|
Plagegeister aller Art und deren Bekämpfung: Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
19.02.2013, 11:25 | #1 |
| Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? Hallo zusammen, gestern hat mir Microsoft Sercurity Essentials nach einer Durchsuchung meines PC's einige Sachen rausgezogen: Code:
ATTFilter Kategorie: Trojaner Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Elemente: file:C:\Users\***\AppData\Local\Temp\tmp3e56a689\gf.exe Online weitere Informationen zu diesem Element abrufen Kategorie: Trojaner Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Elemente: file:C:\Users\***\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\@ Online weitere Informationen zu diesem Element abrufen Kategorie: Exploit Beschreibung: Dieses Programm ist gefährlich. Es nutzt die Sicherheitslücken eines Computers aus. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Elemente: file:C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6f6fac91-3310d0a8 Online weitere Informationen zu diesem Element abrufen Kategorie: Exploit Beschreibung: Dieses Programm ist gefährlich. Es nutzt die Sicherheitslücken eines Computers aus. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Elemente: file:C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6f6fac91-3310d0a8 Online weitere Informationen zu diesem Element abrufen Kategorie: Trojaner Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Elemente: file:C:\Users\***\AppData\Roaming\Adobe\plugs\mmc837413.txt Online weitere Informationen zu diesem Element abrufen Kategorie: Trojaner Beschreibung: Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus. Empfohlene Aktion: Entfernen Sie diese Software unverzüglich. Elemente: file:C:\Users\***\AppData\Local\Temp\jar_cache7779811641150060837.tmp Online weitere Informationen zu diesem Element abrufen danach habe ich Malwarebytes drüber laufen lassen, hier das Logfile das mir ausgespuckt wurde: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.18.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 18.02.2013 17:33:21 MBAM-log-2013-02-18 (17-38-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 194826 Laufzeit: 4 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\***\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\n. -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt. Infizierte Dateien: 3 C:\Users\***\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Roaming\Adobe\plugs\mmc10.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. C:\Users\***\AppData\Roaming\Adobe\plugs\mmc108.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. (Ende) Meine Frage wäre also wie ich da jetzt weiter vorgehe? Was sind das für Dinger und was bewirken die? Von irgendwelchen Veränderungen am PC merke ich nichts, funktioniert alles wie immer! Vielen Dank schon mal im Voraus für euere Hilfe! Bin leider nicht so geübt im Umgang mit digitalen Infektionen... MfG |
19.02.2013, 12:06 | #2 | |
/// TB-Ausbilder | Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? Hallo -SeaSharp- und
__________________Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist. Hinweise zum Ablauf
Ja da hast du dir etwas Unschönes eingehandelt. Zitat:
Schritt 1 Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.
Schritt 2 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Schritt 3 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ |
19.02.2013, 17:26 | #3 |
| Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? Hey, vielen Dank für die schnelle Rückmeldung!
__________________Habe alle Schritte befolgt, es sind keine Probleme aufgetreten. Hier das Log von Gmer: GMER Logfile: Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net Rootkit scan 2013-02-19 17:10:10 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JP4O 931,51GB Running: s8e0eoez.exe; Driver: C:\Users\Butz\AppData\Local\Temp\pwldqpow.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 834459E9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8347F1C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x94A20000, 0x2FBAB4, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtClose 772B54C8 5 Bytes JMP 64B1FFC0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtCreateFile 772B55C8 5 Bytes JMP 64B1EC96 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtCreateKey 772B5608 5 Bytes JMP 64B1B6DC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtDeleteFile 772B5808 5 Bytes JMP 64B1EAB3 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtDeleteKey 772B5818 5 Bytes JMP 64B1AF5D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtDeleteValueKey 772B5848 5 Bytes JMP 64B1B220 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtDuplicateObject 772B5898 5 Bytes JMP 64B20096 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtEnumerateKey 772B58E8 5 Bytes JMP 64B1B001 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtEnumerateValueKey 772B5918 5 Bytes JMP 64B1B17A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtFlushKey 772B5988 5 Bytes JMP 64B1AFAF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtNotifyChangeKey 772B5C68 5 Bytes JMP 64B1B2CE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtNotifyChangeMultipleKeys 772B5C78 5 Bytes JMP 64B1B35C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtOpenFile 772B5CD8 5 Bytes JMP 64B1EE21 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtOpenKey 772B5D08 5 Bytes JMP 64B1B5ED C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtOpenKeyEx 772B5D18 5 Bytes JMP 64B1B660 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtQueryAttributesFile 772B5F38 5 Bytes JMP 64B1EB1E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtQueryDirectoryFile 772B5F98 5 Bytes JMP 64B1D81E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtQueryFullAttributesFile 772B5FE8 5 Bytes JMP 64B1EB8E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtQueryKey 772B60E8 5 Bytes JMP 