adrian\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,39% Memory free 5,99 Gb Paging File | 4,48 Gb Available in Paging File | 74,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,67 Gb Total Space | 82,61 Gb Free Space | 37,27% Space Free | Partition Type: NTFS Computer Name: ADRIAN-PC | User Name: Adrian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Adrian\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Unlocker\UnlockerAssistant.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®) PRC - C:\Programme\OpenVPN\bin\openvpn-gui-1.0.3.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE () ========== Modules (SafeList) ========== MOD - C:\Users\Adrian\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HerculesDJControlMP3) -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE () SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (HDJMidi) -- C:\Windows\System32\drivers\HDJMidi.sys (© Guillemot R&D, 2009. All rights reserved.) DRV - (Bulk) -- C:\Windows\System32\drivers\HDJBulk.sys (© Guillemot R&D, 2009. All rights reserved.) DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 B9 55 DB 66 03 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.7.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..network.proxy.backup.ftp: "128.227.56.81" FF - prefs.js..network.proxy.backup.ftp_port: 31270 FF - prefs.js..network.proxy.backup.gopher: "128.227.56.81" FF - prefs.js..network.proxy.backup.gopher_port: 31270 FF - prefs.js..network.proxy.backup.socks: "128.227.56.81" FF - prefs.js..network.proxy.backup.socks_port: 31270 FF - prefs.js..network.proxy.backup.ssl: "128.227.56.81" FF - prefs.js..network.proxy.backup.ssl_port: 31270 FF - prefs.js..network.proxy.ftp: "128.227.56.81" FF - prefs.js..network.proxy.ftp_port: 31270 FF - prefs.js..network.proxy.gopher: "128.227.56.81" FF - prefs.js..network.proxy.gopher_port: 31270 FF - prefs.js..network.proxy.http: "128.227.56.81" FF - prefs.js..network.proxy.http_port: 31270 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "128.227.56.81" FF - prefs.js..network.proxy.socks_port: 31270 FF - prefs.js..network.proxy.ssl: "128.227.56.81" FF - prefs.js..network.proxy.ssl_port: 31270 FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.21 17:36:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 23:59:01 | 000,000,000 | ---D | M] [2009.11.18 18:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Extensions [2011.03.24 18:12:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\44hrx9fj.default\extensions [2011.02.15 00:36:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\44hrx9fj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.16 14:58:25 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\44hrx9fj.default\extensions\facepad@lazyrussian.com [2009.11.25 12:43:15 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\44hrx9fj.default\extensions\moveplayer@movenetworks.com [2011.03.24 23:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.08.17 12:21:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.21 01:13:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2009.12.06 16:32:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.08.17 12:21:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.21 01:13:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.06.21 17:36:23 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.16 19:17:43 | 000,000,857 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivX Download Manager] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [2F7ZUJ7G0IWWUCYDXQLFFZSZBPX] C:\SystemData\217FA966CB3.exe (VMware, Inc.) O4 - Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Adrian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{30d71c77-a5e2-11df-ae98-00214f4df87b}\Shell - "" = AutoRun O33 - MountPoints2\{30d71c77-a5e2-11df-ae98-00214f4df87b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.04 13:15:32 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Bilanzen [2011.07.03 19:37:00 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Limitless [2011.07.03 01:12:22 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Passau 2011 [2011.06.29 13:28:27 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2011.06.29 13:28:27 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2011.06.29 13:28:26 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2011.06.29 13:28:26 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2011.06.29 13:28:26 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2011.06.29 13:28:26 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2011.06.16 15:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.06.16 15:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.06.16 15:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.06.16 10:35:48 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2011.06.16 10:35:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.06.16 10:35:33 