[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]

Tim0 · 05.08.2012, 11:48

Guten Tag,
ich habe von Antivir die Meldung bekommen das ich den im Titel genannten Trojaner habe,
welcher auch nach dem Entfernen mit Antivir nicht verschwunden ist.

Code:

ATTFilter

OTL logfile created on: 05.08.2012 12:43:14 - Run 4
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Computer\Desktop\Sicherheit
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,62% Memory free
8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 32,80 Gb Free Space | 29,34% Space Free | Partition Type: NTFS
Drive D: | 249,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1397,26 Gb Total Space | 702,15 Gb Free Space | 50,25% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Computer\Desktop\Sicherheit\Defogger.exe ()
PRC - C:\Users\Computer\Desktop\Sicherheit\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\SysWOW64\TSTheme.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Computer\Desktop\Sicherheit\Defogger.exe ()
MOD - C:\Users\Computer\AppData\Roaming\14001.008\components\AcroFF.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (GPCIDrv) -- C:\Program Files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys ()
DRV - (TVICHW32) -- C:\Program Files (x86)\GIGABYTE\EasyBoost\TVicHW64.sys (EnTech Taiwan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC D7 83 1F BC 65 CD 01  [binary data]
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={273A7248-29A4-4A32-9C8E-5785FF48A971}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 05 01 26 7A CF B5 CC 01  [binary data]
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1460563739-2049981762-912863089-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.01 22:59:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 18:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.21 17:25:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.29 19:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Computer\AppData\Roaming\14001.008 [2012.08.05 11:52:37 | 000,000,000 | ---D | M]
 
