![]() |
|
Plagegeister aller Art und deren Bekämpfung: Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen Hallo zusammen, ich habe mir den Trojaner AT/ATRAPS.GEN2 eingefangen. Avira meldet sich alle paar Minuten, aber weder Quarantäne noch Entfernen bringen etwas. Könnt Ihr mir bitte helfen, den Trojaner vom System zu entfernen? Die Logs von Defogger, OTL, MBAM und ESET habe ich vorsorglich schon mal erstellt: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 13:39 on 11/08/2012 (Maus) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL logfile created on: 11.08.2012 13:49:11 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Maus\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,64% Memory free 8,23 Gb Paging File | 6,35 Gb Available in Paging File | 77,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 15,83 Gb Free Space | 32,41% Space Free | Partition Type: NTFS Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS Drive F: | 48,83 Gb Total Space | 22,77 Gb Free Space | 46,63% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 39,55 Gb Free Space | 80,98% Space Free | Partition Type: NTFS Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS Drive I: | 78,13 Gb Total Space | 58,57 Gb Free Space | 74,97% Space Free | Partition Type: NTFS Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS Drive K: | 78,13 Gb Total Space | 67,97 Gb Free Space | 86,99% Space Free | Partition Type: NTFS Drive L: | 39,07 Gb Total Space | 16,91 Gb Free Space | 43,29% Space Free | Partition Type: NTFS Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maus\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\bin32\nSvcAppFlt.exe () SRV - (nSvcIp) -- C:\Programme\bin32\nSvcIp.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 32 BE 78 E3 6C CD 01 [binary data] IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=b887fd8b-c7b7-4d99-85f5-a9c4bc37a01b&apn_sauid=041AD562-8D9C-45DF-ADD9-912C499EED13 IE - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=b887fd8b-c7b7-4d99-85f5-a9c4bc37a01b&apn_ptnrs=%5EABT&apn_sauid=041AD562-8D9C-45DF-ADD9-912C499EED13&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 14:56:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 21:39:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Extensions [2012.05.30 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maus\AppData\Roaming\mozilla\Firefox\Profiles\siytadi4.default\extensions [2012.06.08 10:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.20 14:56:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1573093539-3000668172-1714174166-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u7-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E4CF4E86-D0DC-4864-8F0E-4F6EA2526334} https://img.ui-portal.de/webde/smartdrive/activex/gmxnet_osupload_2002.cab (UI File Upload Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53A81723-D152-4E12-A80E-717200C4D36F}: DhcpNameServer = 192.168.2.1 192.168.2.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.13 23:54:45 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2012.05.01 16:01:27 | 000,000,000 | ---D | M] - F:\Auto -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.08.08 21:27:24 | 000,000,000 | ---D | C] -- C:\Users\Maus\AppData\Roaming\Malwarebytes [2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.08 21:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.08 21:27:16 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.08 21:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.08 21:02:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe [2012.08.07 09:25:16 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.08.04 12:26:37 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.04 12:26:37 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.15 11:58:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.15 11:58:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.15 11:58:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.15 11:58:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.15 11:58:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.15 11:58:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.15 11:58:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.15 11:58:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.15 11:58:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.15 11:58:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.15 11:58:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.15 11:58:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.15 11:58:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.15 11:57:10 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.07.15 11:57:10 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.07.15 11:57:05 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll ========== Files - Modified Within 30 Days ========== [2012.08.11 13:24:10 | 001,418,438 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.11 13:24:10 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.11 13:24:10 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.11 13:24:10 | 000,122,442 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.11 13:24:10 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.11 13:18:24 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.11 13:18:24 | 000,003,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.11 13:18:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.08 21:27:17 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 21:00:10 | 000,000,000 | ---- | M] () -- C:\Users\Maus\defogger_reenable [2012.08.08 20:57:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Maus\Desktop\OTL.exe [2012.08.08 20:57:15 | 000,050,477 | ---- | M] () -- C:\Users\Maus\Desktop\Defogger.exe [2012.08.07 09:25:16 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.08.07 08:44:17 | 000,003,584 | ---- | M] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.08.04 12:26:37 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.04 12:26:37 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.07.15 12:07:04 | 000,255,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.11 13:22:56 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@ [2012.08.11 11:08:54 | 000,023,552 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\800000cb.