|
Plagegeister aller Art und deren Bekämpfung: TR/Spy.Banker.Gen8Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.11.2012, 21:53 | #16 |
| TR/Spy.Banker.Gen8 Hätte ich Avira auch schließen müssen? Kurz vorm Neustart kam noch die Meldung, dass Zugriff auf Host-Datei verhindert wurde?! Code:
ATTFilter All processes killed ========== FILES ========== C:\ProgramData\xlyzzfsifuliryl moved successfully. C:\Users\Matthias\AppData\Roaming\blckdom.res moved successfully. C:\Users\Matthias\AppData\Roaming\8wrvuf1v.default.dat moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. c:\Users\Matthias\Desktop\Downloads\Downloads\cmd.bat deleted successfully. c:\Users\Matthias\Desktop\Downloads\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Matthias ->Temp folder emptied: 75499 bytes ->Temporary Internet Files folder emptied: 28491055 bytes ->Java cache emptied: 18968470 bytes ->FireFox cache emptied: 110335515 bytes ->Flash cache emptied: 545 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 85576 bytes RecycleBin emptied: 23552 bytes Total Files Cleaned = 151,00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. Error: Unble to create default HOSTS file! OTL by OldTimer - Version 3.2.69.0 log created on 11222012_214807 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
23.11.2012, 10:28 | #17 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8 Eine Kontrolle mit OTL bitte:
__________________
__________________ |
23.11.2012, 23:41 | #18 |
| TR/Spy.Banker.Gen8 OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 23.11.2012 23:32:19 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Matthias\Desktop\Downloads\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,45% Memory free 6,20 Gb Paging File | 5,01 Gb Available in Paging File | 80,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 454,04 Gb Total Space | 320,91 Gb Free Space | 70,68% Space Free | Partition Type: NTFS Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ASUS | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04078877-F5BE-49DD-9BDF-B9315132F802}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{09AD532A-F7EC-4E6F-AEB4-F6781B66AAA7}" = rport=445 | protocol=6 | dir=out | app=system | "{14F58B5B-4986-4E53-B5CD-A4742344D3C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{393F852D-8E6C-42BF-AFF9-411FB111E29F}" = lport=137 | protocol=17 | dir=in | app=system | "{537FCEA0-F486-4A43-A717-793673726859}" = rport=139 | protocol=6 | dir=out | app=system | "{5534C1B2-CBDC-4763-8CA6-BFC02F375102}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{5E4D1627-5508-422F-93A9-BDB72F52FE74}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8143224F-0E93-499D-BAFC-1E002DA635F5}" = lport=139 | protocol=6 | dir=in | app=system | "{9E25230E-1AF7-4CC7-8903-8067D0354022}" = lport=138 | protocol=17 | dir=in | app=system | "{9E523F24-81BE-42C5-9EB1-3069EDD64AD8}" = lport=445 | protocol=6 | dir=in | app=system | "{A531754D-DAA9-4A74-B7B3-22DFC0DC0857}" = rport=137 | protocol=17 | dir=out | app=system | "{EDAB9B74-9BFB-4D27-B69E-3EB08B95B646}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A5F9D15-2C26-4D6F-A0FB-B0E142759E94}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{2032790A-ED30-44D2-A0AA-C05C0C9F5660}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{285FD47C-449E-4AC4-B0FC-217F481CF715}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{331F0D39-28A8-46D9-930B-3E1DE9A58BFF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{344DE76B-18D0-4691-9EFC-C1C8CA6B6973}" = protocol=17 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe | "{3ED69CEA-693E-4350-881F-05C0FB6C0056}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "{4DCEDE9F-2D53-42B9-84C4-2AFABAF319E7}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "{50B5FB6C-E96C-4F83-A22E-D4BD583EAEAC}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "{5639AC6B-7999-4446-AA42-95F03D72F5ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe | "{79921021-1A30-479D-814A-E2EC7C8D38C2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{7E2E3297-1C3C-4AC0-88D4-54B5EF9C35BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office 2010\office14\groove.exe | "{987ED4CC-1B4F-45A2-9F7E-BD2C09F918CE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{B3A551DB-E1C9-456F-87EC-B4AB69B53336}" = protocol=6 | dir=in | app=c:\users\matthias\appdata\roaming\dropbox\bin\dropbox.exe | "{B69F190B-21DD-4D0D-B9AB-88F6F9F79D97}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "{CF8359D0-3D32-4E86-A493-2B6B9C0EF24D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D3CA8C25-ABD2-49E8-913B-0A28FC2D0F71}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe | "{DD9FF5F9-DFAB-4AB7-8171-E963F3BEDB45}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe | "{E15C28A9-98E9-4C7E-BE41-EFD75CA3C03E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "TCP Query User{002D993B-38DC-4B9E-AB25-3E6FD84D127D}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe | "TCP Query User{1F27EDA3-0F8B-4EEF-9803-3871A0A1A0A5}C:\games\pes2012.exe" = protocol=6 | dir=in | app=c:\games\pes2012.exe | "TCP Query User{E92E9DBA-9CB3-475A-9BBF-2E562DB970FE}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{24A920A2-5B5E-498E-9E09-F545BF456F01}C:\games\pes2012.exe" = protocol=17 | dir=in | app=c:\games\pes2012.exe | "UDP Query User{A53E2580-579B-4471-8314-0BF87B97A03D}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{B0E180BB-74E6-44DF-8555-CFD12C7BCDA0}C:\program files\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2013\pes2013.