|
Plagegeister aller Art und deren Bekämpfung: Dringend! Trojaner und Online-Banking!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.11.2012, 18:13 | #1 |
| Dringend! Trojaner und Online-Banking! Hallo zusammen! Ich habe heute einen richtigen Schock bekommen, jedoch ist mir gerade erst aufgefallen, was seit heute morgen alles los war... Da ich eine absolute Computer-Niete bin, hoffe ich, ihr könnt mir weiterhelfen! Ich beschreibe einfach mal die heutigen Vorkommnisse: Heute morgen wollte ich eine CD mit Fotos brennen, die ich auf meinem Iphone gespeichert (und dort auch fotografiert hatte). Als ich das Iphone am Laptop angesteckt habe, hat dieser es nicht sofort erkannt. Es kam die Standardmeldung "Gerätetreibersoftware wird installiert". Normalerweise geht es ja danach, allerdings kam diesmal eine Meldung, dass ich das System neu starten muss. Gesagt - getan. Ich habe das Iphone wieder angesteckt, es wurde erkannt, und auf einmal kam auf dem Iphone eine Meldung "1 Hotspot Verbindung aktiv" oder so. Das ist mir schon ziemlich komisch vorgekommen... Ich meine, man muss ja trotzdem das vom Iphone festgelegte Passwort eingeben, um eine Hotspotverbindung zu ermöglichen... Jedenfalls habe ich diese Verbindung sofort getrennt. Am Nachmittag wollte ich dann (zu Hause, WLAN) über meine Bank-App am Iphone auf mein Onlinebanking zugreifen. Nach Eingabe der Daten kam eine Meldung "Um diese App weiterhin in vollem Umfang (oder ähnlich) nutzen zu können, melden sie sich bitte beim Onlinebanking an." Dies habe ich natürlich NICHT vom Handy aus getan, sondern bin dafür wieder an den Laptop gegangen. Als ich meine Bankdaten eingegeben habe, kam die Meldung, dass die PIN falsch ist. Gut - ich habe halt kalte Finger. Nochmal eingetippt - falsch. Gut, ich habe mich vertippt. Nochmal eingegeben - für 30 Minuten gesperrt. Ich wollte keine Panik machen und habe die 30 Minuten gewartet. Danach hab ich es nochmals versucht - endgültig gesperrt. Bin dann sofort zur Bank gefahren, um den Vorfall zu melden, weil es mir doch ziemlich spanisch vorgekommen ist. Der Bankberater hat sich mein Konto angesehen (was leider auch überzogen ist), und es als Softwarefehler abgetan. Er meinte weiterhin, dass es auch sein kann, dass die Bank das Konto wegen der Überziehung gesperrt hat, was aber eigentlich nicht sein dürfte, da ich einen regelmäßigen Zahlungseingang habe und natürlich fleißig Zinsen für den Dispo zahle ;-) Nun ist es also so, dass mein Onlinebanking für ca. 2 Wochen (bis die neue PIN eintrifft) gesperrt ist. Ist ja auch gut so, damit kann ich leben. Aber: kommt euch die Sache nicht auch komisch vor? Kann das ein Trojaner/Virus sein? Auf dem Handy oder auf dem Laptop? Welches Programm kann Abhilfe schaffen? Vielen Dank für eure Hilfe!!! Newbie PS: Ich habe weder auf irgendeinen faulen Link geklickt noch irgendwo meine Handynummer oder Sonstiges eingegeben... Handy und Laptop habe ich getrennt verwendet, lediglich die gleiche Internetverbindung verbindet die Beiden ;-( |
21.11.2012, 10:41 | #2 |
/// the machine /// TB-Ausbilder | Dringend! Trojaner und Online-Banking! Hi,
__________________schaun mer mal Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s %windir%\installer\*. /5 %localappdata%\*. /5 CREATERESTOREPOINT
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Irgendwelche Sachen mit dem Iphone angeklickt/installiert?
__________________ |
21.11.2012, 10:57 | #3 |
| Dringend! Trojaner und Online-Banking! Hallo!
__________________Danke für die Antwort! Ich lasse gerade Malwarebytes drüberlaufen (bereits seit über 16 Stunden) Soll ich das abbrechen und gleich deinen Rat befolgen oder es noch weiter laufen lassen? Am Smartphone hab ich gar nix gemacht... Weder irgendwelche seltsamen Emails geöffnet noch auf irgendwelche Links geklickt... Wie gesagt, ins Konto bin ich über die App gar nicht erst reingekommen. Wenn die Bank allerdings einen Trojaner festgestellt hätte, hätte sie doch das Konto gleich gesperrt... Ich musste allerdings erst dreimal die "falsche" PIN eingeben... Komisch oder? Weißt du zufällig wie diese komische Hotspotverbindung zustande gekommen sein könnte? Liebe Grüße! |
21.11.2012, 11:54 | #4 |
/// the machine /// TB-Ausbilder | Dringend! Trojaner und Online-Banking! Nein weiss ich leider nicht. Malwarebytes abbrechen und bitte die Anleitung abarbeiten
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.11.2012, 12:50 | #5 |
| Dringend! Trojaner und Online-Banking! Hi! Also, der Malwarebytes-Scan hat nix gefunden. Hier die Log-Dateien Extras.txt Code:
ATTFilter OTL Extras logfile created on: 21.11.2012 12:09:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Verena\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,74% Memory free 6,16 Gb Paging File | 5,18 Gb Available in Paging File | 84,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 207,50 Gb Total Space | 80,32 Gb Free Space | 38,71% Space Free | Partition Type: NTFS Drive D: | 25,37 Gb Total Space | 12,52 Gb Free Space | 49,35% Space Free | Partition Type: FAT32 Computer Name: VERENA-PC | User Name: Verena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{C3112064-E705-4531-8B30-60FB9A4669CB}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{028C8A2C-7923-4C1B-8BA6-51884B950A05}" = dir=in | app=c:\program files\itunes\itunes.exe | "{2F40F4C9-94D2-43AE-AA50-EBF426C772CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{332DD0BA-84B9-4DC4-9D01-E80D7F68822C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{BB4BC757-B804-474F-912F-19FD6E8587AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite MFC-255CW "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9 "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80 "Avira AntiVir Desktop" = Avira Free Antivirus "CdCoverCreator" = CdCoverCreator 2.5.3 "Druckschriften Süd_is1" = Pelikan Schulschriften "HDMI" = Intel(R) Graphics Media Accelerator Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities 2011" = TuneUp Utilities 2011 "VLC media player" = VLC media player 2.0.3 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.11.2012 06:56:37 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 11:56:37.753]: [00001956]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6893B89] Error Error - 21.11.2012 