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.06.16 10:35:33 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.06.16 10:35:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.06.16 10:35:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.06.16 10:35:33 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.06.16 10:35:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.06.16 10:35:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.06.16 10:35:33 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.06.16 10:35:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.06.16 10:35:32 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.06.14 17:02:31 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Berlin 2011 [2011.06.07 12:28:31 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\PERSO [3 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.04 17:10:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.04 10:50:15 | 000,000,600 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\winscp.rnd [2011.07.04 09:44:42 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.04 09:44:42 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.04 09:37:13 | 2413,588,480 | -HS- | M] () -- C:\hiberfil.sys [2011.06.30 11:08:37 | 002,278,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.06.28 17:14:08 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.06.28 17:14:08 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.06.20 13:48:12 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.20 13:48:12 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.20 13:48:12 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.20 13:48:12 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.16 15:11:07 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.06.05 10:11:25 | 004,227,200 | ---- | M] () -- C:\Users\Adrian\Desktop\Johnny Adams Release Me‏.mp3 [3 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.16 15:11:07 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.06.05 10:11:08 | 004,227,200 | ---- | C] () -- C:\Users\Adrian\Desktop\Johnny Adams Release Me‏.mp3 [2011.05.08 17:31:39 | 000,000,600 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\winscp.rnd [2011.02.01 17:32:48 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.02.01 17:32:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.02.01 17:32:45 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.02.01 17:32:45 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.02.01 17:32:44 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.09.02 13:39:19 | 000,123,748 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.08.17 03:33:48 | 000,041,472 | ---- | C] () -- C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.23 12:11:01 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.06.22 17:34:33 | 000,002,310 | ---- | C] () -- C:\Users\Adrian\AppData\Local\ukugerut.dll [2010.06.17 13:11:49 | 000,002,310 | ---- | C] () -- C:\Users\Adrian\AppData\Local\uzezalebinurifuc.dll [2010.03.05 16:45:22 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.03.05 16:45:22 | 000,138,056 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\PnkBstrK.sys [2010.03.05 16:44:58 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.03.05 16:44:55 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.03.05 16:44:53 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010.01.02 15:27:30 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.11.23 15:05:36 | 000,014,826 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\mdbu.bin [2009.11.18 21:23:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.11.18 18:09:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 002,278,624 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.18 20:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.07.2011 22:51:34 - Run 1 OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Adrian\Downloads An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,39% Memory free 5,99 Gb Paging File | 4,48 Gb Available in Paging File | 74,71% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,67 Gb Total Space | 82,61 Gb Free Space | 37,27% Space Free | Partition Type: NTFS Computer Name: ADRIAN-PC | User Name: Adrian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4 "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{0C7BCCCA-F9F3-82A6-FE6A-1160F7E14745}" = CCC Help Italian "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0D707A04-9C3B-D735-1169-2C36A02EC1FD}" = Catalyst Control Center Core Implementation "{0E0AA7EF-A847-3C08-ABF9-EDA7936DAFC5}" = Catalyst Control Center Graphics Full New "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{228B5714-9E6F-B9AE-6B6D-E8FF31C2A6D0}" = CCC Help German "{25D90A06-E086-614F-203C-9ADB3A83709C}" = CCC Help French "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23 "{2CDC3BD6-CA3D-F3FE-9700-FCBDB7CFA4C0}" = ccc-core-static "{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{36281CC3-FA8D-3008-4D50-53F7DF2DD9FB}" = ccc-utility "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3A6631D2-7523-5046-ACF3-EC6FAD28FBA5}" = CCC Help Portuguese "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3E0D4FC1-AF9E-BB44-2E17-872B462646FF}" = ATI Catalyst Install Manager "{40DE7141-333D-8D31-97FF-5C0ED5F3B552}" = CCC Help Polish "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI "{4E7101FC-D19E-717B-F5F1-05DFAE4DC7CE}" = CCC Help Dutch "{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4 "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{668B9FC5-9FA8-5C47-4AB5-E59D6D6E2123}" = CCC Help Greek "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A154072-2009-7396-1B4F-1BBBEADD4895}" = CCC Help Swedish "{6E0D5213-BD75-A091-4162-C6311745C23B}" = Catalyst Control Center Graphics Previews Common "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{84194016-CDFE-FD7D-017E-6FDDDEBF9888}" = CCC Help Danish "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{844BD550-45F4-AD73-412F-CF40CFAFA5E9}" = Catalyst Control Center InstallProxy "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{942FB97A-B829-0371-5C91-74DAEAFF6900}" = CCC Help Turkish "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A9841591-47F4-7E49-0F1E-7E2ED014E248}" = CCC Help English "{AB82ED30-1B6F-8B9A-2835-E4141A88BB6F}" = CCC Help Norwegian "{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B3D12C7E-6E25-D407-074D-931D66023EAE}" = CCC Help Czech "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B8ED984C-54AF-5705-EF5C-2739262F113F}" = CCC Help Japanese "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{C121C592-D8AB-8F29-309B-EA85483D6C51}" = CCC Help Chinese Standard "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding "{D028B96F-8C9F-63DA-83EB-0F00D87700DA}" = CCC Help Finnish "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D311066E-6530-CEA2-7BCF-A665416AF11C}" = CCC Help Thai "{D8E0E80A-E5CA-9F64-2E46-CE694830507B}" = Catalyst Control Center Localization All "{DC24D41C-022A-29DC-E4D4-F9C871F76DD4}" = CCC Help Russian "{E0631725-6F53-0BFB-5C02-CA8DEF14C7B2}" = Catalyst Control Center Graphics Full Existing "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E5470B21-CA46-8BDD-247F-8717536DCFEB}" = CCC Help Chinese Traditional "{EB47C52F-CE56-1066-5FB4-0B7663410A7C}" = Catalyst Control Center HydraVision Full "{EFC47A05-3212-F334-EDA5-C5D2907419FE}" = CCC Help Hungarian "{F09DA254-8879-1E7F-C14D-FFE8626F804B}" = Catalyst Control Center Graphics Previews Vista "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F404F36C-8FEF-5EA8-6D92-8B64F186D2C0}" = CCC Help Korean "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FBFBDF43-D184-2AC4-A566-3DDF155979D3}" = CCC Help Spanish "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE8F944C-5209-8EEB-604D-0BAB9B2A4540}" = Catalyst Control Center Graphics Light "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Debut" = Debut Video Capture Software "DivX Setup.divx.com" = DivX-Setup "EA Download Manager" = EA Download Manager "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "FKC22153088_is1" = fotokasten comfort "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ImgBurn" = ImgBurn "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0 "MAGIX Music Maker Techno Edition 3 Download-Version D" = MAGIX Music Maker Techno Edition 3 Download-Version 5.0.0.1 (D) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "OpenVPN" = OpenVPN 2.1_rc20 "PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.6 "PokerStars.net" = PokerStars.net "PunkBusterSvc" = PunkBuster Services "SopCast" = SopCast 3.3.2 "SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010) "Uninstall_is1" = Uninstall 1.0.0.1 "Unlocker" = Unlocker 1.9.0 "Veetle TV" = Veetle TV 0.9.18 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.0.3 "WinRAR archiver" = WinRAR "winscp3_is1" = WinSCP 4.3.2 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.06.2011 06:04:57 | Computer Name = Adrian-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 01.07.2011 18:30:43 | Computer Name = Adrian-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 02.07.2011 04:39:12 | Computer Name = Adrian-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 02.07.2011 18:31:02 | Computer Name = Adrian-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 03.07.2011 06:28:13 | Computer Name = Adrian-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 04.07.2011 03:37:33 | Computer Name = Adrian-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 04.07.2011 03:55:39 | Computer Name = Adrian-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 04.07.2011 08:12:32 | Computer Name = Adrian-PC | Source = Bonjour Service | ID = 100 Description = send_msg ERROR: failed to write 90 of 90 bytes to fd 448 errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 