|
Log-Analyse und Auswertung: TR/ATRAPS Gen und TR/ATRAPS Gen2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.10.2012, 20:57 | #31 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS Gen und TR/ATRAPS Gen2 Also wurde der Benutzername doch nicht geändert! Zitat:
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
13.10.2012, 17:09 | #32 |
| TR/ATRAPS Gen und TR/ATRAPS Gen2 Nur um das klar zu stellen: Media ist weder mein Nutzername noch von dem anderen Nutzer, aber ich habe nichts geändert.
__________________Das Ergebnis vom Scan habe angehängt, gezippt. |
15.11.2012, 19:14 | #33 |
| TR/ATRAPS Gen und TR/ATRAPS Gen2 Es scheint zwar keine Antwort mehr zu kommen, aber ich wollte nochmal anmerken, dass Media kein Konto ist! Es ist ein leerer Ordner unter Benutzern, ich weiß nicht, wie er da hinkommt, da ja kein Benutzer so heißt.
__________________ |
15.11.2012, 22:10 | #34 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS Gen und TR/ATRAPS Gen2 Dein Beitrag ist untergegangen. Wenn ich nach drei Tagen nicht mehr antworte, hättest du ruhig eine Erinnerungsnachricht abschicken können und zwar hier => http://www.trojaner-board.de/72623-e...tml#post433038 Da jetzt vier Wochen verstrichen sind müssen wir nun fast von vorn beginnen Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
26.11.2012, 20:52 | #35 |
| TR/ATRAPS Gen und TR/ATRAPS Gen2 GMER: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-11-26 20:46:01 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11 Running: 8t834dfc.exe; Driver: C:\Users\Doreen\AppData\Local\Temp\ugloypod.sys ---- System - GMER 1.0.15 ---- SSDT 8AD4CB9E ZwCreateSection SSDT 8AD4CBA3 ZwSetContextThread SSDT 8AD4CB3F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 828ED8D8 4 Bytes [9E, CB, D4, 8A] {SAHF ; RETF ; AAM 0x8a} .text ntkrnlpa.exe!KeSetEvent + 56D 828EDC30 4 Bytes [A3, CB, D4, 8A] .text ntkrnlpa.exe!KeSetEvent + 621 828EDCE4 4 Bytes [3F, CB, D4, 8A] {AAS ; RETF ; AAM 0x8a} ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745D7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7461B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745DBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745CF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745D75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745CE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [746073F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [745DDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745CFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745CFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745C71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7465CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745FC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745CD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745C6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745C687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[520] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745D2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- und aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-26 20:55:38 ----------------------------- 20:55:38.960 OS Version: Windows 6.0.6002 Service Pack 2 20:55:38.960 Number of processors: 1 586 0xF0D 20:55:38.962 ComputerName: MEDIA-PC UserName: Doreen 20:56:09.925 Initialize success 21:21:24.508 AVAST engine defs: 12112600 21:28:19.970 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:28:20.066 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3 21:28:20.143 Disk 0 MBR read successfully 21:28:20.146 Disk 0 MBR scan 21:28:20.873 Disk 0 unknown MBR code 21:28:20.902 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63 21:28:21.002 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 142381 MB offset 20981760 21:28:21.047 Disk 0 scanning sectors +312578048 21:28:21.544 Disk 0 scanning C:\Windows\system32\drivers 21:30:11.445 Service scanning 21:31:12.178 Modules scanning 21:32:05.788 Disk 0 trace - called modules: 21:32:05.856 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys USBPORT.SYS usbuhci.sys 21:32:06.404 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85291ac8] 21:32:06.441 3 CLASSPNP.SYS[86b9d8b3] -> nt!IofCallDriver -> [0x842d8958] 21:32:06.447 5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84301030] 21:32:13.618 AVAST engine scan C:\Windows 21:32:51.692 AVAST engine scan C:\Windows\system32 21:46:04.648 AVAST engine scan C:\Windows\system32\drivers 21:46:43.139 AVAST engine scan C:\Users\Doreen 21:48:14.376 File: C:\Users\Doreen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O08GFWB8\contacts[1].exe **INFECTED** Win32:Banker-JYP [Trj] 22:19:26.667 File: C:\Users\Doreen\AppData\Roaming\AcroIEHelpe.dll **INFECTED** Win32:Stealer-AS [Trj] 22:32:38.335 AVAST engine scan C:\ProgramData 22:35:29.723 Scan finished successfully 20:34:52.955 Disk 0 MBR has been saved successfully to "C:\Users\Doreen\Desktop\MBR.dat" 20:34:53.837 The log file has been saved successfully to "C:\Users\Doreen\Desktop\aswMBR.txt" |