06:57:07 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 11:57:07.799]: [00001956]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6893B89] Error Error - 21.11.2012 06:57:49 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 11:57:49.217]: [00001956]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error - 21.11.2012 06:57:49 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 11:57:49.310]: [00001956]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6893B89] Error Error - 21.11.2012 06:58:19 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 11:58:19.356]: [00001956]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6893B89] Error Error - 21.11.2012 06:58:59 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 11:58:59.074]: [00001956]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error - 21.11.2012 06:58:59 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 11:58:59.167]: [00001956]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6893B89] Error Error - 21.11.2012 06:59:29 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 11:59:29.213]: [00001956]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6893B89] Error Error - 21.11.2012 07:00:11 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 12:00:11.816]: [00001956]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.178.20] Error - 21.11.2012 07:00:11 | Computer Name = Verena-PC | Source = Brother BrLog | ID = 1001 Description = STI BrtSTI: [2012/11/21 12:00:11.910]: [00001956]: GetDeviceIpAddress: GetAddressByName [BRW0CEEE6893B89] Error [ System Events ] Error - 21.11.2012 05:56:33 | Computer Name = Verena-PC | Source = Microsoft-Windows-Kernel-General | ID = 6 Description = Error - 21.11.2012 06:00:42 | Computer Name = Verena-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden. Error - 21.11.2012 06:31:41 | Computer Name = Verena-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden. Error - 21.11.2012 06:32:04 | Computer Name = Verena-PC | Source = Microsoft-Windows-Kernel-General | ID = 6 Description = Error - 21.11.2012 06:34:17 | Computer Name = Verena-PC | Source = Microsoft-Windows-Kernel-General | ID = 6 Description = Error - 21.11.2012 06:43:49 | Computer Name = Verena-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden. Error - 21.11.2012 06:47:31 | Computer Name = Verena-PC | Source = atapi | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort2 gefunden. Error - 21.11.2012 06:50:25 | Computer Name = Verena-PC | Source = Microsoft-Windows-Kernel-General | ID = 6 Description = Error - 21.11.2012 07:01:38 | Computer Name = Verena-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 21.11.2012 um 11:50:41 unerwartet heruntergefahren. Error - 21.11.2012 07:02:47 | Computer Name = Verena-PC | Source = Service Control Manager | ID = 7000 Description = [ TuneUp Events ] Error - 20.11.2012 14:48:34 | Computer Name = Verena-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = Error - 20.11.2012 14:48:40 | Computer Name = Verena-PC | Source = TuneUp.UtilitiesSvc | ID = 300 Description = < End of report > Code:
ATTFilter OTL logfile created on: 21.11.2012 12:09:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Verena\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,74% Memory free 6,16 Gb Paging File | 5,18 Gb Available in Paging File | 84,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 207,50 Gb Total Space | 80,32 Gb Free Space | 38,71% Space Free | Partition Type: NTFS Drive D: | 25,37 Gb Total Space | 12,52 Gb Free Space | 49,35% Space Free | Partition Type: FAT32 Computer Name: VERENA-PC | User Name: Verena | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.21 12:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Verena\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.05 20:42:53 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.18 17:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.12.08 19:33:36 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.12.08 19:31:24 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe PRC - [2007.09.07 08:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe PRC - [2007.09.06 10:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe PRC - [2007.08.31 01:00:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2006.12.26 10:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe ========== Modules (No Company Name) ========== MOD - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe ========== Services (SafeList) ========== SRV - [2012.11.06 20:34:39 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.05 21:12:00 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.12.08 19:31:24 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.12.08 19:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2006.11.02 13:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.07.18 17:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.07.18 17:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.07.18 17:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.03.26 13:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.10.07 11:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.05 17:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2009.02.05 17:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil) DRV - [2009.02.05 17:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531) DRV - [2007.06.25 12:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.01.26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 00:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2003.04.28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 20:34:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.06 20:34:39 | 000,000,000 | ---D | M] [2012.09.04 07:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Verena\AppData\Roaming\mozilla\Extensions [2012.10.23 17:00:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\2ybvj1sv.default\extensions [2012.11.06 20:34:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.11.06 20:34:39 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2312CDC4-BB73-45EF-9F45-67FB16D3E563}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F608D2A-B032-4C4F-AC4E-C467DB378066}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A4A3668-0213-408C-B458-53A9FF0B1F70}: DhcpNameServer = 10.74.210.210 10.74.210.211 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4be9d493-f7a1-11e1-8b6f-000ae4cdfef2}\Shell - "" = AutoRun O33 - MountPoints2\{4be9d493-f7a1-11e1-8b6f-000ae4cdfef2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O33 - MountPoints2\{c6ece180-f654-11e1-8749-000ae4cdfef2}\Shell - "" = AutoRun O33 - MountPoints2\{c6ece180-f654-11e1-8749-000ae4cdfef2}\Shell\AutoRun\command - "" = G:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.21 12:05:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Verena\Desktop\OTL.exe [2012.11.20 18:40:25 | 000,000,000 | ---D | C] -- C:\Users\Verena\AppData\Roaming\Malwarebytes [2012.11.20 18:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.20 18:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.20 18:39:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.20 18:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.20 06:14:41 | 000,000,000 | ---D | C] -- C:\Users\Verena\Desktop\Fotos [2012.11.18 15:42:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2012.11.18 15:40:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64 [2012.11.18 15:22:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games [2012.11.18 15:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES [2012.11.18 15:15:06 | 000,000,000 | ---D | C] -- C:\Users\Verena\Documents\EA Games [2012.11.18 14:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES [2012.11.18 14:46:48 | 000,442,368 | R--- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll [2012.11.17 17:52:14 | 000,000,000 | ---D | C] -- C:\Users\Verena\Desktop\fonts [2012.11.08 14:08:17 | 000,000,000 | R--D | C] -- C:\Users\Verena\AppData\Roaming\Brother [2012.11.07 18:47:36 | 000,000,000 | ---D | C] -- C:\Users\Verena\Desktop\Nachhilfe [2012.11.06 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.22 16:54:53 | 000,000,000 | ---D | C] -- C:\Spiele [2012.10.22 15:59:20 | 000,000,000 | ---D | C] -- C:\Users\Verena\Desktop\Mercator ========== Files - Modified Within 30 Days ========== [2012.11.21 12:08:29 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.21 12:08:29 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.21 12:08:29 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.21 12:08:29 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.21 12:05:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Verena\Desktop\OTL.exe [2012.11.21 12:01:44 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 12:01:44 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.21 12:01:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.21 12:01:16 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 18:42:20 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.20 06:20:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2012.11.20 06:15:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2012.11.20 06:15:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012.11.19 19:33:46 | 000,065,536 | ---- | M] () -- C:\Users\Verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.18 15:36:28 | 000,000,680 | ---- | M] () -- C:\Users\Verena\AppData\Local\d3d9caps.dat [2012.11.18 15:33:42 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk [2012.11.18 15:29:25 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims 2 Open For Business.lnk [2012.11.18 15:23:05 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk [2012.11.18 15:17:33 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims 2.lnk [2012.11.14 19:11:08 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.10.23 16:37:36 | 000,441,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.11.20 18:39:10 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.20 06:15:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2012.11.20 06:15:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2012.11.20 06:14:58 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf [2012.11.18 15:44:23 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys [2012.11.18 15:33:42 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk [2012.11.18 15:29:25 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2 Open For Business.lnk [2012.11.18 15:23:05 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk [2012.11.18 15:17:33 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2.lnk [2012.09.27 16:38:01 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.09.27 16:38:01 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.09.27 16:37:34 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.09.27 16:36:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2012.09.27 16:36:07 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.09.27 16:36:06 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2012.09.27 16:29:39 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2012.09.05 20:26:02 | 000,000,552 | ---- | C] () -- C:\Users\Verena\AppData\Local\d3d8caps.dat [2012.09.04 08:52:44 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012.09.04 07:45:10 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2012.09.04 07:34:33 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys [2012.09.04 07:00:28 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2012.09.04 06:59:31 | 000,065,536 | ---- | C] () -- C:\Users\Verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.03 22:54:48 | 000,000,680 | ---- | C] () -- C:\Users\Verena\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2012.09.26 18:13:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1376475563-3077222366-1429948802-1000\$R7X8KG0\l [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.09.05 20:46:11 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.09.05 20:34:07 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.05 21:54:19 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\Ashampoo [2012.09.04 08:20:33 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.03 22:55:13 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.12.06 22:08:53 | 000,000,000 | ---D | M] -- C:\3f45875fc29d98a13ec544349ca7e9c5 [2011.08.26 11:56:44 | 000,000,000 | ---D | M] -- C:\817f6a4edfce8924ac28 [2011.07.12 11:16:05 | 000,000,000 | ---D | M] -- C:\a36c13c43f33a87671fe17d6 [2012.09.03 23:31:20 | 