| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: AVG findet script/exploit-was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.11.2012, 20:10
| #1 |
| |  AVG findet script/exploit-was nun? Hallo, bitte helft mir, habe mein Avira Programm gestern gegen AVG getauscht, weil ich ab und zu eine Meldung über ein fehlerhaftes Script erhalten habe, das hat mich misstrauisch gemacht. AVG hat den oben genannten Virus gefunden und in Quarantäne gestellt. Hier die benötigten Logs: 1)OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.11.2012 22:01:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boris\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 44,91% Memory free 6,22 Gb Paging File | 4,56 Gb Available in Paging File | 73,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 918,51 Gb Total Space | 637,43 Gb Free Space | 69,40% Space Free | Partition Type: NTFS Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.26 22:01:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Boris\Downloads\OTL.exe PRC - [2012.11.26 21:59:52 | 000,711,240 | ---- | M] () -- C:\Users\Boris\AppData\Local\Temp\is-DKV3V.tmp\mbam-setup-1.65.0.1400.tmp PRC - [2012.11.26 21:59:49 | 000,711,240 | ---- | M] () -- C:\Users\Boris\AppData\Local\Temp\is-FM33R.tmp\mbam-setup-1.65.0.1400.tmp PRC - [2012.11.26 21:59:40 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Boris\Downloads\mbam-setup-1.65.0.1400.exe PRC - [2012.11.19 17:19:12 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe PRC - [2012.10.22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe PRC - [2012.10.22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.09.18 10:13:00 | 000,099,896 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\AOSD.exe PRC - [2008.09.18 10:13:00 | 000,083,264 | ---- | M] (Packard Bell Services) -- C:\Windows\System32\HidService.exe PRC - [2008.09.18 10:13:00 | 000,079,416 | ---- | M] (Packard Bell BV) -- C:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe PRC - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe PRC - [2008.07.07 16:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe PRC - [2008.05.07 09:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ========== Modules (No Company Name) ========== MOD - [2012.11.26 21:59:52 | 000,711,240 | ---- | M] () -- C:\Users\Boris\AppData\Local\Temp\is-DKV3V.tmp\mbam-setup-1.65.0.1400.tmp MOD - [2012.11.26 21:59:49 | 000,711,240 | ---- | M] () -- C:\Users\Boris\AppData\Local\Temp\is-FM33R.tmp\mbam-setup-1.65.0.1400.tmp MOD - [2012.11.19 17:19:12 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice_tmp.exe -- (MozillaMaintenance) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2008.12.01 09:59:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.09.18 10:13:00 | 000,083,264 | ---- | M] (Packard Bell Services) [Auto | Running] -- C:\Windows\System32\HidService.exe -- (GenericHidService) SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2007.08.24 03:19:12 | 000,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.11.26 22:00:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.10.05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2012.10.02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.09.21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.09.21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2012.09.21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2012.09.14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2008.10.16 08:16:00 | 007,381,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.07.16 13:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.10.31 04:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2006.11.02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=1112&m=imedia_j5644_ge IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=1112&m=imedia_j5644_ge IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp32&d=1112&m=imedia_j5644_ge IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ACCBD8A-66EA-40B7-B7B2-EA4D998A241F} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ACCBD8A-66EA-40B7-B7B2-EA4D998A241F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE511 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.19 14:57:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.19 14:57:00 | 000,000,000 | ---D | M] [2012.11.19 14:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boris\AppData\Roaming\mozilla\Extensions [2012.11.19 14:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.30 18:11:08 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FujiKeyboard] c:\ACER\Preload\Autorun\DRV\FUJI Keyboard\ABoard.exe (Packard Bell BV) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EFBC476-777F-46E1-8F9A-E0D878D0EA27}: DhcpNameServer = 192.168.11.254 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\System32\ezShellStart.exe (EasyBits Software AS) O24 - Desktop WallPaper: C:\Users\Boris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Boris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.26 22:00:25 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.26 22:00:25 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Malwarebytes [2012.11.26 22:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.26 22:00:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.26 22:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.26 18:40:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2012.11.26 18:05:54 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\AVG2013 [2012.11.26 18:04:51 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\TuneUp Software [2012.11.26 18:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.11.26 18:04:33 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.11.26 18:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.11.26 18:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012.11.26 17:57:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.11.26 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\MFAData [2012.11.26 17:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.11.26 17:57:05 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Avg2013 [2012.11.20 22:48:07 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Facebook [2012.11.20 20:10:27 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Skype [2012.11.20 15:10:06 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Atari [2012.11.20 15:02:49 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.11.20 15:01:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\RCT3 [2012.11.20 15:01:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\My Pictures [2012.11.20 15:01:02 | 000,000,000 | ---D | C] -- C:\Users\Boris\Documents\My Music [2012.11.20 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Adobe [2012.11.19 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\vghd [2012.11.19 20:58:53 | 000,000,000 | ---D | C] -- C:\Backup [2012.11.19 18:23:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.11.19 18:23:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.11.19 18:23:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.11.19 17:46:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.11.19 17:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2012.11.19 17:21:59 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Macromedia [2012.11.19 16:28:45 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Apple Computer [2012.11.19 16:17:56 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2012.11.19 14:54:39 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Apple [2012.11.19 14:48:03 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Mozilla [2012.11.19 14:48:03 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Mozilla [2012.11.19 14:39:20 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Macromedia [2012.11.19 14:12:00 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\System32\drivers\int15_64.sys [2012.11.19 14:12:00 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\System32\drivers\int15.sys [2012.11.19 14:10:21 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Adobe [2012.11.19 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Google [2012.11.19 14:10:09 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Google [2012.11.19 14:06:08 | 000,274,488 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwpnp32_priv.dll [2012.11.19 14:06:08 | 000,274,488 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwpnp32.dll [2012.11.19 14:06:08 | 000,106,552 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\System32\hcwi2c32.dll [2012.11.19 14:06:08 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwutl32_priv.dll [2012.11.19 14:06:08 | 000,036,921 | ---- | C] (Hauppauge Computer Works) -- C:\Windows\System32\hcwutl32.dll [2012.11.19 14:01:31 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Packard Bell [2012.11.19 14:01:18 | 000,000,000 | R--D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.11.19 14:01:18 | 000,000,000 | R--D | C] -- C:\Users\Boris\Searches [2012.11.19 14:01:18 | 000,000,000 | R--D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.11.19 14:01:10 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Identities [2012.11.19 14:01:08 | 000,000,000 | R--D | C] -- C:\Users\Boris\Contacts [2012.11.19 13:59:18 | 000,588,472 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll [2012.11.19 13:59:18 | 000,129,992 | ---- | C] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll [2012.11.19 13:58:52 | 001,381,376 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl [2012.11.19 13:58:52 | 000,778,240 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl [2012.11.19 13:58:52 | 000,268,288 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe [2012.11.19 13:58:52 | 000,215,040 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl [2012.11.19 13:58:52 | 000,111,104 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe [2012.11.19 13:58:52 | 000,097,792 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl [2012.11.19 13:58:52 | 000,091,136 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe [2012.11.19 13:58:52 | 000,064,512 | ---- | C] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl [2012.11.19 13:58:52 | 000,049,152 | ---- | C] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll [2012.11.19 13:58:52 | 000,015,872 | ---- | C] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe [2012.11.19 13:57:28 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\VirtualStore [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Vorlagen [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\AppData\Local\Verlauf [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\AppData\Local\Temporary Internet Files [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Startmenü [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\SendTo [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Recent [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Netzwerkumgebung [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Lokale Einstellungen [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Documents\Eigene Videos [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Documents\Eigene Musik [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Eigene Dateien [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Documents\Eigene Bilder [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Druckumgebung [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Cookies [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\AppData\Local\Anwendungsdaten [2012.11.19 13:57:23 | 000,000,000 | -HSD | C] -- C:\Users\Boris\Anwendungsdaten [2012.11.19 13:57:22 | 000,000,000 | --SD | C] -- C:\Users\Boris\AppData\Roaming\Microsoft [2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\Saved Games [2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\Links [2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\Favorites [2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\Desktop [2012.11.19 13:57:22 | 000,000,000 | R--D | C] -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.11.19 13:57:22 | 000,000,000 | -H-D | C] -- C:\Users\Boris\AppData [2012.11.19 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Temp [2012.11.19 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Local\Microsoft [2012.11.19 13:57:22 | 000,000,000 | ---D | C] -- C:\Users\Boris\AppData\Roaming\Media Center Programs [2012.11.19 13:53:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.11.19 13:53:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.11.19 13:53:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.11.19 12:43:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.11.19 11:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.11.19 10:18:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.10.29 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2012.11.26 22:00:25 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.26 22:00:15 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.26 20:28:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 20:28:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.26 20:15:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.26 18:37:01 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.26 18:37:01 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.26 18:37:01 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.26 18:37:01 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.26 18:29:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.11.26 18:28:36 | 3220,348,928 | -HS- | M] () -- C:\hiberfil.sys [2012.11.26 18:04:51 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.11.26 17:16:26 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll [2012.11.20 15:09:17 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2012.11.20 15:02:49 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll [2012.11.20 14:05:07 | 000,300,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.20 11:19:02 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.11.20 11:19:02 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.11.20 11:18:54 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.11.19 17:43:20 | 000,007,168 | ---- | M] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.19 17:33:44 | 000,000,680 | ---- | M] () -- C:\Users\Boris\AppData\Local\d3d9caps.dat [2012.11.19 14:56:40 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.11.19 14:47:59 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.19 14:14:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\PackardBellBV_IMEDIAJ5644GE_ToBeFilledByO.E.M._PTU050X006851035799000.MRK [2012.11.19 13:59:27 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer.lnk [2012.11.19 13:59:22 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2012.11.19 13:59:18 | 000,008,172 | ---- | M] () -- C:\Windows\System32\ezdigsgn.dat [2012.11.19 13:58:52 | 001,381,376 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcl70.bpl [2012.11.19 13:58:52 | 000,778,240 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\rtl70.bpl [2012.11.19 13:58:52 | 000,268,288 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezSetup.exe [2012.11.19 13:58:52 | 000,215,040 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclx70.bpl [2012.11.19 13:58:52 | 000,111,104 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezShellStart.exe [2012.11.19 13:58:52 | 000,097,792 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vcljpg70.bpl [2012.11.19 13:58:52 | 000,091,136 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUninst.exe [2012.11.19 13:58:52 | 000,064,512 | ---- | M] (Borland Software Corporation) -- C:\Windows\System32\vclsmp70.bpl [2012.11.19 13:58:52 | 000,049,152 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezUPBHook.dll [2012.11.19 13:58:52 | 000,015,872 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezMAPIHelper.exe [2012.11.19 13:52:13 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf [2012.11.19 12:43:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf ========== Files Created - No Company Name ========== [2012.11.26 22:00:15 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.26 18:04:51 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.11.20 15:01:05 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2012.11.20 15:00:59 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2012.11.20 11:18:54 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.11.19 17:36:54 | 3220,348,928 | -HS- | C] () -- C:\hiberfil.sys [2012.11.19 17:33:04 | 000,000,680 | ---- | C] () -- C:\Users\Boris\AppData\Local\d3d9caps.dat [2012.11.19 17:17:51 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2012.11.19 17:17:50 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2012.11.19 17:17:39 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2012.11.19 17:17:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.11.19 17:17:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.11.19 17:17:35 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2012.11.19 17:17:31 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2012.11.19 17:17:13 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2012.11.19 17:17:10 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2012.11.19 17:16:36 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2012.11.19 16:15:39 | 000,007,168 | ---- | C] () -- C:\Users\Boris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.19 