[2011.12.08 20:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2012.08.03 14:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions
[2012.07.26 18:23:11 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.08.03 14:47:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions\ich@maltegoetz.de
[2012.07.26 18:23:12 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\snifs0xy.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.07.19 16:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.22 09:52:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.05 11:52:37 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\COMPUTER\APPDATA\ROAMING\14001.008
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.02 12:27:09 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.26 18:37:01 | 000,443,881 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15244 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1460563739-2049981762-912863089-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1460563739-2049981762-912863089-1001..\Run: [Userinit] C:\Users\Computer\AppData\Roaming\appconf32.exe ()
O4 - HKU\S-1-5-21-1460563739-2049981762-912863089-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1460563739-2049981762-912863089-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Das YouTube Video als MP3 &speichern - C:\Users\Computer\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Das YouTube Video als MP3 &speichern - C:\Users\Computer\AppData\Roaming\Free YouTube to MP3 Converter Studio\Free YouTube to MP3 Converter Studio.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.7 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2C997D5-B60C-4386-9423-6D626FF8EF1A}: DhcpNameServer = 62.109.123.7 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.08 12:00:57 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.05 12:04:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.08.05 11:56:18 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Neuer Ordner (3)
[2012.08.05 11:48:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.08.05 11:39:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.08.05 11:39:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.08.05 11:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.08.05 11:10:40 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Sicherheit
[2012.08.05 11:00:38 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Malwarebytes
[2012.08.05 11:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.05 11:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.05 09:43:21 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\14001.008
[2012.08.04 20:47:54 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\LJTD x64
[2012.08.04 20:45:53 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\LJTD x86
[2012.08.04 20:25:18 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\StackTimer
[2012.08.04 20:15:11 | 000,000,000 | ---D | C] -- C:\Users\Computer\Desktop\Neuer Ordner (2)
[2012.08.04 20:12:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\UAs
[2012.08.04 19:38:05 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\xmldm
[2012.08.04 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\kock
[2012.08.04 18:00:45 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\League of Legends
[2012.08.04 17:58:48 | 000,000,000 | ---D | C] -- C:\Games
[2012.08.04 17:57:47 | 000,000,000 | ---D | C] -- C:\ACE Client Setup
[2012.08.04 15:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012.08.04 15:42:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\uTorrent
[2012.07.30 19:37:53 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\Computer\Desktop\ccsetup321.exe
[2012.07.27 21:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.07.26 18:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.07.26 18:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.07.26 18:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.07.26 18:23:39 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\adaware
[2012.07.26 18:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.07.26 18:23:34 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012.07.26 18:23:33 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.07.26 18:23:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.07.26 18:23:25 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Downloaded Installations
[2012.07.26 18:23:13 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\adawarebp
[2012.07.26 18:23:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.07.26 18:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012.07.26 18:23:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012.07.26 18:22:31 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Ad-Aware Antivirus
[2012.07.26 18:22:19 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Computer\Desktop\spybotsd162.exe
[2012.07.24 16:40:32 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Apple
[2012.07.23 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.21 15:53:12 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Roaming\Softpark
[2012.07.21 15:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yaric
[2012.07.21 15:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yaric
[2012.07.20 10:50:58 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Thunderbird
[2012.07.19 20:33:40 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Apps
[2012.07.19 16:40:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.07.19 15:07:49 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\VirtualStore
[2012.07.19 15:07:35 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Adobe
[2012.07.19 15:05:48 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\Macromedia
[2012.07.18 21:42:33 | 000,000,000 | ---D | C] -- C:\Photoshop Brushes
[2012.07.18 18:13:47 | 000,000,000 | ---D | C] -- C:\Photoshop
[2012.07.11 16:56:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 16:56:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 16:56:30 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 16:56:26 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 16:56:25 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.02 13:06:47 | 002,327,552 | ---- | C] (ABACOM) -- C:\Program Files (x86)\splan70.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Computer\AppData\Roaming\*.tmp files -> C:\Users\Computer\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.05 12:41:19 | 000,000,000 | ---- | M] () -- C:\Users\Computer\defogger_reenable
[2012.08.05 12:23:02 | 000,000,017 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\blckdom.res
[2012.08.05 12:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 12:12:48 | 000,025,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 12:12:48 | 000,025,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 12:09:46 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.05 12:09:46 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.05 12:09:46 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.05 12:09:46 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.05 12:09:46 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.05 12:05:36 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.08.05 12:05:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 12:05:32 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.03 15:16:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.03 15:16:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.30 19:39:05 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.30 19:37:54 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\Computer\Desktop\ccsetup321.exe
[2012.07.29 10:17:52 | 000,001,993 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2012.07.29 10:17:52 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk
[2012.07.29 10:17:46 | 001,424,103 | ---- | M] () -- C:\Users\Computer\Desktop\LOLReplay-0.7.9.34.exe
[2012.07.26 18:37:01 | 000,443,881 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.26 18:24:07 | 000,001,258 | ---- | M] () -- C:\Users\Computer\Desktop\Spybot - Search & Destroy.lnk
[2012.07.26 18:22:27 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Computer\Desktop\spybotsd162.exe
[2012.07.26 18:19:39 | 004,935,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.26 18:13:38 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.21 15:53:11 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\PatchGuard.lnk
[2012.07.21 15:53:11 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Yaric.lnk
[2012.07.18 21:43:22 | 000,000,000 | -H-- | M] () -- C:\Users\Computer\Documents\Default.rdp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Computer\AppData\Roaming\*.tmp files -> C:\Users\Computer\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.05 12:41:19 | 000,000,000 | ---- | C] () -- C:\Users\Computer\defogger_reenable
[2012.08.05 11:54:22 | 000,000,017 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\blckdom.res
[2012.07.29 10:17:45 | 001,424,103 | ---- | C] () -- C:\Users\Computer\Desktop\LOLReplay-0.7.9.34.exe
[2012.07.26 18:24:07 | 000,001,258 | ---- | C] () -- C:\Users\Computer\Desktop\Spybot - Search & Destroy.lnk
[2012.07.25 21:12:41 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.21 15:53:11 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\PatchGuard.lnk
[2012.07.21 15:53:11 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Yaric.lnk
[2012.07.19 16:40:01 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.07.18 21:43:22 | 000,000,000 | -H-- | C] () -- C:\Users\Computer\Documents\Default.rdp
[2012.06.02 13:06:47 | 001,115,915 | ---- | C] () -- C:\Program Files (x86)\splan70.CHM
[2012.06.02 12:38:48 | 000,001,440 | ---- | C] () -- C:\Windows\_isenv31.ini
[2012.02.02 01:25:08 | 000,735,353 | ---- | C] () -- C:\Users\Computer\ace_uninstaller.exe
[2012.01.14 16:39:52 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.01.14 16:39:52 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Computer\AppData\Roaming\appconf32.exe
 