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.4.6052 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate "{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM) "{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2 "{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR "{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM) "{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM) "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03 "{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey "{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2 "{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FC86590-AC98-4845-80D4-3EB37B51947B}" = Nero 11 "{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1 "{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples "{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2 "{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4 "{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1 "{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM) "{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3 "{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM) "{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11 "{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012 "{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic "{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM) "{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11 "1&1 Mail & Media GmbH Toolbar FF" = WEB.DE MailCheck für Mozilla Firefox "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "DAEMON Tools Lite" = DAEMON Tools Lite "Digital Editions" = Adobe Digital Editions "EPSON SX510W Series" = Druckerdeinstallation für EPSON SX510W Series "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "SopCast" = SopCast 3.5.0 "SynTPDeinstKey" = Synaptics Pointing Device Driver "USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.11.2012 13:26:32 | Computer Name = ASUS | Source = WinMgmt | ID = 10 Description = Error - 15.11.2012 14:09:27 | Computer Name = ASUS | Source = WinMgmt | ID = 10 Description = Error - 15.11.2012 15:17:36 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung dqvfnd8d.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, fehlerhaftes Modul dqvfnd8d.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0xc50, Anwendungsstartzeit 01cdc36547f2cc4d. Error - 15.11.2012 15:21:03 | Computer Name = ASUS | Source = WinMgmt | ID = 10 Description = Error - 15.11.2012 15:29:30 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, fehlerhaftes Modul wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x132c, Anwendungsstartzeit 01cdc3667e81f8f3. Error - 15.11.2012 15:34:52 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, fehlerhaftes Modul wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x1300, Anwendungsstartzeit 01cdc367a2973a13. Error - 15.11.2012 15:39:17 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, fehlerhaftes Modul wv05wrbt.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x16cc, Anwendungsstartzeit 01cdc36872069703. Error - 15.11.2012 15:51:45 | Computer Name = ASUS | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung gmer.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, fehlerhaftes Modul gmer.exe, Version 1.0.15.15641, Zeitstempel 0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676, Prozess-ID 0x1794, Anwendungsstartzeit 01cdc369ecd61593. Error - 15.11.2012 15:55:43 | Computer Name = ASUS | Source = WinMgmt | ID = 10 Description = Error - 15.11.2012 16:02:24 | Computer Name = ASUS | Source = Perflib | ID = 1010 Description = [ System Events ] Error - 21.11.2012 05:23:34 | Computer Name = ASUS | Source = DCOM | ID = 10016 Description = Error - 21.11.2012 05:23:58 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 21.11.2012 07:54:37 | Computer Name = ASUS | Source = Service Control Manager | ID = 7011 Description = Error - 22.11.2012 15:59:35 | Computer Name = ASUS | Source = DCOM | ID = 10016 Description = Error - 22.11.2012 15:59:36 | Computer Name = ASUS | Source = DCOM | ID = 10016 Description = Error - 22.11.2012 16:00:14 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = Error - 22.11.2012 16:48:07 | Computer Name = ASUS | Source = Service Control Manager | ID = 7034 Description = Error - 22.11.2012 16:51:15 | Computer Name = ASUS | Source = DCOM | ID = 10016 Description = Error - 22.11.2012 16:51:16 | Computer Name = ASUS | Source = DCOM | ID = 10016 Description = Error - 22.11.2012 16:51:41 | Computer Name = ASUS | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001 Description = < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.11.2012 23:32:19 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Matthias\Desktop\Downloads\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,45% Memory free 6,20 Gb Paging File | 5,01 Gb Available in Paging File | 80,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 454,04 Gb Total Space | 320,91 Gb Free Space | 70,68% Space Free | Partition Type: NTFS Drive D: | 6,07 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ASUS | User Name: Matthias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avnotify.