14:56:40 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.11.19 14:54:38 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.11.19 14:47:59 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.11.19 14:47:47 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf [2012.11.19 14:14:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\PackardBellBV_IMEDIAJ5644GE_ToBeFilledByO.E.M._PTU050X006851035799000.MRK [2012.11.19 14:12:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\LogConfigTemp.xml [2012.11.19 14:12:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll [2012.11.19 14:01:19 | 000,000,951 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.11.19 14:01:17 | 000,000,946 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012.11.19 14:01:08 | 000,000,917 | ---- | C] () -- C:\Users\Boris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.11.19 13:59:27 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer.lnk [2012.11.19 13:59:22 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2012.11.19 13:58:53 | 000,008,172 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2012.11.19 12:43:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.20 15:10:06 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Atari [2012.11.26 18:05:54 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\AVG2013 [2012.11.26 18:04:51 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.11.2012 22:01:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 44,91% Memory free
6,22 Gb Paging File | 4,56 Gb Available in Paging File | 73,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 918,51 Gb Total Space | 637,43 Gb Free Space | 69,40% Space Free | Partition Type: NTFS
Computer Name: BORIS-PC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0269314E-F892-4156-A1D1-55F1829926C7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{1BA2485D-4B5D-4039-8848-0E2F858B8967}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{42E6ED8A-00C1-453A-AD6A-68B4F6149FEA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{572CD099-B0F2-4928-9536-DE602DA9B482}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{572FBB3F-4DC5-42DD-912E-83EE22CE74FE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{6132566B-6CD6-4867-9B86-C70463050D63}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A21FA668-E465-417A-A0E2-D5E90417EB64}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DCB53471-7331-4D62-955D-60A4179589BB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{DF91C1CF-FAA0-4B36-B1FA-5B2D10104AA7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{E2C05D10-F84B-4857-ACFB-C1129443EEB4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{F453E0C8-631D-40AE-8782-717513ECC011}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{DE5EB975-946C-4ADF-ABCC-3609BCEBF978}" = AVG 2013
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG" = AVG 2013
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office2007" = Microsoft Office Home and Student
"Works9se" = Microsoft Works 9.0 SE
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.11.2012 17:13:49 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 19.11.2012 17:13:49 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 19.11.2012 17:13:49 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 19.11.2012 17:13:49 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 19.11.2012 17:13:50 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 19.11.2012 17:13:50 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 19.11.2012 17:13:50 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 19.11.2012 17:13:50 | Computer Name = Boris-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 20.11.2012 06:04:58 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.11.2012 06:29:12 | Computer Name = Boris-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 19.11.2012 11:04:37 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 19.11.2012 11:04:37 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 19.11.2012 11:04:37 | Computer Name = Boris-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 19.11.2012 11:04:42 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 19.11.2012 11:18:47 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 19.11.2012 11:26:36 | Computer Name = Boris-PC | Source = HTTP | ID = 15016
Description =
Error - 19.11.2012 11:38:27 | Computer Name = Boris-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 19.11.2012 11:48:24 | Computer Name = Boris-PC | Source = HTTP | ID = 15016
Description =
Error - 19.11.2012 12:32:04 | Computer Name = Boris-PC | Source = HTTP | ID = 15016
Description =
Error - 19.11.2012 12:37:18 | Computer Name = Boris-PC | Source = HTTP | ID = 15016
Description =
< End of report >
2) Anti Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.26.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Boris :: BORIS-PC [Administrator] 27.11.2012 07:30:19 mbam-log-2012-11-27 (07-30-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 437415 Laufzeit: 1 Stunde(n), 47 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) 3)Virustotal https://www.virustotal.com/file/ff5469d58e4a480b90948cb755f2826570c75a188caa1bf3314dafe7eff612b8/analysis/1353972253/ und https://www.virustotal.com/file/ea7bf51cd233f139764e17d21fe3827ed0e7c1f1907f405888a8f81d7123b8cc/analysis/1354042336/ Ist der Virus noch aktiv? Was soll ich machen? Geändert von boris81 (27.11.2012 um 20:25 Uhr) |
|
| Themen zu AVG findet script/exploit-was nun? |
| adobe, autorun, avg, avira, bho, defender, desktop, error, firefox, flash player, format, helper, home, install.exe, logfile, mozilla, packard bell, plug-in, programm, realtek, registry, rundll, scan, security, senden, software, virus, vista, wlan. |
Linear-Darstellung
