|
Plagegeister aller Art und deren Bekämpfung: Mögliche Infektion mit ZeroAccessWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.01.2013, 13:14 | #1 |
| Mögliche Infektion mit ZeroAccess Hallo, ich hatte vor kurzem ein Problem mit dem ZeroAccess Rootkit und habe mein Netbook deshalb neu aufgesetzt. Allerdings bin ich mir nicht ganz sicher ob ich das jetzt los bin. Mein System: Acer Aspire One D255E Windows 7 Starter |
06.01.2013, 17:07 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mögliche Infektion mit ZeroAccess Hallo und
__________________Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Eine Kontrolle mit OTL bitte:
__________________ |
06.01.2013, 18:04 | #3 |
| Mögliche Infektion mit ZeroAccess Danke für Deine Hilfe
__________________OTL hat sich beim Scan das eine oder andere Mal aufgehangen. Ist das schlimm? Ich habe hier die beiden Log-Files die das Tool erstellt hat: Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 06.01.2013 17:30:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 55,24 Mb Available Physical Memory | 5,45% Memory free 1,99 Gb Paging File | 0,85 Gb Available in Paging File | 42,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 105,66 Gb Free Space | 48,97% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32 Drive H: | 931,51 Gb Total Space | 712,62 Gb Free Space | 76,50% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-470487763-3997339945-3177117635-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0126A99B-1FE0-4922-A138-C72AC8E5C938}" = lport=2869 | protocol=6 | dir=in | app=system | "{340F63D5-5E27-48ED-9EAC-288232B9542A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009D3BF4-BCD4-4A36-B37E-77F695C5480F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{08527209-67E4-4654-8D95-D428915DAA74}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{0AFC9546-0DA7-4071-B8C2-EDAF6A886098}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "{1F586224-A45C-46D9-A6A7-90AA67827A04}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{359DE20D-50C1-414E-9AAC-7FEDF6C64137}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{51F5CE96-8DC9-4DAA-B16E-B8EF70396B1A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{52362650-F767-43AE-A391-4D8A0FF0B7BF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{6850327C-EE8E-4CA3-AE04-3E866513AB24}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{694D4125-630A-43BC-87F8-BFDC93A4A0C9}" = dir=in | app=c:\program files\itunes\itunes.exe | "{8C0827C7-F775-4D8F-8650-449A0732CFDC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8F1F3507-A62B-446C-9C06-2B9673560B9D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe | "{CE00BA8B-018D-41C4-9D98-166D21212B5D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\metro 2033\metro2033.exe | "{E92859B8-22CD-40B3-A9CD-65C72B1FF4B2}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | "TCP Query User{85E88CEE-36E2-4CC2-80AE-25182CAF993C}C:\sandbox\user\defaultbox\drive\c\program files\steam\steamapps\downloading\43110\metro2033benchmark.exe" = protocol=6 | dir=in | app=c:\sandbox\user\defaultbox\drive\c\program files\steam\steamapps\downloading\43110\metro2033benchmark.exe | "TCP Query User{86588556-F376-4746-8228-D556835E3D2F}C:\sandbox\user\defaultbox\user\current\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\sandbox\user\defaultbox\user\current\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{9CDBBE86-81CE-4312-9E06-862A63735894}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{0C094DF9-C445-42E0-8A60-2AD77589A3BE}C:\sandbox\user\defaultbox\drive\c\program files\steam\steamapps\downloading\43110\metro2033benchmark.exe" = protocol=17 | dir=in | app=c:\sandbox\user\defaultbox\drive\c\program files\steam\steamapps\downloading\43110\metro2033benchmark.exe | "UDP Query User{5D06CF51-1AAC-49F9-BD0D-9EFBC5C19E94}C:\sandbox\user\defaultbox\user\current\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\sandbox\user\defaultbox\user\current\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{B0BB240A-2583-4111-B641-9438DCAA22DE}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86 "{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam "{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{EBC147FC-1A82-448F-AE35-914AF96194C6}" = Oracle VM VirtualBox 4.2.4 "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver "7-Zip" = 7-Zip 9.20 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ESET Online Scanner" = ESET Online Scanner v3 "Freemake Video Downloader_is1" = Freemake Video Downloader "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU "Notepad++" = Notepad++ "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Sandboxie" = Sandboxie 3.74 (32-bit) "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0 "Steam App 43110" = Metro 2033 "Steam App 440" = Team Fortress 2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 2.0.4 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.01.2013 12:05:59 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 04.01.2013 12:05:59 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 999 Error - 04.01.2013 12:05:59 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 999 Error - 04.01.2013 12:06:00 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 04.01.2013 12:06:00 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1997 Error - 04.01.2013 12:06:00 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1997 Error - 04.01.2013 12:06:01 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 04.01.2013 12:06:01 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2995 Error - 04.01.2013 12:06:01 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2995 Error - 04.01.2013 12:06:02 | Computer Name = User-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ System Events ] Error - 22.12.2012 08:53:21 | Computer Name = User-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR8 gefunden. Error - 23.12.2012 05:16:19 | Computer Name = User-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht. Error - 23.12.2012 07:26:04 | Computer Name = User-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 23.12.2012 08:19:15 | Computer Name = User-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht. Error - 24.12.2012 08:57:40 | Computer Name = User-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 24.12.2012 16:28:22 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "McAfee Application Installer