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - c:\Users\Matthias\Desktop\Downloads\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\Wireless Console 2\wcourier.exe () PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll () MOD - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () MOD - C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office 2010\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe () SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Matthias\AppData\Local\Temp\catchme.sys File not found DRV - (ASUSProcObsrv) -- D:\I386\AsProcOb.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. ) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com/ IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Matthias\AppData\Roaming\16001.010 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 13:12:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.29 10:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions [2012.11.14 20:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions [2012.10.31 22:38:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\8wrvuf1v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.09.22 17:34:55 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\DivXWebPlayer@divx.com.xpi [2012.11.14 20:42:58 | 000,565,762 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\toolbar@web.de.xpi [2012.07.27 16:27:22 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.14 20:43:05 | 000,002,273 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\englische-ergebnisse.xml [2012.11.14 20:43:05 | 000,010,563 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\gmx-suche.xml [2012.11.14 20:43:05 | 000,002,432 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\lastminute.xml [2012.11.14 20:43:05 | 000,005,545 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\mozilla\firefox\profiles\8wrvuf1v.default\searchplugins\webde-suche.xml [2012.10.28 13:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.10.28 13:12:36 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.28 10:33:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.20 23:11:41 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe () O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000..\Run: [EPSON] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3828175926-1959102714-3155801051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9215ADB6-5E01-4E39-A131-6199B19897DE}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF83EC1F-8E10-4E5C-9187-E3EACC26DD97}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg O24 - Desktop BackupWallPaper: C:\Windows\ASUS\wallpapers\ASUS.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,348,080 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - D:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2012.08.13 19:01:35 | 000,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.22 22:22:13 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{8586E03B-9083-462F-BC06-CAFC5653218E} [2012.11.22 21:48:07 | 000,000,000 | ---D | C] -- C:\_OTL [2012.11.20 23:14:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.20 23:13:59 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.20 23:13:59 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\temp [2012.11.20 23:02:40 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.11.20 19:32:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.20 19:32:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.20 19:32:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.20 19:32:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.20 19:32:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.20 19:29:44 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe [2012.11.19 21:16:53 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe [2012.11.19 20:55:35 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe [2012.11.15 18:39:53 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes [2012.11.15 18:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.15 18:39:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.15 18:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.15 18:30:48 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Avira [2012.11.15 18:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.11.15 18:14:12 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.15 18:14:12 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.15 18:14:12 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.15 18:14:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.11.15 18:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.11.14 21:06:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.14 21:06:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.14 