Plagegeister aller Art und deren Bekämpfung: wie entferne ich den Bundestrojaner?
| ![]() wie entferne ich den Bundestrojaner? Hallo, habe wie viele ein großes problem mit nem Bundestrojaner. Ich habe Windows 7 Professional Service Pack 1 Wenn ich meinen Rechner starte wird er gesperrt und ich soll 100€ zahlen. Das Bild verschwindet gar nicht mehr und an den TaskManager komme ich so nicht ran. Habe mich dann im inet(per handy) belesen. Daraufhin habe ich den Rechner im Abgesicherten Modus gestartet allerdings griff da auch der trojaner. Habe es dann im Abgesicherten Modus mit Eingabeaufforderung versucht und das hat geklappt, musste dort nur noch explorer.exe eingeben und er öffnete sich. Als nächstes habe ich ein neues Konto als Admin erstellt, konnte nach nem neustart mich damit anmelden und habe OTL, ESET und Malwarebytes durchlaufen lassen. jetzt kommen die LogFiles: OTL Code:
ATTFilter OTL logfile created on: 20.09.2012 18:12:28 - Run 1 OTL by OldTimer - Version Folder = C:\Users\egbert2\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,34% Memory free 5,99 Gb Paging File | 5,00 Gb Available in Paging File | 83,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 448,97 Gb Total Space | 279,38 Gb Free Space | 62,23% Space Free | Partition Type: NTFS Drive D: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: EGBERT-PC | User Name: egbert2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\egbert2\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option) ========== Modules (No Company Name) ========== MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\MP3 Player Utilities 4.00\AMVConverter\AmvTransform.dll () ========== Services (SafeList) ========== SRV - (HPSLPSVC) -- C:\Users\Egbert\AppData\Local\Temp\7zS7CEB\hpslpsvc32.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (GtDetectSc) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (atkdll14) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MpKsl4db8fe49) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4EF9426D-A521-462E-99A9-A6428C969C93}\MpKsl4db8fe49.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys () DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Win 7 DDK provider) DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV) DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.) DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2017346250-415655553-3160020650-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2017346250-415655553-3160020650-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2017346250-415655553-3160020650-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.08.15 11:57:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.19 23:47:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 14:10:08 | 000,000,000 | ---D | M] [2012.09.20 14:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\egbert2\AppData\Roaming\mozilla\Extensions [2012.08.26 21:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.26 21:00:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.18 21:23:49 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.17 13:29:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.18 21:23:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.17 13:29:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 13:29:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 13:29:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 13:29:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A844EF-7CA1-49A8-87E4-48C0127A5A6F}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3023DF92-7A00-45E7-9850-C872F329BA32}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9E8B041-8C2C-4362-83FF-EC28AFF8FE89}: DhcpNameServer = O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.20 17:32:38 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.20 16:47:57 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Roaming\Malwarebytes [2012.09.20 16:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.20 16:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.20 16:47:39 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.20 16:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.20 16:41:54 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\egbert2\Desktop\OTL.exe [2012.09.20 16:37:38 | 000,000,000 | ---D | C] -- C:\Users\egbert2\Desktop\scan Logfile [2012.09.20 15:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.20 14:49:35 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Roaming\WinRAR [2012.09.20 14:32:53 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Local\Macromedia [2012.09.20 14:29:31 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Roaming\Mozilla [2012.09.20 14:29:31 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Local\Mozilla [2012.09.20 01:58:14 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Roaming\Adobe [2012.09.20 01:49:52 | 000,000,000 | R--D | C] -- C:\Users\egbert2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.09.20 01:49:52 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Searches [2012.09.20 01:49:52 | 000,000,000 | R--D | C] -- C:\Users\egbert2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.09.20 01:49:43 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Roaming\Identities [2012.09.20 01:49:40 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Contacts [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Vorlagen [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\AppData\Local\Verlauf [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\AppData\Local\Temporary Internet Files [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Startmenü [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\SendTo [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Recent [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Netzwerkumgebung [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Lokale Einstellungen [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Documents\Eigene Videos [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Documents\Eigene Musik [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Eigene Dateien [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Documents\Eigene Bilder [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Druckumgebung [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Cookies [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\AppData\Local\Anwendungsdaten [2012.09.20 01:49:32 | 000,000,000 | -HSD | C] -- C:\Users\egbert2\Anwendungsdaten [2012.09.20 01:49:31 | 000,000,000 | --SD | C] -- C:\Users\egbert2\AppData\Roaming\Microsoft [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Videos [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Saved