Cleanup (0228491354314553)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 24.12.2012 16:29:46 | Computer Name = User-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 24.12.2012 16:29:48 | Computer Name = User-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 24.12.2012 16:29:51 | Computer Name = User-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. Error - 24.12.2012 16:29:51 | Computer Name = User-PC | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden. < End of report > OTL.txt: Code:
ATTFilter OTL logfile created on: 06.01.2013 17:30:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 55,24 Mb Available Physical Memory | 5,45% Memory free 1,99 Gb Paging File | 0,85 Gb Available in Paging File | 42,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 105,66 Gb Free Space | 48,97% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 2,66 Gb Free Space | 66,51% Space Free | Partition Type: FAT32 Drive H: | 931,51 Gb Total Space | 712,62 Gb Free Space | 76,50% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Freemake\CaptureLib\CaptureLibService.exe (Ellora Assets Corp.) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - H:\Development\Desktop\PortableAppsSuite\Thunder\App\thunderbird\thunderbird.exe (Mozilla Corporation) PRC - H:\Development\Desktop\PortableAppsSuite\Thunder\ThunderbirdPortable.exe (PortableApps.com) PRC - C:\Programme\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) PRC - C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\User\AppData\Local\Temp\nsv7E83.tmp\registry.dll () MOD - C:\Users\User\AppData\Local\Temp\nsv7E83.tmp\System.dll () MOD - C:\Users\User\AppData\Local\Temp\nsv7E83.tmp\newadvsplash.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.97\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.97\libglesv2.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.97\libegl.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.97\avutil-51.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.97\avformat-54.dll () MOD - C:\Programme\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll () MOD - H:\Development\Desktop\PortableAppsSuite\Thunder\App\thunderbird\mozjs.dll () MOD - H:\Development\Desktop\PortableAppsSuite\Thunder\App\thunderbird\nsldap32v60.dll () MOD - H:\Development\Desktop\PortableAppsSuite\Thunder\App\thunderbird\nsldappr32v60.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Notepad++\NppShell_05.dll () MOD - C:\Programme\Acer\Android Manager\DEU.dll () MOD - C:\Programme\Launch Manager\CdDirIo.dll () ========== Services (SafeList) ========== SRV - (FreemakeVideoCapture) -- C:\Programme\Freemake\CaptureLib\CaptureLibService.exe (Ellora Assets Corp.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (QVLRN) -- C:\Users\User\AppData\Local\Temp\QVLRN.exe (Sysinternals - www.sysinternals.com) SRV - (OZTJ) -- C:\Users\User\AppData\Local\Temp\OZTJ.exe (Sysinternals - www.sysinternals.com) SRV - (0228491354314553mcinstcleanup) -- C:\Windows\Temp\0228491354314553mcinst.exe (McAfee, Inc.) SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (cvhsvc) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (sftvsa) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MEMSWEEP2) -- C:\Windows\system32\FA6C.tmp File not found DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-470487763-3997339945-3177117635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-470487763-3997339945-3177117635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKU\S-1-5-21-470487763-3997339945-3177117635-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-470487763-3997339945-3177117635-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-470487763-3997339945-3177117635-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-470487763-3997339945-3177117635-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.11.29 17:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AdBlock = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\ CHR - Extension: Ghostery = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\ CHR - Extension: Webutation = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj\2.3_0\ CHR - Extension: Google Mail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKU\S-1-5-21-470487763-3997339945-3177117635-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC33D271-C1F4-4503-9DAA-24AF290ADA2F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE044914-397A-4DD0-B75E-A7BAA3838E06}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.10.21 10:43:37 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.06 17:29:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.01.06 15:16:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs [2013.01.03 16:05:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.01.03 15:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.03 15:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.01.03 15:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.01.02 16:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.01.02 16:24:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.01.02 16:15:09 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2013.01.02 16:15:09 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2013.01.02 16:15:09 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2013.01.02 16:15:09 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2013.01.02 16:15:09 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2013.01.02 16:15:08 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2013.01.02 16:15:08 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2013.01.02 16:15:08 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2013.01.02 16:15:08 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2013.01.02 16:15:08 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2013.01.02 16:15:07 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2013.01.02 16:15:07 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2013.01.02 16:15:07 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2013.01.02 16:15:07 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2013.01.02 16:15:06 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2013.01.02 16:15:06 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2013.01.02 16:15:06 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2013.01.02 16:15:06 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2013.01.02 16:15:06 