000,000,000 | -HSD | M] -- C:\Boot [2012.10.13 20:17:13 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.08.20 20:06:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2008.12.23 10:13:11 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft [2012.08.19 16:31:15 | 000,000,000 | ---D | M] -- C:\e1fdbe3144ca5cca6867 [2011.01.07 10:16:40 | 000,000,000 | ---D | M] -- C:\EPLAN [2011.01.04 11:13:32 | 000,000,000 | -HSD | M] -- C:\found.000 [2008.04.21 07:48:24 | 000,000,000 | ---D | M] -- C:\Intel [2009.06.06 14:55:20 | 000,000,000 | ---D | M] -- C:\Kpcms [2012.09.04 07:54:21 | 000,000,000 | ---D | M] -- C:\Medion [2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.20 18:39:09 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.20 18:39:10 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.08.20 20:06:26 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.22 16:57:30 | 000,000,000 | ---D | M] -- C:\Spiele [2012.11.21 12:11:17 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.09.04 08:49:26 | 000,000,000 | ---D | M] -- C:\Temp [2011.03.20 23:15:11 | 000,000,000 | ---D | M] -- C:\Torrent_DVD [2012.09.03 22:54:45 | 000,000,000 | R--D | M] -- C:\Users [2012.11.20 06:15:15 | 000,000,000 | ---D | M] -- C:\Windows [2012.09.03 23:12:55 | 000,000,000 | ---D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > < %localappdata%\*. /5 > [2012.11.21 12:15:03 | 000,000,000 | ---D | M] -- C:\Users\Verena\AppData\Local\Temp < End of report > Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-21 12:22:03 ----------------------------- 12:22:03.689 OS Version: Windows 6.0.6000 12:22:03.689 Number of processors: 2 586 0xF0D 12:22:03.689 ComputerName: VERENA-PC UserName: Verena 12:22:13.346 Initialize success 12:24:08.778 AVAST engine defs: 12112100 12:24:21.523 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 12:24:21.539 Disk 0 Vendor: WDC_WD2500BEVS-00UST0 01.01A01 Size: 238475MB BusType: 3 12:24:21.586 Disk 0 MBR read successfully 12:24:21.586 Disk 0 MBR scan 12:24:21.601 Disk 0 Windows VISTA default MBR code 12:24:21.632 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 212476 MB offset 63 12:24:21.632 Disk 0 Partition - 00 0F Extended LBA 25995 MB offset 435152655 12:24:21.679 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 25995 MB offset 435152718 12:24:21.726 Disk 0 scanning sectors +488392065 12:24:21.804 Disk 0 scanning C:\Windows\system32\drivers 12:24:33.941 Service scanning 12:24:58.199 Modules scanning 12:25:03.768 Disk 0 trace - called modules: 12:25:03.799 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 12:25:03.815 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856eb978] 12:25:03.830 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84b4fbb0] 12:25:05.609 AVAST engine scan C:\Windows 12:25:09.072 AVAST engine scan C:\Windows\system32 12:28:19.863 AVAST engine scan C:\Windows\system32\drivers 12:28:37.273 AVAST engine scan C:\Users\Verena 12:42:49.458 AVAST engine scan C:\ProgramData 12:43:28.208 Scan finished successfully 12:45:57.999 Disk 0 MBR has been saved successfully to "C:\Users\Verena\Desktop\MBR.dat" 12:45:57.999 The log file has been saved successfully to "C:\Users\Verena\Desktop\aswMBR.txt" Grüße! |
21.11.2012, 13:50 | #6 | |
/// the machine /// TB-Ausbilder | Dringend! Trojaner und Online-Banking!Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Dringend! Trojaner und Online-Banking! |
21.11.2012, 14:15 | #7 |
| Dringend! Trojaner und Online-Banking! Ok, hier: Code:
ATTFilter ComboFix 12-11-21.01 - Verena 21.11.2012 14:05:23.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3062.1854 [GMT 1:00] ausgeführt von:: c:\users\Verena\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-10-21 bis 2012-11-21 )))))))))))))))))))))))))))))) . . 2012-11-21 11:08 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D66A90F6-5193-48AB-ADA8-0D9699E90944}\mpengine.dll 2012-11-20 17:40 . 2012-11-20 17:40 -------- d-----w- c:\users\Verena\AppData\Roaming\Malwarebytes 2012-11-20 17:39 . 2012-11-20 17:39 -------- d-----w- c:\programdata\Malwarebytes 2012-11-20 17:39 . 2012-11-20 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-20 17:39 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-20 05:14 . 2009-07-14 01:19 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-20 05:14 . 2009-07-14 01:19 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-18 14:40 . 2012-11-18 14:40 -------- d-----w- c:\windows\system32\x64 2012-11-18 14:40 . 2008-02-11 19:13 920088 ----a-w- c:\windows\system32\igxpun.exe 2012-11-18 14:40 . 2006-11-10 15:25 319456 ----a-w- c:\windows\system32\difxapi.dll 2012-11-18 13:46 . 2012-11-18 14:30 -------- d-----w- c:\program files\EA GAMES 2012-11-18 13:46 . 2005-02-26 05:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll 2012-11-08 13:08 . 2012-11-08 13:08 -------- d-----r- c:\users\Verena\AppData\Roaming\Brother 2012-10-22 15:54 . 2012-10-22 15:57 -------- d-----w- C:\Spiele . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-10 18:09 . 2012-09-10 18:09 378368 ----a-w- c:\windows\system32\winhttp.dll 2012-09-10 18:08 . 2012-09-10 18:08 268800 ----a-w- c:\windows\system32\es.dll 2012-09-09 11:23 . 2012-09-09 11:23 45056 ----a-w- c:\windows\system32\drivers\de-DE\http.sys.mui 2012-09-06 09:05 . 2012-09-06 09:05 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2012-09-06 09:05 . 2012-09-06 09:05 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2012-09-06 09:05 . 2012-09-06 09:05 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2012-09-06 09:03 . 2012-09-06 09:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2012-09-06 09:03 . 2012-09-06 09:03 22528 ----a-w- c:\windows\system32\msyuv.dll 2012-09-06 09:03 . 2012-09-06 09:03 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2012-09-06 09:03 . 2012-09-06 09:03 1327616 ----a-w- c:\windows\system32\quartz.dll 2012-09-06 09:03 . 2012-09-06 09:03 88576 ----a-w- c:\windows\system32\avifil32.dll 2012-09-06 09:03 . 2012-09-06 09:03 82944 ----a-w- c:\windows\system32\mciavi32.dll 2012-09-06 09:03 . 2012-09-06 09:03 65024 ----a-w- c:\windows\system32\avicap32.dll 2012-09-06 09:03 . 2012-09-06 09:03 31232 ----a-w- c:\windows\system32\msvidc32.dll 2012-09-06 09:03 . 2012-09-06 09:03 13312 ----a-w- c:\windows\system32\msrle32.dll 2012-09-06 09:03 . 