@ [2012.08.11 11:08:54 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@ [2012.08.08 21:27:17 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.08 21:00:10 | 000,000,000 | ---- | C] () -- C:\Users\Maus\defogger_reenable [2012.08.08 20:58:13 | 000,050,477 | ---- | C] () -- C:\Users\Maus\Desktop\Defogger.exe [2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@ [2012.06.08 08:15:05 | 000,002,048 | -HS- | C] () -- C:\Users\Maus\AppData\Local\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\@ [2012.06.02 16:35:43 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:35:23 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2012.06.02 16:35:06 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2012.06.02 16:35:06 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2012.06.02 11:15:04 | 000,161,792 | ---- | C] () -- C:\Windows\regedit.exe [2012.06.02 11:14:42 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2012.05.31 11:51:39 | 000,003,584 | ---- | C] () -- C:\Users\Maus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.28 18:39:29 | 000,025,472 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.05.28 18:39:11 | 000,025,218 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.05.28 18:39:10 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2012.05.28 18:34:16 | 000,000,732 | ---- | C] () -- C:\Users\Maus\AppData\Local\d3d9caps64.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== LOP Check ========== [2012.06.09 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\FreePDF [2012.05.29 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\Maus\AppData\Roaming\OpenOffice.org [2012.08.11 11:50:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.08.2012 13:49:11 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Maus\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 61,64% Memory free 8,23 Gb Paging File | 6,35 Gb Available in Paging File | 77,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 15,83 Gb Free Space | 32,41% Space Free | Partition Type: NTFS Drive D: | 2,87 Gb Total Space | 2,81 Gb Free Space | 97,82% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 16,11 Gb Free Space | 32,99% Space Free | Partition Type: NTFS Drive F: | 48,83 Gb Total Space | 22,77 Gb Free Space | 46,63% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 39,55 Gb Free Space | 80,98% Space Free | Partition Type: NTFS Drive H: | 78,13 Gb Total Space | 8,05 Gb Free Space | 10,30% Space Free | Partition Type: NTFS Drive I: | 78,13 Gb Total Space | 58,57 Gb Free Space | 74,97% Space Free | Partition Type: NTFS Drive J: | 78,13 Gb Total Space | 63,05 Gb Free Space | 80,70% Space Free | Partition Type: NTFS Drive K: | 78,13 Gb Total Space | 67,97 Gb Free Space | 86,99% Space Free | Partition Type: NTFS Drive L: | 39,07 Gb Total Space | 16,91 Gb Free Space | 43,29% Space Free | Partition Type: NTFS Drive M: | 24,42 Gb Total Space | 19,16 Gb Free Space | 78,45% Space Free | Partition Type: NTFS Drive N: | 9,77 Gb Total Space | 1,62 Gb Free Space | 16,58% Space Free | Partition Type: NTFS Computer Name: MAUS-PC | User Name: Maus | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\Windows\regedit.exe () [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .reg [@ = regfile] -- C:\Windows\regedit.exe () [HKEY_USERS\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" () regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "L:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "L:\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" () regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "L:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [dm-Fotowelt] -- "L:\dm-Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9D C2 5A C1 A5 40 CD 01 [binary data] "VistaSp2" = 61 F0 43 92 CF 40 CD 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel "{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit) "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "GPL Ghostscript 9.04" = GPL Ghostscript "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NVIDIA Drivers" = NVIDIA Drivers "Redirection Port Monitor" = RedMon - Redirection Port Monitor "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32 "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "dm-Fotowelt" = dm-Fotowelt "FreePDF_XP" = FreePDF (Remove only) "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1573093539-3000668172-1714174166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.07.2012 15:22:07 | Computer Name = Maus-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, fehlerhaftes Modul xlive.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode 0xc0000138, Fehleroffset 0x0006f52f, Prozess-ID 0x6fc, Anwendungsstartzeit 01cd59512305e817. Error - 03.07.2012 15:22:39 | Computer Name = Maus-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.7.0, Zeitstempel 0x4bd9efbe, fehlerhaftes Modul xlive.