| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Agent,Trojan.Banker,PUP.Blabbers .Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.07.2012, 09:56
| #1 |
| |  Trojan.Agent,Trojan.Banker,PUP.Blabbers . Hallo Ich habe ein Problem mit ein paar Vieren. Wenn ich was Falsch mache sagt bescheid bin neu hier . Habe jetzt mal den Bericht aus dem Programm gepostet. Lade jetzt noch das OTL Programm . Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.11.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19120 Zimmerei Strubel GbR :: ZIMMEREISTRU-PC [Administrator] Schutz: Aktiviert 11.07.2012 10:28:44 mbam-log-2012-07-11 (10-28-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 193811 Laufzeit: 13 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCR\CLSID\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 13 C:\Users\Zimmerei Strubel GbR\AppData\Roaming\AcroIEHelpe163.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Zimmerei Strubel GbR\AppData\Roaming\appconf32.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Zimmerei Strubel GbR\AppData\Roaming\BAcroIEHelpe152.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Zimmerei Strubel GbR\AppData\Roaming\BAcroIEHelpe154.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Zimmerei Strubel GbR\AppData\Roaming\BAcroIEHelpe155.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Zimmerei Strubel GbR\AppData\Roaming\BAcroIEHelpe159.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Zimmerei Strubel GbR\AppData\Roaming\BAcroIEHelpe163.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Zimmerei Strubel GbR\AppData\Local\Temp\coupish.exe (PUP.Blabbers.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\tmProgress.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\blabbers-ch.crx (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Würde mich Freuen wenn ihr mir Helfen könnt . Mfg sven OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.07.2012 11:53:55 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Zimmerei Strubel GbR\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1021,76 Mb Total Physical Memory | 364,15 Mb Available Physical Memory | 35,64% Memory free 2,26 Gb Paging File | 1,40 Gb Available in Paging File | 62,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,10 Gb Total Space | 94,34 Gb Free Space | 63,70% Space Free | Partition Type: NTFS Drive D: | 73,07 Gb Total Space | 71,30 Gb Free Space | 97,57% Space Free | Partition Type: NTFS Computer Name: ZIMMEREISTRU-PC | User Name: Zimmerei Strubel GbR | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Zimmerei Strubel GbR\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - c:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Microsoft Office\Office\OSA.EXE () ========== Modules (No Company Name) ========== MOD - C:\Programme\Microsoft Office\Office\MSO97.DLL () MOD - C:\Programme\Microsoft Office\Office\OSA.EXE () ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (FSCLBaseUpdaterService) -- c:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe () SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (NETPPPOI) -- system32\DRIVERS\NETPPPOI.SYS File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MpKsl3611586f) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A81FA75B-16CC-4792-BCFB-15244D26DC5D}\MpKsl3611586f.sys (Microsoft Corporation) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (akshasp) -- C:\Windows\System32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (SafeNet Inc.) DRV - (aksusb) -- C:\Windows\System32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.) DRV - (cm_ser) -- C:\Windows\System32\drivers\cm_ser.sys (C-motech Co.,Ltd.) DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. ) DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (ViPrt) -- C:\Windows\System32\drivers\ViPrt.sys (VIA Technologies, Inc.) DRV - (ViBus) -- C:\Windows\System32\drivers\ViBus.sys (VIA Technologies, Inc.) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (nvatabus) -- C:\Windows\System32\drivers\nvatabus.sys (NVIDIA Corporation) DRV - (JGOGO) -- C:\Windows\System32\drivers\JGOGO.sys (JMicron ) DRV - (FXUSBASE) Eumex 400 (WinXP/2000) -- C:\Windows\System32\drivers\fxusbase.sys (AVM Berlin) DRV - (AVMCOWAN) -- C:\Windows\System32\drivers\avmcowan.sys (AVM GmbH) DRV - (AVMPORT) -- C:\Windows\System32\drivers\avmport.sys (AVM Berlin) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Zimmerei Strubel GbR\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Zimmerei Strubel GbR\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\mozilla firefox\components [2012.04.30 15:19:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.034 [2012.06.25 14:38:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.043 [2012.07.10 07:07:21 | 000,000,000 | ---D | M] [2011.12.01 12:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\mozilla\Extensions [2012.07.03 18:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\mozilla\Firefox\Profiles\kv8gtv1w.default\extensions [2012.07.03 18:38:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\mozilla\Firefox\Profiles\kv8gtv1w.