2012-09-06 09:03 123904 ----a-w- c:\windows\system32\msvfw32.dll 2012-09-06 09:02 . 2012-09-06 09:02 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2012-09-05 20:34 . 2012-09-05 20:34 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-09-05 20:34 . 2012-09-05 20:34 289792 ----a-w- c:\windows\system32\atmfd.dll 2012-09-05 20:34 . 2012-09-05 20:34 24064 ----a-w- c:\windows\system32\lpk.dll 2012-09-05 20:34 . 2012-09-05 20:34 156672 ----a-w- c:\windows\system32\t2embed.dll 2012-09-05 20:34 . 2012-09-05 20:34 72704 ----a-w- c:\windows\system32\fontsub.dll 2012-09-05 20:34 . 2012-09-05 20:34 10240 ----a-w- c:\windows\system32\dciman32.dll 2012-09-05 20:32 . 2012-09-05 20:32 72704 ----a-w- c:\windows\system32\admparse.dll 2012-09-05 20:32 . 2012-09-05 20:32 52736 ----a-w- c:\windows\apppatch\iebrshim.dll 2012-09-05 20:31 . 2012-09-05 20:31 832512 ----a-w- c:\windows\system32\wininet.dll 2012-09-05 20:31 . 2012-09-05 20:31 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-09-05 20:31 . 2012-09-05 20:31 48128 ----a-w- c:\windows\system32\mshtmler.dll 2012-09-05 20:31 . 2012-09-05 20:31 389120 ----a-w- c:\windows\system32\html.iec 2012-09-05 20:31 . 2012-09-05 20:31 1383424 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-05 20:31 . 2012-09-05 20:31 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2012-09-05 20:31 . 2012-09-05 20:31 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2012-09-05 20:31 . 2012-09-05 20:31 56320 ----a-w- c:\windows\system32\iesetup.dll 2012-09-05 20:29 . 2012-09-05 20:29 61440 ----a-w- c:\windows\system32\winipsec.dll 2012-09-05 20:29 . 2012-09-05 20:29 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2012-09-05 20:29 . 2012-09-05 20:29 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll 2012-09-05 20:29 . 2012-09-05 20:29 272896 ----a-w- c:\windows\system32\polstore.dll 2012-09-05 20:28 . 2012-09-05 20:28 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-09-05 20:28 . 2012-09-05 20:28 306688 ----a-w- c:\windows\system32\drivers\srv.sys 2012-09-05 20:27 . 2012-09-05 20:27 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2012-09-05 20:27 . 2012-09-05 20:27 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2012-09-05 20:27 . 2012-09-05 20:27 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2012-09-05 20:26 . 2012-09-05 20:26 39424 ----a-w- c:\windows\system32\ACCTRES.dll 2012-09-05 20:26 . 2012-09-05 20:26 205824 ----a-w- c:\windows\system32\msoeacct.dll 2012-09-05 20:26 . 2012-09-05 20:26 87040 ----a-w- c:\windows\system32\msoert2.dll 2012-09-05 20:25 . 2012-09-05 20:25 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2012-09-05 20:25 . 2012-09-05 20:25 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2012-09-05 20:25 . 2012-09-05 20:25 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2012-09-05 20:25 . 2012-09-05 20:25 19968 ----a-w- c:\windows\system32\ARP.EXE 2012-09-05 20:25 . 2012-09-05 20:25 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2012-09-05 20:25 . 2012-09-05 20:25 15360 ----a-w- c:\windows\system32\netevent.dll 2012-09-05 20:25 . 2012-09-05 20:25 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2012-09-05 20:25 . 2012-09-05 20:25 103936 ----a-w- c:\windows\system32\netiohlp.dll 2012-09-05 20:25 . 2012-09-05 20:25 10240 ----a-w- c:\windows\system32\finger.exe 2012-09-05 20:23 . 2012-09-05 20:23 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr 2012-09-05 20:23 . 2012-09-05 20:23 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll 2012-09-05 20:23 . 2012-09-05 20:23 24064 ----a-w- c:\windows\system32\wtsapi32.dll 2012-09-05 20:23 . 2012-09-05 20:23 258232 ----a-w- c:\windows\system32\drivers\acpi.sys 2012-09-05 20:23 . 2012-09-05 20:23 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys 2012-09-05 20:23 . 2012-09-05 20:23 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys 2012-09-05 20:23 . 2012-09-05 20:23 28344 ----a-w- c:\windows\system32\drivers\battc.sys 2012-09-05 20:23 . 2012-09-05 20:23 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys 2012-09-05 20:23 . 2012-09-05 20:23 542720 ----a-w- c:\windows\system32\sysmain.dll 2012-09-05 20:22 . 2012-09-05 20:22 194560 ----a-w- c:\windows\system32\WebClnt.dll 2012-09-05 20:22 . 2012-09-05 20:22 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys 2012-09-05 20:21 . 2012-09-05 20:21 123904 ----a-w- c:\windows\system32\L2SecHC.dll 2012-09-05 20:21 . 2012-09-05 20:21 67584 ----a-w- c:\windows\system32\wlanhlp.dll 2012-09-05 20:21 . 2012-09-05 20:21 502272 ----a-w- c:\windows\system32\wlansvc.dll 2012-09-05 20:21 . 2012-09-05 20:21 47104 ----a-w- c:\windows\system32\wlanapi.dll 2012-09-05 20:21 . 2012-09-05 20:21 297984 ----a-w- c:\windows\system32\wlansec.dll 2012-09-05 20:21 . 2012-09-05 20:21 290816 ----a-w- c:\windows\system32\wlanmsm.dll 2012-09-05 20:19 . 2012-09-05 20:19 1260032 ----a-w- c:\windows\system32\msxml3.dll 2012-09-05 20:19 . 2012-09-05 20:19 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-09-05 20:19 . 2012-09-05 20:19 2048 ----a-w- c:\windows\system32\msxml6r.dll 2012-09-05 20:19 . 2012-09-05 20:19 1406464 ----a-w- c:\windows\system32\msxml6.dll 2012-09-05 20:18 . 2012-09-05 20:18 216576 ----a-w- c:\windows\system32\msv1_0.dll 2012-09-05 20:17 . 2012-09-05 20:17 49664 ----a-w- c:\windows\system32\csrsrv.dll 2012-09-05 20:17 . 2012-09-05 20:17 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-09-05 20:15 . 2012-09-05 20:15 98816 ----a-w- c:\windows\system32\mfps.dll 2012-09-05 20:15 . 2012-09-05 20:15 2855424 ----a-w- c:\windows\system32\mf.dll 2012-09-05 20:15 . 2012-09-05 20:15 52736 ----a-w- c:\windows\system32\rrinstaller.exe 2012-09-05 20:15 . 2012-09-05 20:15 24576 ----a-w- c:\windows\system32\mfpmp.exe 2012-09-05 20:15 . 2012-09-05 20:15 2048 ----a-w- c:\windows\system32\mferror.dll 2012-09-05 20:14 . 2012-09-05 20:14 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-09-05 20:14 . 2012-09-05 20:14 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-09-05 20:10 . 2012-09-05 20:10 434176 ----a-w- c:\windows\system32\vbscript.dll 2012-09-05 20:08 . 2012-09-05 20:08 71680 ----a-w- c:\windows\system32\atl.dll 2012-09-05 20:06 . 2012-09-05 20:06 297472 ----a-w- c:\windows\system32\gdi32.dll 2012-09-05 20:05 . 