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode 0xc0000138, Fehleroffset 0x0006f52f, Prozess-ID 0xf20, Anwendungsstartzeit 01cd595135b61617. Error - 05.07.2012 09:42:22 | Computer Name = Maus-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung FlashPlayerPlugin_11_3_300_262.exe, Version 11.3.300.262, Zeitstempel 0x4fe20fae, fehlerhaftes Modul NPSWF32_11_3_300_262.dll, Version 11.3.300.262, Zeitstempel 0x4fe21212, Ausnahmecode 0xc0000005, Fehleroffset 0x0066d2ff, Prozess-ID 0x414, Anwendungsstartzeit 01cd5ab06224eb93. Error - 06.07.2012 11:18:02 | Computer Name = Maus-PC | Source = EventSystem | ID = 4609 Description = Error - 06.07.2012 16:14:46 | Computer Name = Maus-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung dm-Fotowelt.exe, Version 0.0.0.0, Zeitstempel 0x4fbc8b1d, fehlerhaftes Modul QtGui4.dll, Version 4.7.1.0, Zeitstempel 0x4e5e511b, Ausnahmecode 0xc0000005, Fehleroffset 0x0044c4e3, Prozess-ID 0x1270, Anwendungsstartzeit 01cd5bb2c2ffaf20. Error - 03.08.2012 03:25:02 | Computer Name = Maus-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 14.0.1.4577 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: d70 Anfangszeit: 01cd7142895c027c Zeitpunkt der Beendigung: 31 Error - 07.08.2012 02:38:54 | Computer Name = Maus-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.6.0, Zeitstempel 0x4bb3ad56, fehlerhaftes Modul xlive.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f, Ausnahmecode 0xc0000138, Fehleroffset 0x0006f52f, Prozess-ID 0x1154, Anwendungsstartzeit 01cd74674ead6fd8. Error - 07.08.2012 03:25:02 | Computer Name = Maus-PC | Source = System Restore | ID = 8193 Description = Error - 07.08.2012 03:30:03 | Computer Name = Maus-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 14.0.1.4577 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: f10 Anfangszeit: 01cd74664c50c808 Zeitpunkt der Beendigung: 16 Error - 08.08.2012 15:39:45 | Computer Name = Maus-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "F:\__TROJANER\Tools\esetsmartinstaller_enu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest. [ System Events ] Error - 10.08.2012 11:57:48 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003 Description = Error - 10.08.2012 13:18:40 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7023 Description = Error - 10.08.2012 13:18:40 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003 Description = Error - 10.08.2012 13:18:40 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003 Description = Error - 11.08.2012 05:05:59 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7023 Description = Error - 11.08.2012 05:05:59 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003 Description = Error - 11.08.2012 05:05:59 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003 Description = Error - 11.08.2012 07:20:03 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7023 Description = Error - 11.08.2012 07:20:03 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003 Description = Error - 11.08.2012 07:20:03 | Computer Name = Maus-PC | Source = Service Control Manager | ID = 7003 Description = < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.10.07 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Maus :: MAUS-PC [Administrator] Schutz: Aktiviert 11.08.2012 14:01:01 quick_mbam-log-2012-08-11 (14-02-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 187276 Laufzeit: 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@ (RootKit.0Access.H) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.10.07 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Maus :: MAUS-PC [Administrator] Schutz: Aktiviert 11.08.2012 14:03:48 fullscan_mbam-log-2012-08-11 (15-49-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 546221 Laufzeit: 56 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\00000001.@ (RootKit.0Access.H) -> Keine Aktion durchgeführt. G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000\$R2XFZGP.exe (PUP.BundleInstaller.DU) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6d8e22ba478565479d53ad3231b62efe # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-11 02:04:43 # local_time=2012-08-11 04:04:43 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 6468947 6468947 0 0 # compatibility_mode=5892 16776574 66 45 6063315 182217704 0 0 # compatibility_mode=8192 67108863 100 0 124 124 0 0 # scanned=3251 # found=0 # cleaned=0 # scan_time=85 ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6d8e22ba478565479d53ad3231b62efe # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-11 04:35:01 # local_time=2012-08-11 06:35:01 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 6469193 6469193 0 0 # compatibility_mode=5892 16776574 66 45 6063561 182217950 0 0 # compatibility_mode=8192 67108863 100 0 370 370 0 0 # scanned=364216 # found=4 # cleaned=0 # scan_time=8857 C:\Users\Maus\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5ad13017-5e4c979f a variant of Java/Exploit.CVE-2012-1723.AB trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\Installer\{7d0e6048-10f9-8155-544b-e73b2ccb76e4}\U\80000000.@ Win64/Sirefef.AL trojan (unable to clean) 00000000000000000000000000000000 I G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000\$R2XFZGP.exe a variant of Win32/DownloadGuru application (unable to clean) 00000000000000000000000000000000 I G:\$RECYCLE.BIN\S-1-5-21-3797951732-3175958356-1652295579-1000\$RC18HX4.exe Win32/Toolbar.SearchSuite application (unable to clean) 00000000000000000000000000000000 I Grüße, Waterdragon |
Themen zu Trojaner AT/ATRAPS.GEN2, Unterstützung beim entfernen |
antivir, autorun, avira, avira searchfree toolbar, bho, downloader, entfernen, error, firefox, flash player, format, google, grand theft auto, helper, home, install.exe, java/exploit.cve-2012-1723.ab, langs, logfile, maus, mozilla, plug-in, realtek, recycle.bin, registry, richtlinie, rundll, scan, security, software, system, trojaner, vista |