64B1B054 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtQueryMultipleValueKey 772B6108 5 Bytes JMP 64B1B27B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtQueryObject 772B6128 5 Bytes JMP 64B200EC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtQuerySecurityObject 772B61A8 5 Bytes JMP 64B20030 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtQueryValueKey 772B6248 5 Bytes JMP 64B1B127 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtRenameKey 772B63C8 5 Bytes JMP 64B1B751 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtSetInformationFile 772B6638 5 Bytes JMP 64B1EBFE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtSetInformationKey 772B6658 5 Bytes JMP 64B1B0BA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtSetSecurityObject 772B6758 5 Bytes JMP 64B20149 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ntdll.dll!NtSetValueKey 772B6808 5 Bytes JMP 64B1B1CD C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] kernel32.dll!CreateProcessW 7698204D 5 Bytes JMP 64AF8C27 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] kernel32.dll!CreateProcessA 76982082 5 Bytes JMP 64AF8D65 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] kernel32.dll!CreateProcessAsUserW 769B59FF 5 Bytes JMP 64AF8F9B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] kernel32.dll!SetDllDirectoryW 76A0D783 5 Bytes JMP 64AF977C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] kernel32.dll!SetDllDirectoryA 76A0D82C 5 Bytes JMP 64AF9AAF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] kernel32.dll!WinExec 76A0EDAE 5 Bytes JMP 64AF931E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] kernel32.dll!AllocConsole 76A2C675 5 Bytes JMP 64B21210 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] kernel32.dll!AttachConsole 76A2C743 5 Bytes JMP 64B21222 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] USER32.dll!CreateWindowExA 7681BF40 5 Bytes JMP 64B211E0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] USER32.dll!CreateWindowExW 7681EC7C 5 Bytes JMP 64B211F8 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] GDI32.dll!AddFontResourceW 763CEC13 5 Bytes JMP 64B06800 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] GDI32.dll!AddFontResourceA 763CEFA7 5 Bytes JMP 64B067E4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!EnumDependentServicesW 76771E3A 7 Bytes JMP 64B0956C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!EnumServicesStatusExW 7677B466 7 Bytes JMP 64B0A48D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!GetServiceKeyNameW 767978FF 7 Bytes JMP 64B09C13 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!GetServiceDisplayNameW 767979BB 7 Bytes JMP 64B09DC4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!EnumServicesStatusExA 7679A3E2 7 Bytes JMP 64B0A553 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!CreateProcessAsUserA 767B2538 5 Bytes JMP 64AF90DD C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!GetServiceKeyNameA 767D1B94 7 Bytes JMP 64B09CCB C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!GetServiceDisplayNameA 767D1C31 7 Bytes JMP 64B09E7C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!EnumServicesStatusA 767D2021 7 Bytes JMP 64B0A3CF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!EnumDependentServicesA 767D2104 7 Bytes JMP 64B09623 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ADVAPI32.dll!EnumServicesStatusW 767D2221 5 Bytes JMP 64B0A311 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoRegisterPSClsid 7711C56E 5 Bytes JMP 64B0FFF5 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoResumeClassObjects + 7 7711EA09 7 Bytes JMP 64B105C6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!OleRun 771207DE 5 Bytes JMP 64B10481 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoRegisterClassObject 771221E1 5 Bytes JMP 64B110F6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!OleUninitialize 7712EBA1 6 Bytes JMP 64B103A0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!OleInitialize 7712EFD7 5 Bytes JMP 64B10330 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoGetPSClsid 771326B9 5 Bytes JMP 64B1016D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoGetClassObject 771454AD 5 Bytes JMP 64B11684 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoInitializeEx 771509AD 5 Bytes JMP 64B101E0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoUninitialize 771586D3 5 Bytes JMP 64B10262 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoCreateInstance 77159D0B 5 Bytes JMP 64B12952 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoCreateInstanceEx 77159D4E 5 Bytes JMP 64B10A8D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoSuspendClassObjects + 7 7717BB09 7 Bytes JMP 64B104F1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoRevokeClassObject 7719EACF 5 Bytes JMP 64B0FA52 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!CoGetInstanceFromFile 771D340B 5 Bytes JMP 64B11B44 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\OffSpon.EXE[1016] ole32.dll!OleRegEnumFormatEtc 7721CFD9 5 Bytes JMP 64B1040B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtClose 772B54C8 5 Bytes JMP 64B1FFC0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtCreateFile 772B55C8 5 Bytes JMP 64B1EC96 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtCreateKey 772B5608 5 Bytes JMP 64B1B6DC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtDeleteFile 772B5808 5 Bytes JMP 64B1EAB3 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtDeleteKey 772B5818 5 Bytes JMP 64B1AF5D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtDeleteValueKey 772B5848 5 Bytes JMP 64B1B220 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtDuplicateObject 772B5898 5 Bytes JMP 64B20096 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtEnumerateKey 772B58E8 5 Bytes JMP 64B1B001 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtEnumerateValueKey 772B5918 5 Bytes JMP 64B1B17A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtFlushKey 772B5988 5 Bytes JMP 64B1AFAF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtNotifyChangeKey 772B5C68 5 Bytes JMP 64B1B2CE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtNotifyChangeMultipleKeys 772B5C78 5 Bytes JMP 64B1B35C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtOpenFile 772B5CD8 5 Bytes JMP 64B1EE21 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtOpenKey 772B5D08 5 Bytes JMP 64B1B5ED C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtOpenKeyEx 772B5D18 5 Bytes JMP 64B1B660 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtQueryAttributesFile 772B5F38 5 Bytes JMP 64B1EB1E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtQueryDirectoryFile 772B5F98 5 Bytes JMP 64B1D81E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtQueryFullAttributesFile 772B5FE8 5 Bytes JMP 64B1EB8E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtQueryKey 772B60E8 5 Bytes JMP 64B1B054 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtQueryMultipleValueKey 772B6108 5 Bytes JMP 64B1B27B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtQueryObject 772B6128 5 Bytes JMP 64B200EC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtQuerySecurityObject 772B61A8 5 Bytes JMP 64B20030 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtQueryValueKey 772B6248 5 Bytes JMP 64B1B127 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtRenameKey 772B63C8 5 Bytes JMP 64B1B751 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtSetInformationFile 772B6638 5 Bytes JMP 64B1EBFE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtSetInformationKey 772B6658 5 Bytes JMP 64B1B0BA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtSetSecurityObject 772B6758 5 Bytes JMP 64B20149 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ntdll.dll!NtSetValueKey 772B6808 5 Bytes JMP 64B1B1CD C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] kernel32.dll!CreateProcessW 7698204D 5 Bytes JMP 64AF8C27 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] kernel32.dll!CreateProcessA 76982082 5 Bytes JMP 64AF8D65 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] kernel32.dll!CreateProcessAsUserW 769B59FF 5 Bytes JMP 64AF8F9B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] kernel32.dll!SetUnhandledExceptionFilter 769CF4FB 5 Bytes JMP 616C856D Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSO.DLL .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] kernel32.dll!SetDllDirectoryW 76A0D783 5 Bytes JMP 64AF977C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] kernel32.dll!SetDllDirectoryA 76A0D82C 5 Bytes JMP 64AF9AAF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] kernel32.dll!WinExec 76A0EDAE 5 Bytes JMP 64AF931E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] kernel32.dll!AllocConsole 76A2C675 5 Bytes JMP 64B21210 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] kernel32.dll!AttachConsole 76A2C743 5 Bytes JMP 64B21222 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] USER32.dll!CreateWindowExA 7681BF40 5 Bytes JMP 64B211E0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] USER32.dll!CreateWindowExW 7681EC7C 5 Bytes JMP 64B211F8 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] GDI32.dll!AddFontResourceW 763CEC13 5 Bytes JMP 64B06800 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] GDI32.dll!AddFontResourceA 763CEFA7 5 Bytes JMP 64B067E4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!EnumDependentServicesW 76771E3A 7 Bytes JMP 64B0956C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!EnumServicesStatusExW 7677B466 7 Bytes JMP 64B0A48D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!GetServiceKeyNameW 767978FF 7 Bytes JMP 64B09C13 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!GetServiceDisplayNameW 767979BB 7 Bytes JMP 64B09DC4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!EnumServicesStatusExA 7679A3E2 7 Bytes JMP 64B0A553 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!CreateProcessAsUserA 767B2538 5 Bytes JMP 64AF90DD C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!GetServiceKeyNameA 767D1B94 7 Bytes JMP 64B09CCB C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!GetServiceDisplayNameA 767D1C31 7 Bytes JMP 64B09E7C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!EnumServicesStatusA 767D2021 7 Bytes JMP 64B0A3CF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!EnumDependentServicesA 767D2104 7 Bytes JMP 64B09623 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ADVAPI32.dll!EnumServicesStatusW 767D2221 5 Bytes JMP 64B0A311 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!OleLoadFromStream 77116143 5 Bytes JMP 61BFFA9A Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSO.DLL .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoRegisterPSClsid 7711C56E 5 Bytes JMP 64B0FFF5 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoResumeClassObjects + 7 7711EA09 7 Bytes JMP 64B105C6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!OleRun 771207DE 5 Bytes JMP 64B10481 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoRegisterClassObject 771221E1 5 Bytes JMP 64B110F6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!OleUninitialize 7712EBA1 6 Bytes JMP 64B103A0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!OleInitialize 7712EFD7 5 Bytes JMP 64B10330 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoGetPSClsid 771326B9 5 Bytes JMP 64B1016D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoGetClassObject 771454AD 5 Bytes JMP 64B11684 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoInitializeEx 771509AD 5 Bytes JMP 64B101E0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoUninitialize 771586D3 5 Bytes JMP 64B10262 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoCreateInstance 77159D0B 5 Bytes JMP 64B12952 