03.12.2012, 21:27 | #36 |
| TR/ATRAPS Gen und TR/ATRAPS Gen2 :-) |
04.12.2012, 11:58 | #37 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS Gen und TR/ATRAPS Gen2 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
05.12.2012, 20:14 | #38 |
| TR/ATRAPS Gen und TR/ATRAPS Gen2Code:
ATTFilter ComboFix 12-12-04.01 - Doreen 05.12.2012 19:52:37.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.49.1031.18.953.281 [GMT 1:00] ausgeführt von:: c:\users\Doreen\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\hpeB02E.dll c:\programdata\hpeE023.dll c:\users\Doreen\AppData\Roaming\AcroIEHelpe.txt c:\users\Doreen\AppData\Roaming\srvblck5.tmp c:\users\Doreen\Documents\~WRL3282.tmp c:\users\Media\AppData\Roaming\AcroIEHelpe.txt c:\users\Media\AppData\Roaming\srvblck2.tmp c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-05 bis 2012-12-05 )))))))))))))))))))))))))))))) . . 2012-12-05 19:04 . 2012-12-05 19:04 -------- d-----w- c:\users\Media\AppData\Local\temp 2012-12-05 19:04 . 2012-12-05 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-05 18:39 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F9325A5-91F7-4E2B-98B4-B9232473EFA5}\mpengine.dll 2012-11-18 20:39 . 2012-11-18 20:39 -------- d-----w- C:\ebf56067d7bf639be9948149 2012-11-15 19:17 . 2012-11-15 19:17 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-11-15 15:56 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-15 15:55 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-11-15 15:15 . 2012-11-15 15:15 -------- d-----w- c:\users\Doreen\AppData\Roaming\xmldm 2012-11-15 15:15 . 2012-11-15 15:15 -------- d-----w- c:\users\Doreen\AppData\Roaming\kock . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 15:21 . 2012-04-11 09:04 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 15:21 . 2011-05-29 17:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 18:54 . 2012-10-08 13:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-13 13:28 . 2012-10-10 18:58 2048 ----a-w- c:\windows\system32\tzres.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ICQ"="c:\users\Doreen\AppData\Roaming\ICQ\Application\ICQ7M\ICQ.exe" [2012-05-24 127040] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 768520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "RtHDVCpl"="RtHDVCpl.exe" [2008-06-27 6244896] "Skytel"="Skytel.exe" [2008-06-27 1826816] "WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-09 49152] "Ocs_SM"="c:\users\Media\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2009-09-01 102400] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-23 281768] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-12 37888] "NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2007-05-24 1226288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ FRITZ!DSL Startcenter.lnk - c:\program files\FRITZ!DSL\StCenter.exe [2012-4-9 651264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:21] . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 18:39] . 2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-20 18:39] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://www.google.de/ mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0209&m=e520 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - TCP: DhcpNameServer = 192.168.178.1 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file) HKLM-Run-eRecoveryService - (no file) AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe AddRemove-kikin Plugin (Murb.com Edition) - c:\program files\kikin\uninst.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-12-05 20:06 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Zeit der Fertigstellung: 2012-12-05 20:10:34 ComboFix-quarantined-files.txt 2012-12-05 19:10 . Vor Suchlauf: 11 Verzeichnis(se), 98.243.567.616 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 99.392.241.664 Bytes frei . - - End Of File - - CCB20919F9E2DF467DD5C3D8BD633CF3 |
06.12.2012, 09:49 | #39 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS Gen und TR/ATRAPS Gen2 adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
11.12.2012, 20:14 | #40 |
| TR/ATRAPS Gen und TR/ATRAPS Gen2Code:
ATTFilter # AdwCleaner v2.100 - Datei am 11/12/2012 um 20:11:46 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # Benutzer : Doreen - MEDIA-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Doreen\Desktop\adwcleaner(2).exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files\ICQ6Toolbar Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Iminent Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Profilname : default Datei : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\rffpgm2z.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v23.0.1271.95 Datei : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\Doreen\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1791 octets] - [11/12/2012 20:11:46] ########## EOF - C:\AdwCleaner[R1].txt - [1851 octets] ########## |