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.07.03 18:39:10 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\mozilla\Firefox\Profiles\kv8gtv1w.default\extensions\bbrs_002@blabbers.com [2012.02.06 09:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\mozilla firefox\extensions [2012.07.03 18:38:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012.04.30 15:19:15 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.02 09:09:36 | 000,003,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = hxxp://isearch.avg.com/search?cid={4DEE4565-1962-4C3F-BBAA-A1AAF7F09D12}&mid=eb7da66cfa2f47d0a58cd14acce4e9e6-52c3e8af8dec4c08e7424909629f2384ccf20519&lang=de&ds=AVG&pr=pr&d=2012-07-02 09:09:46&v=11.1.0.12&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Zimmerei Strubel GbR\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Zimmerei Strubel GbR\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Zimmerei Strubel GbR\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\Zimmerei Strubel GbR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Zimmerei Strubel GbR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Zimmerei Strubel GbR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: internet ([]about in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B5A8FB2-8A02-412D-8112-791DE44EB14A}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{02e43e10-afba-11dc-a2f1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{02e43e10-afba-11dc-a2f1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2a3c6de4-afb8-11dc-a227-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2a3c6de4-afb8-11dc-a227-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3071bf3e-78bb-11dc-a440-0019dbaea617}\Shell - "" = AutoRun O33 - MountPoints2\{3071bf3e-78bb-11dc-a440-0019dbaea617}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{3071bf57-78bb-11dc-a440-0019dbaea617}\Shell - "" = AutoRun O33 - MountPoints2\{3071bf57-78bb-11dc-a440-0019dbaea617}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{44d5736e-78f1-11dc-9d38-000374890932}\Shell - "" = AutoRun O33 - MountPoints2\{44d5736e-78f1-11dc-9d38-000374890932}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{642b763f-79a5-11dc-935f-404e57434401}\Shell - "" = AutoRun O33 - MountPoints2\{642b763f-79a5-11dc-935f-404e57434401}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{642b7659-79a5-11dc-935f-404e57434401}\Shell - "" = AutoRun O33 - MountPoints2\{642b7659-79a5-11dc-935f-404e57434401}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{86905df0-b728-11de-b8c7-00038a000015}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe O33 - MountPoints2\{88e2f8e5-c533-11dd-9f96-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{88e2f8e5-c533-11dd-9f96-00038a000015}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{88e2f948-c533-11dd-9f96-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{88e2f948-c533-11dd-9f96-00038a000015}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{99365360-a969-11dc-905e-0019dbaea617}\Shell - "" = AutoRun O33 - MountPoints2\{99365360-a969-11dc-905e-0019dbaea617}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O33 - MountPoints2\{a64a17e6-bc73-11dc-881d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a64a17e6-bc73-11dc-881d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e4261d4a-7b18-11dc-9aef-404e57434401}\Shell - "" = AutoRun O33 - MountPoints2\{e4261d4a-7b18-11dc-9aef-404e57434401}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{e4261d4c-7b18-11dc-9aef-404e57434401}\Shell - "" = AutoRun O33 - MountPoints2\{e4261d4c-7b18-11dc-9aef-404e57434401}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{fb654415-98f0-11dc-8f55-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{fb654415-98f0-11dc-8f55-00038a000015}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{fb654417-98f0-11dc-8f55-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{fb654417-98f0-11dc-8f55-00038a000015}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{fe2b67a5-78b9-11dc-a0d0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fe2b67a5-78b9-11dc-a0d0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2008.10.21 15:13:51 | 000,574,800 | R--- | M] (Hewlett-Packard) O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.11 11:08:30 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Zimmerei Strubel GbR\Desktop\OTL.exe [2012.07.11 10:27:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree [2012.07.11 10:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft HiJackFree [2012.07.11 10:21:48 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.11 10:21:47 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\Malwarebytes [2012.07.11 10:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.11 10:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.11 10:21:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.11 10:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.10 13:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojancheck 6 [2012.07.10 13:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Trojancheck 6 [2012.07.10 07:07:21 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.043 [2012.07.05 15:22:41 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.040 [2012.07.03 11:51:09 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.039 [2012.07.02 12:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2012.07.02 09:10:00 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Local\AVG Secure Search [2012.07.02 09:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012.07.02 09:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012.07.02 09:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012.07.02 09:08:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.07.02 09:06:59 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.07.02 09:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012 [2012.07.02 09:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012.07.02 08:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.06.29 12:01:28 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.038 [2012.06.27 11:52:00 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.037 [2012.06.26 11:49:51 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.036 [2012.06.26 08:02:14 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.035 [2012.06.25 14:38:09 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.034 [2012.06.25 07:57:37 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.033 [2012.06.19 14:29:10 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11032 [2012.06.19 09:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2012.06.19 09:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.06.19 08:43:55 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\Systweak [2012.06.19 08:43:47 | 000,017,280 | ---- | C] (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) -- C:\Windows\System32\roboot.exe [2012.06.19 08:05:07 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\UAs [2012.06.19 08:03:43 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\Documents\228656-665307-whatsapp.apk [2012.06.19 07:54:49 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Local\BlueStacksSetup [2012.06.19 07:54:48 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Local\BlueStacks [2012.06.18 10:47:52 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11031 [2012.06.17 11:15:45 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11030 [2012.06.17 11:15:23 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\xmldm [2012.06.17 11:15:14 | 000,000,000 | ---D | C] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\kock [1 C:\Users\Zimmerei Strubel GbR\AppData\Roaming\*.tmp files -> C:\Users\Zimmerei Strubel GbR\AppData\Roaming\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.11 12:05:35 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CBB78B5D-429A-45EC-85A9-492229527FCC}.job [2012.07.11 12:05:02 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-10045603-1071056074-1077566-1000UA.job [2012.07.11 11:19:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 11:19:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.11 11:19:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.11 11:19:44 | 1072,160,768 | -HS- | M] () -- C:\hiberfil.sys [2012.07.11 11:08:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Zimmerei Strubel GbR\Desktop\OTL.exe [2012.07.11 11:03:42 | 000,000,000 | ---- | M] () -- C:\Users\Zimmerei Strubel GbR\defogger_reenable [2012.07.11 10:27:13 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk [2012.07.11 10:22:15 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.07.11 10:21:35 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.11 10:11:23 | 000,001,700 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin [2012.07.10 13:41:54 | 000,000,051 | ---- | M] () -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\blckdom.res [2012.07.10 13:19:11 | 000,000,814 | ---- | M] () -- C:\Users\Zimmerei Strubel GbR\Desktop\Trojancheck.lnk [2012.07.10 13:00:26 | 000,403,297 | ---- | M] () -- C:\Users\Zimmerei Strubel GbR\AppData\Local\census.cache [2012.07.10 13:00:09 | 000,167,996 | ---- | M] () -- C:\Users\Zimmerei Strubel GbR\AppData\Local\ars.cache [2012.07.10 08:41:07 | 000,000,036 | ---- | M] () -- C:\Users\Zimmerei Strubel GbR\AppData\Local\housecall.guid.cache [2012.07.10 08:05:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-10045603-1071056074-1077566-1000Core.job [2012.07.04 13:35:00 | 000,000,002 | ---- | M] () -- C:\Windows\msoffice.ini [2012.07.03 09:28:01 | 000,002,123 | ---- | M] () -- C:\Users\Zimmerei Strubel GbR\Desktop\Google Chrome.lnk [1 C:\Users\Zimmerei Strubel GbR\AppData\Roaming\*.tmp files -> C:\Users\Zimmerei Strubel GbR\AppData\Roaming\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.11 11:03:42 | 000,000,000 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\defogger_reenable [2012.07.11 10:27:13 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk [2012.07.11 10:21:35 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.11 10:07:03 | 000,001,700 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin [2012.07.10 13:19:11 | 000,000,814 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\Desktop\Trojancheck.lnk [2012.07.10 08:57:52 | 000,403,297 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\AppData\Local\census.cache [2012.07.10 08:56:53 | 000,167,996 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\AppData\Local\ars.cache [2012.07.10 08:41:07 | 000,000,036 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\AppData\Local\housecall.guid.cache [2012.07.04 13:35:00 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2012.06.22 13:10:26 | 000,000,051 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\blckdom.res [2012.06.19 13:33:05 | 1072,160,768 | -HS- | C] () -- C:\hiberfil.sys [2012.02.10 13:30:28 | 000,001,878 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\Skype.lnk [2010.07.27 12:08:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.27 12:05:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.27 12:05:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2007.11.22 14:39:18 | 000,000,604 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\wklnhst.dat [2007.11.22 13:30:40 | 000,005,120 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.04.17 