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoCreateInstanceEx 77159D4E 5 Bytes JMP 64B10A8D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoSuspendClassObjects + 7 7717BB09 7 Bytes JMP 64B104F1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoRevokeClassObject 7719EACF 5 Bytes JMP 64B0FA52 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!CoGetInstanceFromFile 771D340B 5 Bytes JMP 64B11B44 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) .text Q:\140066.deu\Office14\WINWORDC.EXE[3348] ole32.dll!OleRegEnumFormatEtc 7721CFD9 5 Bytes JMP 64B1040B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation) ---- Devices - GMER 2.1 ---- Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- Processes - GMER 2.1 ---- Library Q:\140066.deu\Office14\OffSpon.EXE (*** hidden *** ) @ Q:\140066.deu\Office14\OffSpon.EXE [1016] 0x2D9A0000 Library Q:\140066.deu\Office14\msadctls.dll (*** hidden *** ) @ Q:\140066.deu\Office14\OffSpon.EXE [1016] 0x59FC0000 Library Q:\140066.deu\Office14\WINWORDC.EXE (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x2F4C0000 Library Q:\140066.deu\Office14\wwlibc.dll (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x63460000 Library Q:\140066.deu\Office14\gfx.dll (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x632B0000 Library Q:\140066.deu\Office14\oart.dll (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x5EAE0000 Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSO.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x616C0000 Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x62E90000 Library Q:\140066.deu\Office14\1031\WWINTLC.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x62D90000 Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\1031\MSOINTL.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x62A80000 Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSPTLS.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x629C0000 Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\RICHED20.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x5E990000 Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\MSORES.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x5A460000 Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\OFFICE14\USP10.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x64A10000 Library Q:\140066.deu\Office14\msproof7.dll (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x69190000 Library Q:\140066.deu\VFS\CSIDL_PROGRAM_FILES_COMMON\Microsoft Shared\PROOF\MSLID.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x64750000 Library Q:\140066.deu\OFFICE14\PROOF\MSSP7GE.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x59E30000 Library Q:\140066.deu\OFFICE14\PROOF\1031\MSGR3GE.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x58D70000 Library Q:\140066.deu\Office14\mscss7ge.dll (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x64700000 Library Q:\140066.deu\Office14\css7Data0007.dll (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x61640000 Library Q:\140066.deu\OFFICE14\PROOF\1033\MSGR3EN.DLL (*** hidden *** ) @ Q:\140066.deu\Office14\WINWORDC.EXE [3348] 0x58A50000 ---- EOF - GMER 2.1 ---- ...und hier die beiden Logs von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/19/2013 5:13:15 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Butz\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.49% Memory free 6.00 Gb Paging File | 4.74 Gb Available in Paging File | 79.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890.41 Gb Total Space | 849.87 Gb Free Space | 95.45% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 23.52 Gb Free Space | 58.80% Space Free | Partition Type: NTFS Computer Name: BUTZ-PC | User Name: Butz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013/02/19 17:12:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Butz\Downloads\OTL.exe PRC - [2013/02/18 17:46:29 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe PRC - [2013/02/07 16:01:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/05/27 17:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007/01/02 11:47:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Modules (No Company Name) ========== MOD - [2013/02/18 17:46:28 | 014,717,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_168.dll MOD - [2013/02/15 17:54:41 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/02/15 17:54:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/02/07 16:01:27 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013/01/13 17:13:03 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll MOD - [2013/01/10 20:52:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/10 20:51:43 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 20:51:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 20:51:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 20:51:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 20:51:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/05/27 20:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/05/12 14:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010/02/28 01:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007/01/02 11:47:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2013/02/07 16:01:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- I:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv) DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32) DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/05/27 18:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010/05/27 17:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2006/12/08 01:50:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2006/12/08 01:50:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=4712_2&babsrc=HP_ss&mntrId=5ef7949100000000000074f06d53c40c IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0A50410E-0AD8-4E25-82E1-2EFB5BF6040D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=4712_2&babsrc=SP_ss&mntrId=5ef7949100000000000074f06d53c40c IE - HKCU\..