11.12.2012, 22:19 | #41 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS Gen und TR/ATRAPS Gen2 adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
12.12.2012, 18:11 | #42 |
| TR/ATRAPS Gen und TR/ATRAPS Gen2 ADW Code:
ATTFilter # AdwCleaner v2.100 - Datei am 12/12/2012 um 17:22:20 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # Benutzer : Doreen - MEDIA-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Doreen\Desktop\adwcleaner(2).exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files\ICQ6Toolbar Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Iminent Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Profilname : default Datei : C:\Users\Doreen\AppData\Roaming\Mozilla\Firefox\Profiles\rffpgm2z.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v23.0.1271.95 Datei : C:\Users\Media\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. Datei : C:\Users\Doreen\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1920 octets] - [11/12/2012 20:11:46] AdwCleaner[S1].txt - [1889 octets] - [12/12/2012 17:22:20] ########## EOF - C:\AdwCleaner[S1].txt - [1949 octets] ########## Code:
ATTFilter OTL logfile created on: 12.12.2012 17:34:31 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = c:\users\Doreen\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 953,27 Mb Total Physical Memory | 40,95 Mb Available Physical Memory | 4,30% Memory free 2,12 Gb Paging File | 0,55 Gb Available in Paging File | 25,71% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139,04 Gb Total Space | 92,36 Gb Free Space | 66,43% Space Free | Partition Type: NTFS Computer Name: MEDIA-PC | User Name: Doreen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\users\Doreen\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Users\Doreen\AppData\Roaming\ICQ\Application\ICQ7M\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Users\Media\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f180054226bb0e4b81bf9e675ddb137e\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d8a2c7e2c4526056f950f056acc82abf\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a7e47016d9e1981759ab048ff52aada5\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\55db37473556e6f27d7066669b3f75c3\System.Xml.ni.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MOD - C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\OutputLog.dll () MOD - C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll () MOD - C:\Programme\Launch Manager\PowerUtl.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SearchAnonymizer) -- C:\Users\Media\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (ETService) -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (StarOpen) -- File not found DRV - (SNPSTD3) -- system32\DRIVERS\snpstd3.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Doreen\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (gtstusbser) -- C:\Windows\System32\drivers\gtstusbser.sys (Option N.V.) DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018mgmt) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (s1018unic) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vb32&d=0209&m=e520 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-70479514-1888137538-4217867147-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-70479514-1888137538-4217867147-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-70479514-1888137538-4217867147-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-70479514-1888137538-4217867147-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-70479514-1888137538-4217867147-1001\..\SearchScopes\{DA77E750-D76A-46A5-B7A1-BB0CD2D4BDC1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW IE - HKU\S-1-5-21-70479514-1888137538-4217867147-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.1 FF - prefs.js..keyword.URL: "hxxp://go.web.de/br/moz_keyurl_search/?su=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Users\Doreen\AppData\Local\Mozilla Firefox\components [2012.10.28 18:49:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Users\Doreen\AppData\Local\Mozilla Firefox\plugins [2011.07.30 12:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doreen\AppData\Roaming\mozilla\Extensions [2012.10.23 18:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doreen\AppData\Roaming\mozilla\Firefox\Profiles\rffpgm2z.default\extensions [2012.10.08 21:36:53 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Doreen\AppData\Roaming\mozilla\Firefox\Profiles\rffpgm2z.default\extensions\ich@maltegoetz.de [2012.10.16 17:11:56 | 000,558,413 | ---- | M] () (No name found) -- C:\Users\Doreen\AppData\Roaming\mozilla\firefox\profiles\rffpgm2z.default\extensions\toolbar@web.de.xpi [2009.06.25 13:28:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.12 21:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.facebook.