Games [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Pictures [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Music [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Links [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Favorites [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Downloads [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Documents [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\Desktop [2012.09.20 01:49:31 | 000,000,000 | R--D | C] -- C:\Users\egbert2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.09.20 01:49:31 | 000,000,000 | -H-D | C] -- C:\Users\egbert2\AppData [2012.09.20 01:49:31 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Local\Temp [2012.09.20 01:49:31 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Local\Microsoft [2012.09.20 01:49:31 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Roaming\Media Center Programs [2012.09.20 01:49:31 | 000,000,000 | ---D | C] -- C:\Users\egbert2\AppData\Roaming\Macromedia [2012.09.19 21:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.09.15 11:57:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.09.15 11:49:33 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard [2012.08.28 17:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF8502976D59C7A658D9F875EF7E [2012.08.26 21:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.08.26 21:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.08.26 21:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.08.26 21:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.08.26 21:00:16 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.08.26 21:00:16 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.08.26 21:00:16 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.08.26 20:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia [2012.08.26 18:39:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.08.26 18:39:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.08.26 18:39:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.08.26 18:39:55 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.08.26 18:39:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.08.26 18:39:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.08.26 18:39:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.08.26 18:38:18 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.08.26 18:38:06 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.08.26 18:38:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.20 17:47:36 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.20 17:32:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.09.20 17:08:58 | 000,028,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 17:08:58 | 000,028,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 16:47:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 16:42:01 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\egbert2\Desktop\OTL.exe [2012.09.20 15:45:55 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.20 15:45:55 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.20 15:45:55 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.20 15:45:55 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.20 14:29:16 | 000,013,744 | ---- | M] () -- C:\Users\egbert2\Desktop\firefox - Verknüpfung.lnk [2012.09.20 14:28:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.20 14:28:02 | 2411,929,600 | -HS- | M] () -- C:\hiberfil.sys [2012.09.19 21:44:36 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.28 17:01:59 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.28 17:01:59 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.08.27 00:30:59 | 000,339,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.20 16:47:47 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.20 14:29:16 | 000,013,744 | ---- | C] () -- C:\Users\egbert2\Desktop\firefox - Verknüpfung.lnk [2012.09.20 01:49:53 | 000,001,409 | ---- | C] () -- C:\Users\egbert2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.09.19 21:44:36 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.09.19 21:44:24 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.08.26 20:37:39 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2012.08.15 11:50:25 | 000,238,988 | ---- | C] () -- C:\Windows\hpwins26.dat [2012.01.16 15:04:30 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2012.01.10 14:23:31 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.12.26 23:21:37 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.12.26 23:21:35 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.12.26 23:21:35 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.12.26 23:21:34 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.12.19 08:07:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== Purity Check ========== < End of report > OTL Extras Code:
ATTFilter OTL Extras logfile created on: 20.09.2012 18:12:28 - Run 1 OTL by OldTimer - Version Folder = C:\Users\egbert2\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,34% Memory free 5,99 Gb Paging File | 5,00 Gb Available in Paging File | 83,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 448,97 Gb Total Space | 279,38 Gb Free Space | 62,23% Space Free | Partition Type: NTFS Drive D: | 7,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: EGBERT-PC | User Name: egbert2 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2017346250-415655553-3160020650-1004\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX "{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3 "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver "{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}" = 4500G510gm "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help "{E5083D57-D93F-404C-A91F-1C50D67C2BEB}" = HP Officejet 4500 G510g-m "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Cities XL" = Cities XL "Diablo III" = Diablo III "DivX Setup" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "FormatFactory" = FormatFactory 2.80 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "HP Document Manager" = HP Document Manager 2.0 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "HPOCR" = OCR Software by I.R.I.S. 13.0 "KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full) "Magic DVD Copier_is1" = Magic DVD Copier Version 5.0.