\SearchScopes\{73C45BF4-7CF6-42ED-84CD-510A85B13BBE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3C85B2E6-CA5B-48E0-95B8-D586642C7770&apn_sauid=D3E0C41C-2833-471C-93AA-ADE8931EEE29 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={CC9A5B2A-8D9E-45A0-9F5B-6A50A9776A5B}&mid=a210dda5304547d68648bd2b2bbf4d49-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 16:01:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 16:01:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 10:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Butz\AppData\Roaming\mozilla\Extensions [2012/11/26 18:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Butz\AppData\Roaming\mozilla\Firefox\Profiles\hk6kzvs4.default\extensions [2012/11/22 20:48:33 | 000,500,206 | ---- | M] () (No name found) -- C:\Users\Butz\AppData\Roaming\mozilla\firefox\profiles\hk6kzvs4.default\extensions\toolbar@gmx.net.xpi [2013/02/07 16:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/02/07 16:01:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/02/07 16:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions [2013/02/07 16:01:20 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@gmx.net [2013/02/07 16:01:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/29 13:08:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/19 13:38:03 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012/10/29 13:08:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/29 13:08:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/10/29 13:08:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/29 13:08:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/29 13:08:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2a99b6f7-ce04-11df-a31b-6c626d5ba4ba}\Shell - "" = AutoRun O33 - MountPoints2\{2a99b6f7-ce04-11df-a31b-6c626d5ba4ba}\Shell\AutoRun\command - "" = I:\OnSpcLCK.exe O33 - MountPoints2\{801fd1f2-465b-11e0-851e-74f06d53c40c}\Shell - "" = AutoRun O33 - MountPoints2\{801fd1f2-465b-11e0-851e-74f06d53c40c}\Shell\AutoRun\command - "" = I:\CD_Start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/18 17:53:16 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\Macromedia [2013/02/18 17:53:16 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Roaming\Adobe [2013/02/18 17:46:29 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/18 17:46:29 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/02/18 17:39:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/02/18 17:32:13 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Roaming\Malwarebytes [2013/02/18 17:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/18 17:32:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/02/18 17:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/02/18 17:31:42 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\Programs [2013/02/18 17:17:17 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013/02/18 17:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/02/18 17:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013/02/15 11:32:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/02/15 11:32:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/02/15 11:32:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/02/15 11:32:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/02/15 11:32:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/02/15 11:31:59 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/02/15 11:31:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/02/15 11:31:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/02/15 11:27:33 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/02/15 11:27:28 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013/02/15 11:27:28 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013/02/15 11:27:26 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013/02/15 11:27:25 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013/02/07 16:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/19 17:11:51 | 000,000,162 | -H-- | M] () -- C:\Users\Butz\Desktop\~$ojaner-Board.odt [2013/02/19 17:11:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/19 17:11:06 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2013/02/19 16:54:57 | 000,026,940 | ---- | M] () -- C:\Users\Butz\Desktop\Trojaner-Board.odt [2013/02/19 16:51:29 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/19 16:51:29 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/19 16:50:45 | 000,000,000 | ---- | M] () -- C:\Users\Butz\defogger_reenable [2013/02/18 17:52:33 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/02/18 17:46:29 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/02/18 17:46:29 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/02/18 17:32:06 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/16 21:59:23 | 000,001,993 | ---- | M] () -- C:\Users\Butz\Desktop\CyberLink Power2Go.lnk [2013/02/16 21:31:43 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/02/16 21:31:43 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/16 21:31:43 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/02/16 21:31:43 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/16 21:31:17 | 000,011,776 | ---- | M] () -- C:\Users\Butz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/15 17:53:33 | 000,305,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/19 17:11:51 | 000,000,162 | -H-- | C] () -- C:\Users\Butz\Desktop\~$ojaner-Board.odt [2013/02/19 16:54:54 | 000,026,940 | ---- | C] () -- C:\Users\Butz\Desktop\Trojaner-Board.odt [2013/02/19 16:50:45 | 000,000,000 | ---- | C] () -- C:\Users\Butz\defogger_reenable [2013/02/18 17:52:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/02/18 17:52:33 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/02/18 17:32:06 