2012-09-05 20:05 41984 ----a-w- c:\windows\system32\drivers\monitor.sys 2012-09-05 20:05 . 2012-09-05 20:05 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-09-05 20:02 . 2012-09-05 20:02 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll 2012-09-05 20:02 . 2012-09-05 20:02 500736 ----a-w- c:\windows\system32\msdtcprx.dll 2012-09-05 20:02 . 2012-09-05 20:02 30208 ----a-w- c:\windows\system32\xolehlp.dll 2012-09-05 20:01 . 2012-09-05 20:01 156160 ----a-w- c:\windows\system32\wkssvc.dll 2012-09-05 20:00 . 2012-09-05 20:00 36352 ----a-w- c:\windows\system32\tsgqec.dll 2012-09-05 20:00 . 2012-09-05 20:00 1871872 ----a-w- c:\windows\system32\mstscax.dll 2012-09-05 20:00 . 2012-09-05 20:00 116736 ----a-w- c:\windows\system32\aaclient.dll 2012-09-05 19:58 . 2012-09-05 19:58 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2012-09-05 19:56 . 2012-09-05 19:56 414208 ----a-w- c:\windows\system32\msscp.dll 2012-09-05 19:56 . 2012-09-05 19:56 713728 ----a-w- c:\windows\system32\timedate.cpl 2012-11-06 19:34 . 2012-11-06 19:34 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416] "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Zusätzlicher Suchlauf ------- . uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\2ybvj1sv.default\ FF - prefs.js: browser.startup.homepage - google.de . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-11-21 14:11 Windows 6.0.6000 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2012-11-21 14:12:29 ComboFix-quarantined-files.txt 2012-11-21 13:12 . Vor Suchlauf: 18 Verzeichnis(se), 97.494.847.488 Bytes frei Nach Suchlauf: 23 Verzeichnis(se), 97.638.584.320 Bytes frei . - - End Of File - - 3E9D3660932AC53BF052BA511E9B1490 |
21.11.2012, 14:53 | #8 |
/// the machine /// TB-Ausbilder | Dringend! Trojaner und Online-Banking! Gar nix, absolut sauber die Logfiles. ESET Online Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.11.2012, 21:48 | #9 |
| Dringend! Trojaner und Online-Banking! Hi! Der Scan hat etz ein bisschen länger gedauert... Code:
ATTFilter C:\Windows.old\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application C:\Windows.old\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Windows.old\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Windows.old\Users\vr5835\AppData\Roaming\Mozilla\Firefox\Profiles\iayx3fdt.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application C:\Windows.old\Users\vr5835\Downloads\SoftonicDownloader90278.exe a variant of Win32/SoftonicDownloader.A application LG! |
22.11.2012, 07:22 | #10 |
/// the machine /// TB-Ausbilder | Dringend! Trojaner und Online-Banking! Nö, das is nur Adware-Müll in deiner alten Windows Installation. Gehen wir mal auf nummer sicher: Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
22.11.2012, 19:07 | #11 |
| Dringend! Trojaner und Online-Banking! Hi! Habs grad probiert, funktioniert allerdings beides nicht :-( Wenn ich über F8 starte, is die Option "Computerreparatur" oder Ähnliches nicht dabei. Über die CD kann ich starten, wenn ich allerdings g:\frst.exe eingebe kommt, dass das Gerät nicht bereit ist PS: Habe auch verschiedene USB-Anschlüsse ausprobiert... |
23.11.2012, 09:23 | #12 |
/// the machine /// TB-Ausbilder | Dringend! Trojaner und Online-Banking! Ist G denn der Stick? Wenn Du nur G eingibst, nimmt er das an? Wenn ja gib mal dir ein und drück enter, dann sollte eine Auflistung kommen wo auch frst zu sehen ist.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.11.2012, 17:30 | #13 |
| Dringend! Trojaner und Online-Banking! Also ich hab etz dir eingegeben... frst ist nicht zu sehen, habs noch ein paar mal probiert... geht net |
24.11.2012, 17:33 | #14 |
/// the machine /// TB-Ausbilder | Dringend! Trojaner und Online-Banking! Dann hast Du den falschen laufwerksbuchstaben gewählt geh einfach alles durch ab D:, mit dir siehst du dann FRST (wenn es denn auf dem Stick ist).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
24.11.2012, 18:12 | #15 |
| Dringend! Trojaner und Online-Banking! Aber g: zeigts mit ja an O.o Ok, du hattest natürlich Recht. Es zeigt zwar wirklich G:\ an (auch im Notepad), es war aber F:\ Hier die Log: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2012 Ran by SYSTEM at 24-11-2012 18:19:10 Running from F:\ Windows Vista (TM) Home Premium (X86) OS Language: German Standard The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe [283136 2007-02-02] (AVM Berlin) HKLM\...\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.) HKLM\...\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" [32768 2007-09-01] () HKLM\...\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" [188416 2007-09-06] (Wistron) HKLM\...\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" [180224 2006-12-26] (Wistron Corp.) HKLM\...\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" [86016 2007-09-07] (Wistron) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-07-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.) HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2008-07-09] (Nuance Communications, Inc.) HKLM\...\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1150976 2009-01-19] (Brother Industries, Ltd.) HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2009-01-09] (Brother Industries, Ltd.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 ==================== Services (Whitelisted) =================== 2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [86224 2012-07-18] (Avira Operations GmbH & Co. KG) 2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [110032 2012-07-18] (Avira Operations GmbH & Co. KG) 2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation) 2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation) 3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [115168 2012-11-06] (Mozilla Foundation) 3 WisLMSvc; "C:\Program Files\Launch Manager\WisLMSvc.exe" [118784 2007-09-11] (Wistron Corp.) ==================== Drivers (Whitelisted) ==================== 2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83392 2012-07-18] (Avira GmbH) 1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137928 2012-07-18] (Avira GmbH) 1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36000 2012-07-18] (Avira GmbH) 3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) 3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc. ) 3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH) 1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation) 0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [212520 2009-02-05] (Silicon Image, Inc) 0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2009-02-05] (Silicon Image, Inc.) 0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2009-02-05] (Silicon Image, Inc.) 1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH) 4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x] 3 catchme; \??