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Doreen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Doreen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Doreen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.12.05 20:06:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [Ocs_SM] C:\Users\Media\AppData\Roaming\OCS\SM\SearchAnonymizer.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\EMACHINES\WR_PopUp\WarReg_PopUp.exe (eMachines) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-70479514-1888137538-4217867147-1001..\Run: [ICQ] C:\Users\Doreen\AppData\Roaming\ICQ\Application\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-70479514-1888137538-4217867147-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-70479514-1888137538-4217867147-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-70479514-1888137538-4217867147-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A907963-B562-4664-8B3F-104CE01D1673}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF5F8409-3371-4EB4-8DFD-51A870FD39B5}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.05 20:10:39 | 000,000,000 | ---D | C] -- C:\Users\Doreen\AppData\Local\temp [2012.12.05 20:10:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.05 19:47:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.05 19:47:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.05 19:47:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.05 19:47:29 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.12.05 19:47:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.05 19:46:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.05 19:37:30 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\Doreen\Desktop\ComboFix.exe [2012.11.18 21:39:49 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.18 21:39:05 | 000,000,000 | ---D | C] -- C:\ebf56067d7bf639be9948149 [2012.11.18 21:22:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.18 21:22:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.18 21:22:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.18 21:22:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.18 21:22:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.18 21:22:13 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.18 21:22:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.18 21:22:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.15 20:17:43 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.15 16:56:16 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.15 16:55:42 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.15 16:15:52 | 000,000,000 | ---D | C] -- C:\Users\Doreen\AppData\Roaming\xmldm [2012.11.15 16:15:50 | 000,000,000 | ---D | C] -- C:\Users\Doreen\AppData\Roaming\kock ========== Files - Modified Within 30 Days ========== [2012.12.12 17:29:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.12 17:28:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.12.12 17:28:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.12 17:28:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.12 17:28:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.12 17:27:22 | 1000,366,080 | -HS- | M] () -- C:\hiberfil.sys [2012.12.12 17:21:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.12 17:16:33 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.11 20:22:40 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.11 20:22:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.11 20:10:19 | 000,545,819 | ---- | M] () -- C:\Users\Doreen\Desktop\adwcleaner(2).exe [2012.12.05 20:06:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.12.05 19:37:40 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\Doreen\Desktop\ComboFix.exe [2012.12.03 19:57:17 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.03 19:57:17 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.03 19:57:17 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.03 19:57:17 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.02 22:58:34 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.27 20:34:53 | 000,000,512 | ---- | M] () -- C:\Users\Doreen\Desktop\MBR.dat [2012.11.18 21:48:02 | 000,405,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.15 20:17:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.15 19:11:18 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 19:09:40 | 000,000,016 | ---- | M] () -- C:\Users\Doreen\AppData\Roaming\blckdom.res ========== Files Created - No Company Name ========== [2012.12.11 20:09:43 | 000,545,819 | ---- | C] () -- C:\Users\Doreen\Desktop\adwcleaner(2).exe [2012.12.05 19:47:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.05 19:47:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.05 19:47:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.05 19:47:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.05 