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/08/12 09:42:02 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/04/20 09:04:24 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2011/04/20 09:04:24 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2010/10/02 11:23:21 | 000,011,776 | ---- | C] () -- C:\Users\Butz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/02 10:10:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Butz\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\L [2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Butz\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\U [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:373E1720 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 2/19/2013 5:13:15 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Butz\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.49% Memory free 6.00 Gb Paging File | 4.74 Gb Available in Paging File | 79.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890.41 Gb Total Space | 849.87 Gb Free Space | 95.45% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 23.52 Gb Free Space | 58.80% Space Free | Partition Type: NTFS Computer Name: BUTZ-PC | User Name: Butz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03367673-EA2C-4B0D-B4CB-A15024C13C9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E121B8D-C224-4C11-97C1-AB6D42BF8F66}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1496F3F7-EFBC-46BE-ACDD-AF9F87ACBB22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{17F93039-E0FA-47E5-98D6-299B21DA7164}" = rport=139 | protocol=6 | dir=out | app=system | "{1F42DA64-2956-4462-851B-60E3B606F45B}" = rport=445 | protocol=6 | dir=out | app=system | "{23210593-D4B5-426D-9C4A-386C9BE88D7D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{233A4542-2311-4000-824A-0614808EDA58}" = lport=10243 | protocol=6 | dir=in | app=system | "{25AADFD1-5E63-418A-8AF6-8FA45351D6DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{262AA7ED-C984-4BCC-9A55-40F48AAF0D33}" = lport=139 | protocol=6 | dir=in | app=system | "{2C89F6E2-8F73-4541-98EC-AC69A5B91A70}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4ACE646C-C9C1-416D-8860-D16C32ADB32B}" = rport=10243 | protocol=6 | dir=out | app=system | "{50BC5E54-AF9E-44AA-99B1-ED9FDC036494}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{76A14684-1D21-4132-A207-D499592A0C70}" = lport=445 | protocol=6 | dir=in | app=system | "{7C74D6CD-518A-46E1-A353-636DF0C1E19C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8C2455F1-B6D2-4AAE-96C8-9F32023FDA88}" = rport=137 | protocol=17 | dir=out | app=system | "{9A36B861-EBAF-4D6C-B16F-7F9174C246D6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A48F2149-CC0F-4569-9893-12B754FA8057}" = lport=138 | protocol=17 | dir=in | app=system | "{A5CDD27F-0207-403C-83B9-7411D4F69C20}" = lport=2869 | protocol=6 | dir=in | app=system | "{A62CCF45-EB6C-419A-8671-C07DAC5B90DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AB224FD7-7B50-4625-8008-B7F2F68ABB71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D4746E1A-E760-4372-86D9-DFFFCF8DC966}" = lport=137 | protocol=17 | dir=in | app=system | "{D4DA7B4A-803B-46A9-8508-068046B9C8BE}" = rport=138 | protocol=17 | dir=out | app=system | "{F5DA69BA-6BB1-49AA-A6CA-60CC984A501A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0AE6BA05-93F2-4D0B-8BF6-4819A81B3583}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{19894A62-A006-4548-B1A9-1C97D959534E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{21500E78-FA63-4537-8B33-37D3B9FE1B8E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2C20A91C-5654-4E62-AD7F-04D89D0A1A37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{397F948C-9218-4539-AD0B-ECA5EE7CF9B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{495A7DE7-85AE-46EB-AEDC-BAD431D3D613}" = protocol=6 | dir=out | app=system | "{63CC0B04-F738-4E02-8C31-0ECFCC8B9ABF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{6CA97596-D894-4E7B-90B4-8376281DB14B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8345497E-4702-496F-9B59-46DCA1D69C57}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9059BFFE-0597-4B6D-A5E7-B80D460D1B61}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A1912181-9A2B-4AFE-9CEB-9F9B57FB3EDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A6A616D5-30A6-445E-A040-A125EC2162DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{ADD1BF8D-2AEC-4387-A1B7-CDBA4B3EE2D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BB73F38A-A6CD-4184-90E7-E0E777D76604}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{C5E4D889-2BEA-498E-9B82-DC82D82BF773}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CE4CA937-7AE6-4EF3-BAE7-2E1FDEF1C93B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8066667-BD23-498E-9EA9-7016DC7996CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F3B2A8E2-A423-4CF7-A5F4-E8B350B27933}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F572FB04-2C56-4001-8927-ADD69ED29577}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FBD3C46C-9E34-4F71-9007-91DE9D8B5F57}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{FD547BBD-EE6B-4A71-914A-B127040C3644}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "TCP Query User{25701619-AC61-4A4C-BA61-602B27ABB9A2}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "TCP Query User{4F45A347-A493-4096-85BE-95156569B5C0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{6BC5A207-B066-4AAB-A835-116C26FD2680}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{E3E0082D-1708-4105-9B69-5F8AF0673EFF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16 "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese "{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian "{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All "{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista "{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility "{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German "{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static "{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong "CCleaner" = CCleaner "ElsterFormular für Privatanwender 12.2.0.6412p" = ElsterFormular für Privatanwender "Forte Free" = Forte Free 2.0 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "IrfanView" = IrfanView (remove only) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Samsung ML-2010 Series" = Samsung ML-2010 Series "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 8/27/2012 4:17:38 AM | Computer Name = Butz-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 11.0.0.4454 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1084 Startzeit: 01cd8429010a9495 Endzeit: 28 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: 996307bb-f01f-11e1-a339-74f06d53c40c Error - 8/30/2012 5:27:07 AM | Computer Name = Butz-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 11/1/2012 10:08:37 AM | Computer Name = Butz-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 16.0.2.4680 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1370 Startzeit: 01cdb839bfd971d5 Endzeit: 16 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: 79874020-242d-11e2-9ee2-6c626d5ba4ba Error - 11/26/2012 1:17:59 PM | Computer Name = Butz-PC | Source = Windows Search Service | ID = 1019 Description = Error - 11/26/2012 1:23:57 PM | Computer Name = Butz-PC | Source = Windows Search Service | ID = 1019 Description = Error - 11/26/2012 1:33:35 PM | Computer Name = Butz-PC | Source = Windows Search Service | ID = 1019 Description = Error - 12/14/2012 8:23:31 AM | Computer Name = Butz-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 1/2/2013 2:15:15 PM | Computer Name = Butz-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Error - 1/11/2013 9:18:10 AM | Computer Name = Butz-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 17.0.1.4715 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 300 Startzeit: 01cdeffdbdfbfb61 Endzeit: 30 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe Berichts-ID: 532bba22-5bf1-11e2-bcc4-6c626d5ba4ba Error - 1/29/2013 12:10:28 PM | Computer Name = Butz-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x434 Startzeit der fehlerhaften Anwendung: 0x01cdfe3b188b4ca5 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 6565690d-6a2e-11e2-adfa-6c626d5ba4ba Error - 2/18/2013 12:20:07 PM | Computer Name = Butz-PC | Source = Application Hang | ID = 1002 Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 664 Startzeit: 01ce0df12c0a80e4 Endzeit: 29 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: [ System Events ] Error - 2/19/2013 5:55:27 AM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WajamUpdater" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 2/19/2013 10:10:26 AM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 2/19/2013 10:10:26 AM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error - 2/19/2013 10:10:28 AM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WajamUpdater" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 2/19/2013 11:44:18 AM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 2/19/2013 11:44:18 AM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error - 2/19/2013 11:44:22 AM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WajamUpdater" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 2/19/2013 12:11:16 PM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 2/19/2013 12:11:16 PM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%20 Error - 2/19/2013 12:11:17 PM | Computer Name = Butz-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WajamUpdater" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > hoffe das war soweit alles was du benötigt hast! Bin gespannt auf deine Antwort! MfG |
19.02.2013, 18:03 | #4 | ||
/// TB-Ausbilder | Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? Hi, Zitat:
Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
20.02.2013, 15:42 | #5 |
| Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? gesagt - getan! 1. hier das AdwCleaner Logfile: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 20/02/2013 um 15:10:03 erstellt # Aktualisiert am 10/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : Butz - BUTZ-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Butz\Desktop\adwcleaner0.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : WajamUpdater ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml Ordner Gelöscht : C:\Program Files\Optimizer Pro Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\Butz\AppData\Local\Wajam ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} Schlüssel Gelöscht : HKLM\Software\Wajam Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=109958&tt=4712_2&babsrc=HP_ss&mntrId=5ef7949100000000000074f06d53c40c --> hxxp://www.google.com -\\ Mozilla Firefox v18.0.2 (de) Datei : C:\Users\Butz\AppData\Roaming\Mozilla\Firefox\Profiles\hk6kzvs4.default\prefs.js C:\Users\Butz\AppData\Roaming\Mozilla\Firefox\Profiles\hk6kzvs4.default\user.js ... Gelöscht ! Gelöscht : user_pref("extensions.BabylonToolbar.admin", false); Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false); Gelöscht : user_pref("extensions.BabylonToolbar.id", "5ef7949100000000000074f06d53c40c"); Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15663"); Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...] Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8"); Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8"); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109958&tt=4712_[...] Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.813:38:32"); ************************* AdwCleaner[S1].txt - [5113 octets] - [20/02/2013 15:10:03] ########## EOF - C:\AdwCleaner[S1].txt - [5173 octets] ########## 2. Das ComboFix Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 13-02-18.02 - Butz 20.02.2013 15:19:15.