21:06:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.14 21:06:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.14 21:06:23 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.14 21:06:23 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.14 21:06:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.14 21:06:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.14 21:03:10 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.14 21:03:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.04 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\Matthias\Documents\My Digital Editions [2012.11.04 22:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck [2012.11.01 17:21:50 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{D189FE92-C8F3-4072-8A9F-92BD6EA1CBD6} [2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.10.31 23:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.10.29 18:17:17 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{972C01DF-9F01-4A56-A85B-6BDE1BBC6043} [2012.10.28 21:54:01 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{542AE0FF-F127-43E8-9153-C0F5F62DA466} [2012.10.28 14:08:35 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Media Player Classic [2012.10.28 14:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC [2012.10.28 14:07:43 | 000,000,000 | ---D | C] -- C:\Program Files\MPC-HC [2012.10.28 13:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.27 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{E94F5910-A87C-41EB-A181-8D35A4406D29} [2012.10.27 13:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matthias\dwhelper [2012.10.25 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Local\{7FE135B6-DB31-44A3-9037-3B73CBD0E488} ========== Files - Modified Within 30 Days ========== [2012.11.23 23:28:46 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.11.23 23:28:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.23 23:28:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.23 23:28:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.23 23:28:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.22 21:54:33 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.22 21:54:33 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.22 21:54:33 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.22 21:54:33 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.22 21:50:05 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys [2012.11.22 21:48:56 | 000,003,067 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.11.22 19:17:59 | 000,543,531 | ---- | M] () -- C:\Users\Matthias\Desktop\adwcleaner.exe [2012.11.21 17:22:45 | 000,028,124 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.11.20 23:11:41 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.11.20 19:30:06 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\Matthias\Desktop\ComboFix.exe [2012.11.19 21:16:56 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthias\Desktop\tdsskiller.exe [2012.11.19 21:15:24 | 000,000,512 | ---- | M] () -- C:\Users\Matthias\Desktop\MBR.dat [2012.11.19 20:56:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Matthias\Desktop\aswMBR.exe [2012.11.16 16:49:34 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2012.11.16 16:49:34 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2012.11.16 16:49:34 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2012.11.15 21:48:29 | 000,037,186 | ---- | M] () -- C:\Users\Matthias\Desktop\gmer.7z [2012.11.15 21:47:57 | 000,352,680 | ---- | M] () -- C:\Users\Matthias\Desktop\gmer.zip [2012.11.15 19:33:55 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable [2012.11.15 18:39:41 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 18:14:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 21:20:03 | 000,251,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.14 16:25:46 | 000,000,680 | ---- | M] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2012.10.28 14:07:45 | 000,001,677 | ---- | M] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk ========== Files Created - No Company Name ========== [2012.11.22 19:17:58 | 000,543,531 | ---- | C] () -- C:\Users\Matthias\Desktop\adwcleaner.exe [2012.11.20 19:32:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.20 19:32:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.20 19:32:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.20 19:32:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.20 19:32:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.19 21:15:24 | 000,000,512 | ---- | C] () -- C:\Users\Matthias\Desktop\MBR.dat [2012.11.15 21:48:28 | 000,037,186 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer.7z [2012.11.15 20:46:26 | 000,302,592 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer.exe [2012.11.15 20:45:06 | 000,352,680 | ---- | C] () -- C:\Users\Matthias\Desktop\gmer.zip [2012.11.15 19:33:55 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable [2012.11.15 18:39:41 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.15 18:14:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.11.14 22:35:59 | 3220,295,680 | -HS- | C] () -- C:\hiberfil.sys [2012.10.28 14:07:45 | 000,001,677 | ---- | C] () -- C:\Users\Matthias\Desktop\MPC-HC.lnk [2012.09.05 19:44:39 | 000,004,608 | ---- | C] () -- C:\Users\Matthias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.05.01 19:00:04 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.05.01 11:58:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.05.01 11:58:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.04.28 15:48:15 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012.04.28 15:41:42 | 000,028,124 | ---- | C] () -- C:\ProgramData\nvModes.dat [2012.04.28 08:48:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.04.28 01:05:46 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2012.04.28 00:19:37 | 000,003,067 | ---- | C] () -- C:\Windows\bthservsdp.dat [2012.04.27 21:48:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2012.04.27 21:32:23 | 001,772,544 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2012.04.27 21:32:23 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2012.04.27 21:32:23 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2012.04.27 21:32:23 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.04.27 15:47:06 | 000,000,680 | ---- | C] () -- C:\Users\Matthias\AppData\Local\d3d9caps.dat [2012.03.28 21:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.03.28 21:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.03.28 21:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.03.28 21:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.03.28 21:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
26.11.2012, 13:08 | #19 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8 Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
27.11.2012, 14:50 | #20 |
| TR/Spy.Banker.Gen8Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.26.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Matthias :: ASUS [Administrator] 27.11.2012 14:44:34 mbam-log-2012-11-27 (14-44-34).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197549 Laufzeit: 5 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
27.11.2012, 15:50 | #21 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8Zitat:
__________________ --> TR/Spy.Banker.Gen8 |
27.11.2012, 16:06 | #22 |
| TR/Spy.Banker.Gen8 Hatte ich meiner Meinung nach gemacht ... Mache nochmal nen neuen Scan und poste danach umgehend! Sorry! |
27.11.2012, 16:19 | #23 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8 Geht ja auch schnell ein Quickscan
__________________ Logfiles bitte immer in CODE-Tags posten |
27.11.2012, 18:26 | #24 |
| TR/Spy.Banker.Gen8 Leider hat der ESET ne ganze Weile gedauert und hat auch tatsächlich was gefunden Log`s hängen dran ... Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.27.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Matthias :: ASUS [Administrator] 27.11.2012 16:19:19 mbam-log-2012-11-27 (16-19-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197659 Laufzeit: 4 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=99f33e608d31214ebdfdbc498212ba9b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-27 05:24:29 # local_time=2012-11-27 06:24:29 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1792 16777215 100 0 1035103 1035103 0 0 # compatibility_mode=5892 16776574 100 100 1112680 191563874 0 0 # compatibility_mode=8192 67108863 100 0 3788 3788 0 0 # scanned=143350 # found=2 # cleaned=0 # scan_time=5922 C:\Qoobox\Quarantine\C\ProgramData\qlquqeaxzjyjgnv\main.html.vir HTML/Ransom.B trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_windows-live-messenger-2011.exe Win32/SoftonicDownloader.D application (unable to clean) 00000000000000000000000000000000 I |
27.11.2012, 19:47 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8Code:
ATTFilter C:\Users\Matthias\Downloads\SoftonicDownloader_fuer_windows-live-messenger-2011.exe Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller oder von Filepony aber nicht von solchen Toolbarklitschen wie Softonic! Sieht sonst soweit ok aus, der andere Fund ist nur ein Objekt in der Q von Combofix Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
27.11.2012, 22:57 | #26 |
| TR/Spy.Banker.Gen8 Also lösche ich die o.g. Softonic...exe einfach aus dem entsprechenden Ordner und dann ist auch das Problem verschwunden?! Davon abgesehen ist alles in Butter - soweit ich das sehe An dieser Stelle vielen Dank für die kompetente und vor allem schnelle Hilfe. Gebe zu - habe nicht jeden Schritt genau geschnallt bzw. wäre ich allein aufgeschmissen gewesen aber schön, dass es Leute wie dich gibt, die ihr Wissen zur Verfügung stellen. Also bitte nur noch die Softonic-Frage beantworten und nochmal vielen Dank!!! |
27.11.2012, 23:34 | #27 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | TR/Spy.Banker.Gen8Zitat:
Dann wären wir durch! Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen: Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu TR/Spy.Banker.Gen8 |
7-zip, adobe, autorun, avira, backdoor.agent, defender, desktop, dllhost.exe, error, excel, flash player, format, home, iexplore.exe, install.exe, logfile, mozilla, ntdll.dll, plug-in, realtek, registry, rundll, scan, security, software, trojan.banker, udp, usb, vista, wallpapers |