\C:\Users\Verena\AppData\Local\Temp\catchme.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-11-24 18:18 - 2012-11-24 18:18 - 00000000 ____D C:\FRST 2012-11-21 21:47 - 2012-11-21 21:47 - 00000673 ____A C:\Users\Verena\Desktop\eset.txt 2012-11-21 17:29 - 2012-11-21 17:29 - 00000000 ____D C:\Program Files\ESET 2012-11-21 17:28 - 2012-11-21 17:28 - 02322184 ____A (ESET) C:\Users\Verena\Desktop\esetsmartinstaller_enu.exe 2012-11-21 14:12 - 2012-11-21 14:12 - 00014002 ____A C:\ComboFix.txt 2012-11-21 14:03 - 2012-11-21 14:12 - 00000000 ____D C:\Qoobox 2012-11-21 14:03 - 2012-11-21 14:12 - 00000000 ____D C:\ComboFix 2012-11-21 14:03 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe 2012-11-21 14:03 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe 2012-11-21 14:03 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-11-21 14:03 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-11-21 14:03 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-11-21 14:03 - 2000-08-31 01:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe 2012-11-21 14:03 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe 2012-11-21 14:03 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe 2012-11-21 14:03 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe 2012-11-21 14:02 - 2012-11-21 14:11 - 00000000 ____D C:\Windows\erdnt 2012-11-21 14:01 - 2012-11-21 14:02 - 05004435 ____A (Swearware) C:\Users\Verena\Desktop\ComboFix(1).exe 2012-11-21 13:57 - 2012-11-21 13:58 - 05004435 ____R (Swearware) C:\Users\Verena\Desktop\ComboFix.exe 2012-11-21 12:45 - 2012-11-21 12:45 - 00001961 ____A C:\Users\Verena\Desktop\aswMBR.txt 2012-11-21 12:45 - 2012-11-21 12:45 - 00000512 ____A C:\Users\Verena\Desktop\MBR.dat 2012-11-21 12:20 - 2012-11-21 12:21 - 04732416 ____A (AVAST Software) C:\Users\Verena\Desktop\aswMBR.exe 2012-11-21 12:18 - 2012-11-21 12:18 - 00024518 ____A C:\Users\Verena\Desktop\Extras.Txt 2012-11-21 12:17 - 2012-11-21 12:17 - 00056308 ____A C:\Users\Verena\Desktop\OTL.Txt 2012-11-21 12:05 - 2012-11-21 12:05 - 00602112 ____A (OldTimer Tools) C:\Users\Verena\Desktop\OTL.exe 2012-11-20 18:40 - 2012-11-20 18:40 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Malwarebytes 2012-11-20 18:39 - 2012-11-20 18:42 - 00000910 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2012-11-20 18:39 - 2012-11-20 18:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-11-20 18:39 - 2012-11-20 18:39 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-11-20 18:39 - 2012-09-29 19:54 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-11-20 18:38 - 2012-11-20 18:38 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Verena\Downloads\mbam-setup-1.65.0.1400.exe 2012-11-20 06:15 - 2012-11-20 06:15 - 00000000 ___AH C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2012-11-20 06:15 - 2012-11-20 06:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2012-11-20 06:14 - 2012-11-20 06:21 - 00000000 ____D C:\Users\Verena\Desktop\Fotos 2012-11-20 06:14 - 2009-07-14 02:19 - 00445008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-11-20 06:14 - 2009-07-14 02:19 - 00038480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-11-20 06:14 - 2009-06-10 22:27 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf 2012-11-18 15:42 - 2012-11-18 15:43 - 00001059 ____A C:\Windows\DirectX.log 2012-11-18 15:42 - 2012-11-18 15:42 - 00315624 ____A (Microsoft Corporation) C:\Users\Verena\Downloads\dxwebsetup.exe 2012-11-18 15:42 - 2012-11-18 15:42 - 00000000 ____D C:\Windows\System32\directx 2012-11-18 15:40 - 2012-11-18 15:40 - 00000000 ____D C:\Windows\System32\x64 2012-11-18 15:40 - 2008-02-11 20:13 - 00920088 ____A (Intel® Corporation) C:\Windows\System32\igxpun.exe 2012-11-18 15:40 - 2006-11-10 16:25 - 00319456 ____A (Microsoft Corporation) C:\Windows\System32\difxapi.dll 2012-11-18 15:38 - 2012-11-18 15:40 - 100273008 ____A (Microsoft Corporation) C:\Users\Verena\Downloads\directx_Jun2010redist.exe 2012-11-18 15:33 - 2012-11-18 15:33 - 00002017 ____A C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk 2012-11-18 15:29 - 2012-11-18 15:29 - 00002089 ____A C:\Users\Public\Desktop\Die Sims 2 Open For Business.lnk 2012-11-18 15:23 - 2012-11-18 15:23 - 00002089 ____A C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk 2012-11-18 15:22 - 2012-11-18 15:22 - 00000000 ____D C:\Users\Public\Documents\EA Games 2012-11-18 15:17 - 2012-11-18 15:17 - 00001902 ____A C:\Users\Public\Desktop\Die Sims 2.lnk 2012-11-18 15:15 - 2012-11-18 15:15 - 00000000 ____D C:\Users\Verena\Documents\EA Games 2012-11-18 14:46 - 2012-11-18 15:30 - 00000000 ____D C:\Program Files\EA GAMES 2012-11-18 14:46 - 2005-02-26 06:34 - 00442368 ___RA (On2.com) C:\Windows\System32\vp6vfw.dll 2012-11-08 14:08 - 2012-11-08 14:08 - 00000000 ___RD C:\Users\Verena\AppData\Roaming\Brother 2012-11-07 18:47 - 2012-11-07 18:47 - 00000000 ____D C:\Users\Verena\Desktop\Nachhilfe 2012-11-07 17:17 - 2012-11-07 17:17 - 00013068 ____A C:\Users\Verena\Downloads\multipli.exe 2012-11-06 20:34 - 2012-11-06 20:34 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======== 2012-11-24 18:18 - 2012-11-24 18:18 - 00000000 ____D C:\FRST 2012-11-24 18:15 - 2006-11-02 14:01 - 00032636 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-11-24 18:15 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-11-24 18:14 - 2006-11-02 13:47 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-11-24 18:14 - 2006-11-02 13:47 - 00003072 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-11-24 17:23 - 2012-09-03 22:44 - 02036167 ____A C:\Windows\WindowsUpdate.log 2012-11-22 19:44 - 2006-11-02 11:33 - 01461736 