04.07.2011 08:12:32 | Computer Name = Adrian-PC | Source = Bonjour Service | ID = 100 Description = 448: Could not write data to client because of error - aborting connection Error - 04.07.2011 08:12:32 | Computer Name = Adrian-PC | Source = Bonjour Service | ID = 100 Description = 448: DNSServiceCreateConnection [ System Events ] Error - 02.07.2011 04:39:00 | Computer Name = Adrian-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 02.07.2011 10:55:04 | Computer Name = Adrian-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 03.07.2011 06:27:58 | Computer Name = Adrian-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 03.07.2011 06:27:58 | Computer Name = Adrian-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 03.07.2011 13:12:48 | Computer Name = Adrian-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 04.07.2011 03:37:18 | Computer Name = Adrian-PC | Source = atikmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 04.07.2011 03:37:18 | Computer Name = Adrian-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 04.07.2011 07:08:43 | Computer Name = Adrian-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 04.07.2011 08:12:40 | Computer Name = Adrian-PC | Source = atikmdag | ID = 43029 Description = Display is not active Error - 04.07.2011 11:10:16 | Computer Name = Adrian-PC | Source = atikmdag | ID = 43029 Description = Display is not active < End of report > Geändert von helpme2011 (04.07.2011 um 22:10 Uhr) |
05.07.2011, 08:30 | #2 | |||
/// Helfer-Team | Sparkasse 20 Tans Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Hast du es denn in der Hosts selbst eingetragen bzw absichtlich zugefügt? Wenn ja, warum? Code:
ATTFilter O1 - Hosts: 127.0.0.1 activate.adobe.com 2. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 3. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
4. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
5. Fixen mit OTL
Code:
ATTFilter :OTL FF - prefs.js..network.proxy.backup.ftp: "128.227.56.81" FF - prefs.js..network.proxy.backup.ftp_port: 31270 FF - prefs.js..network.proxy.backup.gopher: "128.227.56.81" FF - prefs.js..network.proxy.backup.gopher_port: 31270 FF - prefs.js..network.proxy.backup.socks: "128.227.56.81" FF - prefs.js..network.proxy.backup.socks_port: 31270 FF - prefs.js..network.proxy.backup.ssl: "128.227.56.81" FF - prefs.js..network.proxy.backup.ssl_port: 31270 FF - prefs.js..network.proxy.ftp: "128.227.56.81" FF - prefs.js..network.proxy.ftp_port: 31270 FF - prefs.js..network.proxy.gopher: "128.227.56.81" FF - prefs.js..network.proxy.gopher_port: 31270 FF - prefs.js..network.proxy.http: "128.227.56.81" FF - prefs.js..network.proxy.http_port: 31270 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "128.227.56.81" FF - prefs.js..network.proxy.socks_port: 31270 FF - prefs.js..network.proxy.ssl: "128.227.56.81" FF - prefs.js..network.proxy.ssl_port: 31270 [2011.02.15 00:36:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\44hrx9fj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.16 14:58:25 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\44hrx9fj.default\extensions\facepad@lazyrussian.com O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{30d71c77-a5e2-11df-ae98-00214f4df87b}\Shell - "" = AutoRun O33 - MountPoints2\{30d71c77-a5e2-11df-ae98-00214f4df87b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a :Commands [purity] [emptytemp]
6. → besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren: → Tipps für die Suche nach Dateien Code:
ATTFilter C:\SystemData\217FA966CB3.exe C:\Users\Adrian\AppData\Local\ukugerut.dll C:\Users\Adrian\AppData\Local\uzezalebinurifuc.dll → Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox) → "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist → das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1) ** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!: Code:
ATTFilter File name: <<Dateiname>> Submission date: 2010-10-22 03:34:01 (UTC) Current status: queued queued analysing finished Result: .....% VT Community goodware/badware Safety score: 100.0% Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.10.22.00 2010.10.21 - AntiVir 7.10.13.15 2010.10.21 - Antiy-AVL 2.0.3.7 2010.10.22 - Authentium 5.2.0.5 2010.10.22 - Avast 4.8.1351.0 2010.10.21 - Avast5 5.0.594.0 2010.10.21 - usw........ 7. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 8. erneut einen Scan mit OTL:
Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
Themen zu Sparkasse 20 Tans |
7-zip, abend, antivir, eingebe, entferne, entfernen, excel.exe, forum, gefunde, geholfen, google, guten, heute, hierbei, hoffe, install.exe, jdownloader, langs, locker, melde, microsoft office word, morgen, nichts, office 2007, plug-in, problem, richtlinie, sched.exe, security update, shell32.dll, sofort, sparkasse, start menu, stunde, stunden, super, tan, tans, taskhost.exe, troja, trojaner, webcheck, write |