19:47:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.27 20:34:52 | 000,000,512 | ---- | C] () -- C:\Users\Doreen\Desktop\MBR.dat [2012.11.15 16:16:19 | 000,000,016 | ---- | C] () -- C:\Users\Doreen\AppData\Roaming\blckdom.res [2012.08.04 19:37:01 | 003,362,513 | ---- | C] () -- C:\Users\Doreen\Alexandra Stan - Lemonade (OFFICIAL MUSIC VIDEO).mp3 [2012.07.11 10:22:15 | 000,030,582 | ---- | C] () -- C:\Users\Doreen\.recently-used.xbel [2012.06.04 19:26:11 | 000,000,680 | ---- | C] () -- C:\Users\Doreen\AppData\Local\d3d9caps.dat [2011.08.09 11:12:08 | 000,010,240 | ---- | C] () -- C:\Users\Doreen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.31 18:31:13 | 000,024,063 | ---- | C] () -- C:\Users\Doreen\bild.jpg [2009.12.10 21:39:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.01 17:59:10 | 000,007,095 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini ========== ZeroAccess Check ========== [2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
13.12.2012, 13:51 | #43 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS Gen und TR/ATRAPS Gen2Fixen mit OTL
Code:
ATTFilter :OTL FF - prefs.js..keyword.URL: "http://go.web.de/br/moz_keyurl_search/?su=" FF - user.js - File not found :Files C:\ebf56067d7bf639be9948149 C:\Users\Doreen\AppData\Roaming\xmldm C:\Users\Doreen\AppData\Roaming\kock C:\Users\Doreen\AppData\Roaming\UAs C:\Users\Doreen\Desktop\MBR.dat C:\Users\Doreen\AppData\Roaming\blckdom.res ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
13.12.2012, 21:13 | #44 |
| TR/ATRAPS Gen und TR/ATRAPS Gen2Code:
ATTFilter All processes killed ========== OTL ========== Prefs.js: "hxxp://go.web.de/br/moz_keyurl_search/?su=" removed from keyword.URL ========== FILES ========== C:\ebf56067d7bf639be9948149\Graphics folder moved successfully. C:\ebf56067d7bf639be9948149\3082 folder moved successfully. C:\ebf56067d7bf639be9948149\3076 folder moved successfully. C:\ebf56067d7bf639be9948149\2070 folder moved successfully. C:\ebf56067d7bf639be9948149\2052 folder moved successfully. C:\ebf56067d7bf639be9948149\1055 folder moved successfully. C:\ebf56067d7bf639be9948149\1053 folder moved successfully. C:\ebf56067d7bf639be9948149\1049 folder moved successfully. C:\ebf56067d7bf639be9948149\1046 folder moved successfully. C:\ebf56067d7bf639be9948149\1045 folder moved successfully. C:\ebf56067d7bf639be9948149\1044 folder moved successfully. C:\ebf56067d7bf639be9948149\1043 folder moved successfully. C:\ebf56067d7bf639be9948149\1042 folder moved successfully. C:\ebf56067d7bf639be9948149\1041 folder moved successfully. C:\ebf56067d7bf639be9948149\1040 folder moved successfully. C:\ebf56067d7bf639be9948149\1038 folder moved successfully. C:\ebf56067d7bf639be9948149\1037 folder moved successfully. C:\ebf56067d7bf639be9948149\1036 folder moved successfully. C:\ebf56067d7bf639be9948149\1035 folder moved successfully. C:\ebf56067d7bf639be9948149\1033 folder moved successfully. C:\ebf56067d7bf639be9948149\1032 folder moved successfully. C:\ebf56067d7bf639be9948149\1031 folder moved successfully. C:\ebf56067d7bf639be9948149\1030 folder moved successfully. C:\ebf56067d7bf639be9948149\1029 folder moved successfully. C:\ebf56067d7bf639be9948149\1028 folder moved successfully. C:\ebf56067d7bf639be9948149\1025 folder moved successfully. C:\ebf56067d7bf639be9948149 folder moved successfully. C:\Users\Doreen\AppData\Roaming\xmldm folder moved successfully. C:\Users\Doreen\AppData\Roaming\kock folder moved successfully. File\Folder C:\Users\Doreen\AppData\Roaming\UAs not found. C:\Users\Doreen\Desktop\MBR.dat moved successfully. C:\Users\Doreen\AppData\Roaming\blckdom.res moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. c:\users\Doreen\Downloads\cmd.bat deleted successfully. c:\users\Doreen\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Doreen ->Temp folder emptied: 2947353 bytes ->Temporary Internet Files folder emptied: 2387723 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 599354796 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 29712 bytes User: Media ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2758101 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 6320510 bytes ->Flash cache emptied: 506 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 19702 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 585,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 12132012_201807 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... |
14.12.2012, 09:34 | #45 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS Gen und TR/ATRAPS Gen2 Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/ATRAPS Gen und TR/ATRAPS Gen2 |
absolut, ahnung, amerika, andere, anderen, angemeldet, antivir, benachrichtigung, benutzer, dateien, erste mal, funktioniert, gen, helft, hoffe, infiziert, löschen, nachricht, namen, nicht öffnen, programm, quarantäne, rojaner gefunden, troja, trojaner, verzweifelt, virenprogramm, wirklich, öffnen |