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-22 18:41 - 2012-09-22 09:04 - 00000000 ____D C:\Users\Verena\Desktop\Schule2012-13 2012-11-22 18:40 - 2006-11-02 13:52 - 00032916 ____A C:\Windows\setupact.log 2012-11-21 21:47 - 2012-11-21 21:47 - 00000673 ____A C:\Users\Verena\Desktop\eset.txt 2012-11-21 17:29 - 2012-11-21 17:29 - 00000000 ____D C:\Program Files\ESET 2012-11-21 17:28 - 2012-11-21 17:28 - 02322184 ____A (ESET) C:\Users\Verena\Desktop\esetsmartinstaller_enu.exe 2012-11-21 14:29 - 2012-09-05 19:36 - 00082378 ____A C:\Windows\PFRO.log 2012-11-21 14:12 - 2012-11-21 14:12 - 00014002 ____A C:\ComboFix.txt 2012-11-21 14:12 - 2012-11-21 14:03 - 00000000 ____D C:\Qoobox 2012-11-21 14:12 - 2012-11-21 14:03 - 00000000 ____D C:\ComboFix 2012-11-21 14:12 - 2006-11-02 12:18 - 00000000 __RHD C:\users\Default 2012-11-21 14:12 - 2006-11-02 12:18 - 00000000 ___RD C:\users\Public 2012-11-21 14:11 - 2012-11-21 14:02 - 00000000 ____D C:\Windows\erdnt 2012-11-21 14:11 - 2006-11-02 11:23 - 00000215 ____A C:\Windows\system.ini 2012-11-21 14:02 - 2012-11-21 14:01 - 05004435 ____A (Swearware) C:\Users\Verena\Desktop\ComboFix(1).exe 2012-11-21 13:58 - 2012-11-21 13:57 - 05004435 ____R (Swearware) C:\Users\Verena\Desktop\ComboFix.exe 2012-11-21 12:45 - 2012-11-21 12:45 - 00001961 ____A C:\Users\Verena\Desktop\aswMBR.txt 2012-11-21 12:45 - 2012-11-21 12:45 - 00000512 ____A C:\Users\Verena\Desktop\MBR.dat 2012-11-21 12:21 - 2012-11-21 12:20 - 04732416 ____A (AVAST Software) C:\Users\Verena\Desktop\aswMBR.exe 2012-11-21 12:18 - 2012-11-21 12:18 - 00024518 ____A C:\Users\Verena\Desktop\Extras.Txt 2012-11-21 12:17 - 2012-11-21 12:17 - 00056308 ____A C:\Users\Verena\Desktop\OTL.Txt 2012-11-21 12:05 - 2012-11-21 12:05 - 00602112 ____A (OldTimer Tools) C:\Users\Verena\Desktop\OTL.exe 2012-11-20 18:42 - 2012-11-20 18:39 - 00000910 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2012-11-20 18:42 - 2012-11-20 18:39 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-11-20 18:40 - 2012-11-20 18:40 - 00000000 ____D C:\Users\Verena\AppData\Roaming\Malwarebytes 2012-11-20 18:39 - 2012-11-20 18:39 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-11-20 18:38 - 2012-11-20 18:38 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Verena\Downloads\mbam-setup-1.65.0.1400.exe 2012-11-20 06:21 - 2012-11-20 06:14 - 00000000 ____D C:\Users\Verena\Desktop\Fotos 2012-11-20 06:15 - 2012-11-20 06:15 - 00000000 ___AH C:\Windows\System32\Drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf 2012-11-20 06:15 - 2012-11-20 06:15 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf 2012-11-20 06:15 - 2006-11-02 16:31 - 00000000 ____D C:\Windows\System32\Drivers\de-DE 2012-11-19 19:33 - 2012-09-04 06:59 - 00065536 ____A C:\Users\Verena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-11-19 19:25 - 2012-09-10 15:06 - 00000000 ____D C:\Users\Verena\AppData\Roaming\vlc 2012-11-19 18:47 - 2012-09-26 19:06 - 00000000 ____D C:\Users\Verena\AppData\Roaming\dvdcss 2012-11-18 15:43 - 2012-11-18 15:42 - 00001059 ____A C:\Windows\DirectX.log 2012-11-18 15:42 - 2012-11-18 15:42 - 00315624 ____A (Microsoft Corporation) C:\Users\Verena\Downloads\dxwebsetup.exe 2012-11-18 15:42 - 2012-11-18 15:42 - 00000000 ____D C:\Windows\System32\directx 2012-11-18 15:40 - 2012-11-18 15:40 - 00000000 ____D C:\Windows\System32\x64 2012-11-18 15:40 - 2012-11-18 15:38 - 100273008 ____A (Microsoft Corporation) C:\Users\Verena\Downloads\directx_Jun2010redist.exe 2012-11-18 15:40 - 2012-09-03 22:54 - 00000000 ____D C:\users\Verena 2012-11-18 15:36 - 2012-09-03 22:54 - 00000680 ____A C:\Users\Verena\AppData\Local\d3d9caps.dat 2012-11-18 15:33 - 2012-11-18 15:33 - 00002017 ____A C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk 2012-11-18 15:30 - 2012-11-18 14:46 - 00000000 ____D C:\Program Files\EA GAMES 2012-11-18 15:29 - 2012-11-18 15:29 - 00002089 ____A C:\Users\Public\Desktop\Die Sims 2 Open For Business.lnk 2012-11-18 15:23 - 2012-11-18 15:23 - 00002089 ____A C:\Users\Public\Desktop\Die Sims™ 2 Vier Jahreszeiten.lnk 2012-11-18 15:22 - 2012-11-18 15:22 - 00000000 ____D C:\Users\Public\Documents\EA Games 2012-11-18 15:17 - 2012-11-18 15:17 - 00001902 ____A C:\Users\Public\Desktop\Die Sims 2.lnk 2012-11-18 15:15 - 2012-11-18 15:15 - 00000000 ____D C:\Users\Verena\Documents\EA Games 2012-11-14 19:11 - 2012-09-27 16:37 - 00000425 ____A C:\Windows\BRWMARK.INI 2012-11-14 19:11 - 2012-09-27 16:27 - 00000000 ____D C:\Users\All Users\ScanSoft 2012-11-11 22:36 - 2012-10-22 15:59 - 00000000 ____D C:\Users\Verena\Desktop\Mercator 2012-11-08 14:08 - 2012-11-08 14:08 - 00000000 ___RD C:\Users\Verena\AppData\Roaming\Brother 2012-11-07 18:47 - 2012-11-07 18:47 - 00000000 ____D C:\Users\Verena\Desktop\Nachhilfe 2012-11-07 17:17 - 2012-11-07 17:17 - 00013068 ____A C:\Users\Verena\Downloads\multipli.exe 2012-11-07 14:06 - 2012-09-04 07:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2012-11-06 20:34 - 2012-11-06 20:34 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-11-21 12:08:04 Restore point made on: 2012-11-21 12:11:17 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 3061.81 MB Available physical RAM: 2665.76 MB Total Pagefile: 2844.52 MB Available Pagefile: 2701.96 MB Total Virtual: 2047.88 MB Available Virtual: 1975.71 MB ==================== Partitions ============================= 1 Drive c: (BOOT) (Fixed) (Total:207.5 GB) (Free:90.18 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (RECOVER) (Fixed) (Total:25.37 GB) (Free:12.52 GB) FAT32 3 Drive e: (MEDHOPRDEU) (CDROM) (Total:2.39 GB) (Free:0 GB) CDFS 4 Drive f: () (Removable) (Total:1.97 GB) (Free:1.97 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Datentr ### Status Gr”áe Frei Dyn GPT -------- ---------- ------- ------- --- --- 0 Online 233 GB 1559 KB 1 Online 2016 MB 0 B 2 Kein Mediu 0 B 0 B Last Boot: 2012-11-22 19:44 ==================== End Of Log ============================ |
Themen zu Dringend! Trojaner und Online-Banking! |
aktiv, daten, dringend, e-banking, ebanking, einfach, falsch, hallo zusammen, handy, hilfe!, hotspot, installiert, laptop, link geklickt, neu, neue, nutzen, online-banking, onlinebanking, panik, passwort, programm, softwarefehler, spanisch, starten, system, system neu, trojaner, trojaner/virus, verbindung, wlan |