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MPE" = MyPhoneExplorer "NCLauncher_GameForge" = NC Launcher (GameForge) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "Origin" = Origin "Secunia PSI" = Secunia PSI ( "Shop for HP Supplies" = Shop for HP Supplies "Steam App 201310" = X3: Albion Prelude "Steam App 2820" = X3: Terran Conflict "Steam App 91200" = Anomaly Warzone Earth "VLC media player" = VLC media player 2.0.2 "WinRAR archiver" = WinRAR "X3Reunion_is1" = X3 Reunion v2.5 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 29.08.2012 08:34:24 | Computer Name = Egbert-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 31.08.2012 07:07:29 | Computer Name = Egbert-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 31.08.2012 11:02:47 | Computer Name = Egbert-PC | Source = Application Hang | ID = 1002 Description = Programm avscan.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f38 Startzeit: 01cd87892d6fc3ec Endzeit: 0 Anwendungspfad: c:\program files\avira\antivir desktop\avscan.exe Berichts-ID: e3cf3245-f37c-11e1-9bf1-4e62c42ee658 Error - 31.08.2012 11:08:09 | Computer Name = Egbert-PC | Source = Application Hang | ID = 1002 Description = Programm avscan.exe, Version kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9cc Startzeit: 01cd8789f3fa2de3 Endzeit: 16 Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avscan.exe Berichts-ID: Error - 17.09.2012 05:19:03 | Computer Name = Egbert-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: unknown, Version:, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0094d441 ID des fehlerhaften Prozesses: 0x674 Startzeit der fehlerhaften Anwendung: 0x01cd94a4f9c308fc Pfad der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: unknown Berichtskennung: b8b3c10c-00a8-11e2-99ce-cac0fa59bbda Error - 17.09.2012 06:12:24 | Computer Name = Egbert-PC | Source = System Restore | ID = 8206 Description = Error - 17.09.2012 07:05:10 | Computer Name = Egbert-PC | Source = System Restore | ID = 8206 Description = Error - 17.09.2012 08:55:19 | Computer Name = Egbert-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.09.2012 16:55:13 | Computer Name = Egbert-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe". Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 19.09.2012 16:53:37 | Computer Name = Egbert-PC | Source = System Restore | ID = 8206 Description = [ System Events ] Error - 03.07.2012 07:34:56 | Computer Name = Egbert-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden. Error - 03.07.2012 07:40:04 | Computer Name = Egbert-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR8 gefunden. Error - 03.07.2012 08:36:06 | Computer Name = Egbert-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR17 gefunden. Error - 03.07.2012 08:36:07 | Computer Name = Egbert-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR17 gefunden. Error - 03.07.2012 08:36:08 | Computer Name = Egbert-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR17 gefunden. Error - 03.07.2012 14:26:59 | Computer Name = Egbert-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 03.07.2012 14:26:59 | Computer Name = Egbert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 01.08.2012 12:43:45 | Computer Name = Egbert-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error - 01.08.2012 12:43:45 | Computer Name = Egbert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 15.08.2012 12:23:29 | Computer Name = Egbert-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \...\DR4 gefunden. < End of report > Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe= # OnlineScanner.ocx= # api_version=3.0.2 # EOSSerial=9a721501c1f25747acfe600c4d31419b # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-09-20 01:28:51 # local_time=2012-09-20 03:28:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 66 94 56299 99778753 0 0 # compatibility_mode=8192 67108863 100 0 170 170 0 0 # scanned=236 # found=0 # cleaned=0 # scan_time=169 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe= # OnlineScanner.ocx= # api_version=3.0.2 # EOSSerial=9a721501c1f25747acfe600c4d31419b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-09-20 03:28:11 # local_time=2012-09-20 05:28:11 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 66 94 56558 99779012 0 0 # compatibility_mode=8192 67108863 100 0 429 429 0 0 # scanned=127539 # found=5 # cleaned=0 # scan_time=7070 C:\Program Files\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application (unable to clean) 00000000000000000000000000000000 I C:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe Win32/KillFiles.NEM trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Egbert\AppData\Local\Temp\274xrjzr2hjdw26n.exe a variant of Win32/Injector.WTD trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Egbert\AppData\Roaming\msconfig.dat a variant of Win32/Injector.WTD trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Egbert\Downloads\MyPhoneExplorer_Setup_1.8.2.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Datenbank Version: v2012.09.20.06 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 egbert2 :: EGBERT-PC [Administrator] 20.09.2012 18:20:17 mbam-log-2012-09-20 (19-29-34).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 326431 Laufzeit: 1 Stunde(n), 8 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Egbert\AppData\Local\Temp\274xrjzr2hjdw26n.exe (Trojan.Zbot) -> Keine Aktion durchgeführt. C:\Users\Egbert\AppData\Roaming\msconfig.dat (Trojan.Zbot) -> Keine Aktion durchgeführt. C:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe (Risktool.KillFiles) -> Keine Aktion durchgeführt. (Ende) Hoffe irgendwer kann mir helfen und danke jetzt schonmal! Achso und im Anhang befindet sich nen screen meiner laufenden Dienste! |
#2
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() wie entferne ich den Bundestrojaner? Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
#3
| ![]() wie entferne ich den Bundestrojaner? habe noch mal geschaut aber das ist die einzigste Logfile die ich habe
__________________ |
#4
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() wie entferne ich den Bundestrojaner? adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
#5
| ![]() wie entferne ich den Bundestrojaner? Hi Bitte nicht wundern wenn meine Antwort mit der logfile etwas später erfolgt bin das we und die ganze woche arbeiten und muss schauen wann ich das durchlaufen lassen kann Greetz |
#6
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() wie entferne ich den Bundestrojaner? Ist schon ok ![]() Ich seh ja wenn du wieder postest
__________________ --> wie entferne ich den Bundestrojaner? |
![]() |
Themen zu wie entferne ich den Bundestrojaner? |
.dll, 32 bit, autorun, avira, bho, downloader, error, fehler, firefox, flash player, format, gesperrt, helper, install.exe, mp3, neustart, nvidia, object, office 2007, officejet, origin, plug-in, problem, registry, registry cleaner, risktool.killfiles, rundll, scan, secunia psi, security, software, t-mobile, taskhost.exe, taskmanager, temp, win32/hacktool.cheatengine.ab, windows |