18:07:43 | 000,000,248 | ---- | C] () -- C:\Users\Zimmerei Strubel GbR\.java.policy ========== LOP Check ========== [2012.06.25 07:57:37 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.033 [2012.06.25 14:38:09 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.034 [2012.06.26 08:02:14 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.035 [2012.06.26 11:49:51 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.036 [2012.06.27 11:52:01 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.037 [2012.07.03 18:39:32 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.038 [2012.07.03 11:51:10 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.039 [2012.07.05 15:22:41 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.040 [2012.07.10 07:07:21 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11001.043 [2012.06.17 11:15:47 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11030 [2012.06.18 10:47:52 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11031 [2012.06.19 14:29:10 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\11032 [2007.10.13 17:26:31 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\ComCenter [2007.10.12 20:35:35 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\Eumex 400 [2012.06.17 11:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\kock [2007.11.22 13:54:55 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\Lexware [2007.12.13 16:16:14 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\SmartSurfer [2012.07.11 10:16:08 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\Systweak [2007.11.22 14:39:20 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\Template [2012.06.19 08:05:07 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\UAs [2007.12.13 16:16:23 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\WEBDE [2012.06.19 08:05:57 | 000,000,000 | ---D | M] -- C:\Users\Zimmerei Strubel GbR\AppData\Roaming\xmldm [2012.07.11 11:18:41 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.11 12:05:35 | 000,000,448 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CBB78B5D-429A-45EC-85A9-492229527FCC}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.07.2012 11:53:55 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Zimmerei Strubel GbR\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1021,76 Mb Total Physical Memory | 364,15 Mb Available Physical Memory | 35,64% Memory free
2,26 Gb Paging File | 1,40 Gb Available in Paging File | 62,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 94,34 Gb Free Space | 63,70% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 71,30 Gb Free Space | 97,57% Space Free | Partition Type: NTFS
Computer Name: ZIMMEREISTRU-PC | User Name: Zimmerei Strubel GbR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\mozilla firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\mozilla firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\mozilla firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F9E62-5EC6-4C1F-A26E-FBC6421D4725}" = FarPointComponents
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}" = Adobe Flash Player 9 ActiveX
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DDDA6572-867F-4787-902E-0B0203FB1847}" = Dietrich's Baudaten
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F99898C4-4620-404A-915B-01292FA1A657}" = Lexware financial office 2007
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Cradle of Rome" = Cradle of Rome (remove only)
"Emsisoft HiJackFree_is1" = Emsisoft HiJackFree 4.5
"Excel" = Microsoft Excel 97
"Hardlock Device Driver" = Hardlock Device Driver
"Hardlock Gerätetreiber" = Hardlock Gerätetreiber
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"roSoft Runtime Pack für ELSTER_is1" = roSoft Runtime Pack für ELSTER 2006
"Trojancheck_is1" = Trojancheck 6
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.09.2011 01:42:52 | Computer Name = ZimmereiStru-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.09.2011 01:42:53 | Computer Name = ZimmereiStru-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 22.09.2011 03:57:18 | Computer Name = ZimmereiStru-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FINDFAST.EXE, Version 8.0.0.4120, Zeitstempel
0x338471be, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x000663d2, Prozess-ID 0x338, Anwendungsstartzeit
01cc78eb700e5775.
Error - 26.09.2011 09:10:43 | Computer Name = ZimmereiStru-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 30.09.2011 03:32:41 | Computer Name = ZimmereiStru-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FINDFAST.EXE, Version 8.0.0.4120, Zeitstempel
0x338471be, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x000663d2, Prozess-ID 0x7f8, Anwendungsstartzeit
01cc7f314d79e6bf.
Error - 01.10.2011 19:45:36 | Computer Name = ZimmereiStru-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.10.2011 19:45:38 | Computer Name = ZimmereiStru-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.10.2011 19:45:39 | Computer Name = ZimmereiStru-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 01.10.2011 19:46:14 | Computer Name = ZimmereiStru-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 05.10.2011 03:18:00 | Computer Name = ZimmereiStru-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FINDFAST.EXE, Version 8.0.0.4120, Zeitstempel
0x338471be, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,
Ausnahmecode 0xc0000005, Fehleroffset 0x000663d2, Prozess-ID 0xdac, Anwendungsstartzeit
01cc831cf9ae8703.