========== LOP Check ==========
 
[2012.08.05 11:52:37 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\14001.008
[2012.08.05 12:00:29 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Ad-Aware Antivirus
[2012.05.08 23:00:13 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Chess Tutor
[2012.05.07 17:10:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ChessBase
[2011.12.15 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoft
[2011.12.15 20:58:25 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.17 17:36:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\FL_SIM_P4_D
[2012.01.29 00:51:21 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Free YouTube to MP3 Converter Studio
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\FreeFLVConverter
[2012.08.04 19:38:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\kock
[2011.12.09 16:39:44 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\LolClient
[2012.05.24 16:02:30 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\LolClient2
[2011.12.28 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\OpenOffice.org
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\SAD-Europa-Führerschein
[2012.05.06 22:39:27 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\ShredderChess
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\SmartDraw
[2012.07.21 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Softpark
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Spotify
[2012.07.23 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Thunderbird
[2012.08.04 14:43:04 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\TS3Client
[2012.08.05 09:43:07 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\UAs
[2012.08.05 00:05:41 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\uTorrent
[2012.07.26 18:17:39 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WindSolutions
[2012.08.05 09:43:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\xmldm
[2012.08.05 12:05:36 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012.07.07 09:01:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Computer :: COMPUTER-PC [Administrator]

05.08.2012 13:17:20
mbam-log-2012-08-05 (13-19-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217050
Laufzeit: 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Computer\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Computer\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Computer\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.

(Ende)

Ich hoffe ihr könnt mir helfen ihn loszuwerden

Mit freundlichen Grüßen
Tim0

Edit: Gerade kam noch folgende Meldung dazu:
Objekt: BAcroIEHelpe.dll
Fund: RKIT/Agent.dewl

cosinus · 09.08.2012, 19:58

Code:

ATTFilter

C:\Users\Computer\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Keine Aktion durchgeführt.
C:\Users\Computer\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt.

Du hast da leider einen BankingTrojaner im System
Machst du OnlineBanking mit dieser Kiste?

Tim0 · 09.08.2012, 20:37

Ja mache ich mit Chiptan verfahren,
hatte verschiedene Scanner durchlaufen lassen und nun seit etwa 2 Tagen keine Meldungen mehr,
aber das muss ja bekanntermaßen nichts heißen.

MfG Tim0

cosinus · 10.08.2012, 21:48

Ich weiß nicht ob das trotzdem unbedingt clever wäre...zumindest wäre es sehr fahrlässig
Willst du wirklich bereinigen?

Tim0 · 10.08.2012, 22:06

Da ich heute etwas Zeit hatte habe ich mein System neu aufgestetzt,
war mir dann doch zu riskant.

Danke für die nette Hilfe,

MfG Tim0

cosinus · 11.08.2012, 16:53

Da du alles komplett neu gemacht hast wären wir durch, abschließend poste ich noch meinen Updateleitfaden!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Tim0 · 11.08.2012, 20:43

Vielen Dank so etwas habe ich gesucht

MfG Tim0

09.08.2012, 19:58	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5] Code: ATTFilter C:\Users\Computer\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Keine Aktion durchgeführt. C:\Users\Computer\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Keine Aktion durchgeführt. Du hast da leider einen BankingTrojaner im System Machst du OnlineBanking mit dieser Kiste? __________________ __________________

10.08.2012, 21:48	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5] Ich weiß nicht ob das trotzdem unbedingt clever wäre...zumindest wäre es sehr fahrlässig Willst du wirklich bereinigen? __________________ Logfiles bitte immer in CODE-Tags posten

[AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]

Plagegeister aller Art und deren Bekämpfung: [AcroIEHelpe.dll] [TR/Spy.Banker.Gen5]