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2013.01.02 16:15:06 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2013.01.02 16:15:06 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2013.01.02 16:15:05 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2013.01.02 16:15:05 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2013.01.02 16:15:05 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2013.01.02 16:15:05 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2013.01.02 16:15:04 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll [2013.01.02 16:15:04 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll [2013.01.02 16:15:04 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll [2013.01.02 16:15:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll [2013.01.02 16:15:04 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2013.01.02 16:15:04 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll [2013.01.02 16:15:03 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2013.01.02 16:15:03 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2013.01.02 16:15:02 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2013.01.02 16:15:02 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2013.01.02 16:15:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2013.01.02 16:15:02 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2013.01.02 16:15:02 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2013.01.02 16:15:00 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2013.01.02 16:15:00 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2013.01.02 16:15:00 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2013.01.02 16:15:00 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2013.01.02 16:15:00 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2013.01.02 16:15:00 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2013.01.02 16:14:59 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2013.01.02 16:14:58 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2013.01.02 16:14:58 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2013.01.02 16:14:58 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2013.01.02 16:14:57 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2013.01.02 16:14:57 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2013.01.02 16:14:57 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2013.01.02 16:14:57 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2013.01.02 16:14:56 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2013.01.02 16:14:56 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2013.01.02 16:14:56 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2013.01.02 16:14:56 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2013.01.02 16:14:56 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2013.01.02 16:14:56 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2013.01.02 16:14:55 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2013.01.02 16:14:55 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2013.01.02 16:14:55 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2013.01.02 16:14:55 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2013.01.02 16:14:55 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll [2013.01.02 16:14:54 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll [2013.01.02 16:14:54 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll [2013.01.02 16:14:53 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll [2013.01.02 16:14:53 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll [2013.01.02 16:14:53 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2013.01.02 16:14:52 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll [2013.01.02 16:14:52 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll [2013.01.02 16:14:52 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll [2013.01.02 16:14:52 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll [2013.01.02 16:14:52 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll [2013.01.02 16:14:44 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll [2013.01.02 16:14:44 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll [2013.01.02 16:14:44 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll [2013.01.02 16:14:44 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll [2013.01.02 16:14:43 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll [2013.01.02 16:14:43 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll [2013.01.02 16:14:43 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll [2013.01.02 16:14:42 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll [2013.01.02 16:14:42 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll [2013.01.02 13:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2013.01.02 13:45:06 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Freemake [2013.01.02 13:45:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2013.01.02 13:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2013.01.02 13:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013.01.02 13:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake [2012.12.30 18:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.30 18:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.30 18:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.30 18:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.12.22 14:37:55 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\PSbackup [2012.12.22 13:49:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft Corporation [2012.12.22 12:25:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Temporary Projects [2012.12.21 09:26:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.12.20 17:58:21 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Dumps [2012.12.20 17:57:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\WiresharkPortable [2012.12.18 16:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2012.12.16 11:47:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VSRevoGroup [2012.12.16 09:46:32 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012.12.15 18:44:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.12.15 18:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2012.12.15 18:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.12.15 18:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2012.12.14 19:00:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\mbar [2012.12.13 15:14:05 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\PENDRIVE [2012.12.12 21:32:49 | 000,000,000 | ---D | C] -- C:\Users\User\VirtualBox VMs [2012.12.12 21:32:10 | 000,000,000 | ---D | C] -- C:\Users\User\.VirtualBox [2012.12.12 21:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.12.12 21:30:29 | 000,187,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxDrv.sys [2012.12.12 21:30:20 | 000,094,040 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\drivers\VBoxUSBMon.sys [2012.12.12 21:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.12.08 17:38:40 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.08 17:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012.12.07 21:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.12.07 21:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2012.12.07 20:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications ========== Files - Modified Within 30 Days ========== [2013.01.06 17:37:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.06 17:32:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.06 17:32:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.06 17:30:28 | 000,696,814 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.06 17:30:28 | 000,652,092 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.06 17:30:28 | 000,147,820 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.06 17:30:28 | 000,120,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.06 17:30:07 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\Acer Registration - Reminder Recall task.job [2013.01.06 17:29:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.01.06 17:25:06 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.06 17:24:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.06 17:24:49 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2013.01.06 15:01:02 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2013.01.06 14:55:13 | 000,002,738 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.12.16 16:08:05 | 000,000,213 | ---- | M] () -- C:\Users\User\Desktop\Team Fortress 2.url [2012.12.16 15:55:56 | 000,000,215 | ---- | M] () -- C:\Users\User\Desktop\Metro 2033.url [2012.12.16 09:46:33 | 000,309,320 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys [2012.12.16 09:46:24 | 006,753,824 | ---- | M] (BitDefender LLC) -- C:\Users\User\Desktop\1334231518_BDRemoval_Tool_AntiBootkit_x32.exe [2012.12.15 18:37:41 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.12.14 23:21:12 | 000,239,080 | ---- | M] () -- C:\Users\User\AppData\Local\census.cache [2012.12.14 23:20:44 | 000,104,570 | ---- | M] () -- C:\Users\User\AppData\Local\ars.cache [2012.12.14 23:06:17 | 000,000,036 | ---- | M] () -- C:\Users\User\AppData\Local\housecall.guid.cache [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.14 15:02:56 | 000,001,205 | ---- | M] () -- C:\Users\User\Desktop\cmd.lnk [2012.12.12 21:30:30 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk ========== Files Created - No Company Name ========== [2012.12.16 16:08:05 | 000,000,213 | ---- | C] () -- C:\Users\User\Desktop\Team Fortress 2.url [2012.12.16 15:55:55 | 000,000,215 | ---- | C] () -- C:\Users\User\Desktop\Metro 2033.url [2012.12.15 18:37:41 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.12.14 23:21:12 | 000,239,080 | ---- | C] () -- C:\Users\User\AppData\Local\census.cache [2012.12.14 23:20:44 | 000,104,570 | ---- | C] () -- C:\Users\User\AppData\Local\ars.cache [2012.12.14 23:06:17 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache [2012.12.14 15:00:47 | 000,001,205 | ---- | C] () -- C:\Users\User\Desktop\cmd.lnk [2012.12.12 21:30:30 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2012.12.02 11:19:22 | 000,088,280 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.11.30 17:06:57 | 000,002,738 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.11.29 02:04:09 | 000,696,814 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.11.29 02:04:09 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.11.29 02:04:09 | 000,147,820 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.11.29 02:04:09 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2011.01.11 11:11:21 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2011.01.11 11:01:44 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2011.01.11 11:01:44 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2011.01.11 11:01:44 | 000,016,406 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT [2011.01.11 11:01:44 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.01.11 11:01:44 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.01.11 11:01:44 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2011.01.11 11:01:44 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2011.01.11 09:34:59 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.07.27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
07.01.2013, 20:56 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mögliche Infektion mit ZeroAccess Sieht gut aus Downloade Dir bitte SecurityCheck
__________________ Logfiles bitte immer in CODE-Tags posten |
08.01.2013, 16:46 | #5 |
| Mögliche Infektion mit ZeroAccess Hi, hier der Log den SecurityCheck ausgegeben hat: Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 x86 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Sophos Anti-Rootkit 1.5.0 Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
08.01.2013, 20:10 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mögliche Infektion mit ZeroAccess Wie man sieht ist da einiges noch ziemlich veraltet, aber du hast auch gerade erst neu aufgesetzt
Mach erstmal bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ --> Mögliche Infektion mit ZeroAccess |
09.01.2013, 11:02 | #7 |
| Mögliche Infektion mit ZeroAccess Hi, bin grad in der Schule und hab da ne Frage: Auf meinem Netbook ist Notepad++ installiert, weil ich damit die .NET-Snippets von mir öffne. Wegen Syntax-Highlighting. Habe ich aber nicht als Standard für txt. Der Security-Check hat ja die Logdatei nach dem Scan geöffnet. In Notepad++. Wenn ich aber z.B. die Logs von OTL doppelklicke öffnet sich das im Editor. Wieso ist das so? |
09.01.2013, 11:15 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mögliche Infektion mit ZeroAccess http://www.windowspower.de/ffnen-von...gramm_857.html Ist jetzt aber ein Nebenkriegsschauplatz! Bitte poste die Logs!