[ System Events ]
Error - 02.07.2012 10:00:40 | Computer Name = ZimmereiStru-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 03.07.2012 01:18:11 | Computer Name = ZimmereiStru-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 03.07.2012 01:32:02 | Computer Name = ZimmereiStru-PC | Source = Service Control Manager | ID = 7011
Description =
Error - 03.07.2012 03:15:47 | Computer Name = ZimmereiStru-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 03.07.2012 03:16:01 | Computer Name = ZimmereiStru-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.129.814.0 Aktualisierungsquelle: %%859
Aktualisierungsphase:
%%854 Quellpfad: hxxp://www.microsoft.com Signaturtyp: %%800 Aktualisierungstyp: %%803
Benutzer:
NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.8502.0 Fehlercode:
0x80070643 Fehlerbeschreibung: Schwerwiegender Fehler bei der Installation.
Error - 04.07.2012 01:10:37 | Computer Name = ZimmereiStru-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 06.07.2012 01:24:37 | Computer Name = ZimmereiStru-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 1.129.1016.0 Aktualisierungsquelle:
%%859 Aktualisierungsphase: %%852 Quellpfad: hxxp://www.microsoft.com Signaturtyp:
%%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion:
Vorherige Modulversion: 1.1.8502.0 Fehlercode: 0x80072efe Fehlerbeschreibung: Die
Serververbindung wurde aufgrund eines Fehlers beendet.
Error - 11.07.2012 05:22:46 | Computer Name = ZimmereiStru-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11.07.2012 05:23:19 | Computer Name = ZimmereiStru-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 11.07.2012 05:23:19 | Computer Name = ZimmereiStru-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Ich Hoffe ich habe es soweit richtig gemacht . Habe auch einen Brief von Der Telecom bekommen (der internet Anbieter) Das von meinem Anschluss auf Fremde systeme Zugegriffen wurde. Daraufhin haben die den Outlook Express Gesperrt also es gehen keine nachrichten mehr raus nur rein. |
|
11.07.2012, 21:37
| #2 |
| /// Malware-holic   | Trojan.Agent,Trojan.Banker,PUP.Blabbers . hi
__________________banking hast du ja gesperrt laut pm. der pc muss neu aufgesetzt und dann abgesichert werden 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ |
|
12.07.2012, 07:45
| #3 |
| | Trojan.Agent,Trojan.Banker,PUP.Blabbers . Erstmal Danke fürs antworten
__________________  Werde jetzt damit anfangen den Pc platt zu machen. Ja es ist ein Fertig Pc .Habe mal die Daten von dem Pc im Anhang geschmissen . Nur da steht nichts von nen typ oder wo sehe ich das ? Der Pc hier ist mit einem anderen Pc per netzwerk Verbunden ,werde nachher noch die Berichte von den anderen PC reinstellen. Das was ich bis jetzt gepostet habe ist von dem Nebenrechner ,habe auf dem Hauptrechner auch keine Trojaner gefunden nur son PUP.Bundlelnstaller.DMR. Hoffe doch das der Hauptrechner nicht neu aufgesetzt werden muss da sich auf dem Pc Alles befindet was eine Zimmerei braucht.(Lohnsteuer Programm,Abbundprogramm usw.) mfg Sven |
|
13.07.2012, 20:47
| #4 |
| /// Malware-holic | Trojan.Agent,Trojan.Banker,PUP.Blabbers . gabs cds zum pc?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Trojan.Agent,Trojan.Banker,PUP.Blabbers . |
| .dll, administrator, alternate, anti-malware, appdata, autostart, avg secure search, bericht, brief, browser, dateien, device driver, emsisoft, explorer, falsch, gelöscht, gen, gerätetreiber, google earth, helper, heuristiks/extra, heuristiks/shuriken, install.exe, intranet, microsoft, msn deutschland, neu, ntdll.dll, plug-in, problem, programm, pup.blabbers, pup.blabbers.h, quarantäne, roaming, searchscopes, secure search, software, speicher, temp, test, trojan.agent, vista |
Linear-Darstellung