__________________ Logfiles bitte immer in CODE-Tags posten |
09.01.2013, 23:30 | #9 |
| Mögliche Infektion mit ZeroAccess Ok ich poste hier mal den MBAM Log, das mit Eset kann noch etwas dauern... Scannt schon seit 6 Stunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.09.07 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 User :: USER-PC [Administrator] 09.01.2013 16:27:29 mbam-log-2013-01-09 (16-27-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200712 Laufzeit: 9 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Ok, geschafft Eset hat sich gestern an der Iso-Datei von Visual Studio 10 aufgehangen. Habe dann eben Eset deinstalliert, neuinstalliert und den Scan durchgeführt: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=00516499eef0b141b24826db7755311f # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-01-10 06:04:13 # local_time=2013-01-10 07:04:13 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5893 16776573 100 94 354442 109472244 0 0 # scanned=108670 # found=0 # cleaned=0 # scan_time=15789 |
17.01.2013, 12:23 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mögliche Infektion mit ZeroAccess Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
17.01.2013, 15:13 | #11 |
| Mögliche Infektion mit ZeroAccess Nö ansonsten gibts keine Probleme. Ich muss aber noch was beichten, denn ich habe bevor ich das Thema hier gepostet habe, von McAfee den RootkitRemover geladen und ausgeführt. Der meite die Datei "shell32.dll" wäre vom Rootkit ZeroAccess infiziert und hat die Datei gelöscht. Nach dem Neustart sah ich einen schwarzen Bildschirm und es kam wiederholt die Meldung "xxx konnte nicht gestartet werden, weil shell32.dll nicht gefunden wurde.....". Durch die Systemwiederherstellung (ich hatte am Tag vorher Java installiert) konnte ich das Problem beheben. Die Datei habe ich dann auch bei Jotti und Virustotal gecheckt, und keiner ist angeschlagen. Hier das Log vom RootkitRemover: Code:
ATTFilter [TimeStamp: 20130106143002] Rootkit Remover v0.8.9.160 [Dec 4 2012 - 17:44:01] McAfee Labs. Windows build 6.1.7600 x86 Checking for updates ... Now Scanning... Malware Found --> ZeroAccess trojan detected!!! --> Registry key: HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32 ( fixed ) --> Malicious file: C:\Windows\system32\shell32.dll ( will be deleted after restart ) --> Registry key: HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32 ( fixed ) --> Malicious file: C:\Windows\system32\shell32.dll ( will be deleted after restart ) ZeroAccess trojan was cleaned successfully! Scan Finished PLEASE REBOOT IMMEDIATELY TO COMPLETE CLEANING. Other recommendations: 1. Perform full scan with McAfee VirusScan product after reboot. Press any key to exit. LG |
17.01.2013, 16:11 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Mögliche Infektion mit ZeroAccess Hm, kann ich so nicht mehr nachvollziehen, ob die shell32.dll manipuliert war oder ob sich McAfee nen Fehlalarm geleistet hat. Jetzt ist sie ja offensichtlich sauber.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Mögliche Infektion mit ZeroAccess |
aspire, infektion, kurzem, mögliche, netbook, neu, problem, rootkit, starte, system, zeroacces, zeroaccess |