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.2106 [GMT 1:00] ausgeführt von:: c:\users\Butz\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-20 bis 2013-02-20 )))))))))))))))))))))))))))))) . . 2013-02-20 14:22 . 2013-02-20 14:23 -------- d-----w- c:\users\Butz\AppData\Local\temp 2013-02-20 14:22 . 2013-02-20 14:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-20 14:11 . 2013-02-20 14:11 60872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCBBB36B-DDFC-4B50-A905-293FF91C61A4}\offreg.dll 2013-02-20 13:33 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FCBBB36B-DDFC-4B50-A905-293FF91C61A4}\mpengine.dll 2013-02-20 13:25 . 2013-02-20 13:25 -------- d-----w- c:\users\Butz\AppData\Local\Adobe 2013-02-18 16:59 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-18 16:53 . 2013-02-18 16:53 -------- d-----w- c:\users\Butz\AppData\Local\Macromedia 2013-02-18 16:46 . 2013-02-18 16:46 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-18 16:46 . 2013-02-18 16:46 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-18 16:32 . 2013-02-18 16:32 -------- d-----w- c:\users\Butz\AppData\Roaming\Malwarebytes 2013-02-18 16:32 . 2013-02-18 16:32 -------- d-----w- c:\programdata\Malwarebytes 2013-02-18 16:32 . 2013-02-18 16:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-02-18 16:32 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-18 16:31 . 2013-02-18 16:31 -------- d-----w- c:\users\Butz\AppData\Local\Programs 2013-02-18 16:17 . 2013-02-18 16:22 -------- d-----w- C:\sh4ldr 2013-02-18 16:17 . 2013-02-18 16:17 -------- d-----w- c:\program files\Enigma Software Group 2013-02-18 16:16 . 2013-02-18 16:22 -------- d-----w- c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP 2013-02-18 16:16 . 2013-02-18 16:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2013-02-15 10:32 . 2013-01-08 22:42 149528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-02-15 10:32 . 2013-01-08 21:58 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-15 10:32 . 2013-01-08 21:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-15 10:32 . 2013-01-08 22:00 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2013-02-15 10:32 . 2013-01-08 22:00 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2013-02-15 10:32 . 2013-01-08 21:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-15 10:31 . 2013-01-08 22:11 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-15 10:31 . 2013-01-08 22:03 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-15 10:31 . 2013-01-08 22:05 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-02-15 10:31 . 2013-01-08 22:04 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-02-15 10:31 . 2013-01-08 22:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-15 10:31 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-15 10:27 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-02-15 10:27 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-15 10:27 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-15 10:27 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-15 10:27 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-15 10:27 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-30 10:53 . 2010-06-29 13:41 232336 ------w- c:\windows\system32\MpSigStub.exe 2012-12-29 13:24 . 2012-12-29 13:24 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C263AE13-A17D-49DD-9C91-459AC42CF669}\gapaengine.dll 2012-12-16 14:13 . 2012-12-22 12:28 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 12:28 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-07 12:26 . 2013-01-09 15:45 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20 . 2013-01-09 15:45 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 10:46 . 2013-01-09 15:45 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 10:46 . 2013-01-09 15:45 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 10:46 . 2013-01-09 15:45 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 15:45 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 15:45 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 15:45 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 10:46 . 2013-01-09 15:45 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 15:45 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 10:46 . 2013-01-09 15:45 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 10:46 . 2013-01-09 15:45 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 10:46 . 2013-01-09 15:45 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 10:46 . 2013-01-09 15:45 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 10:46 . 2013-01-09 15:45 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 10:46 . 2013-01-09 15:45 51712 ----a-w- c:\windows\system32\esrb.rs 2012-11-30 04:47 . 2013-01-09 15:46 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 04:45 . 2013-01-09 15:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 02:55 . 2013-01-09 15:46 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38 . 2013-01-09 15:46 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38 . 2013-01-09 15:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38 . 2013-01-09 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38 . 2013-01-09 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-23 02:48 . 2013-01-09 15:45 49152 ----a-w- c:\windows\system32\taskhost.exe 2013-02-07 15:01 . 2013-02-07 15:01 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-02 520192] "hp Update 3300C"="c:\sj650\hpupdate.exe" [2002-01-31 32768] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 uxddrv;Dynamically loaded UxdDrv;i:\diagnose\WSTGER32\2PART\uxddrv86.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] . . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Butz\AppData\Roaming\Mozilla\Firefox\Profiles\hk6kzvs4.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-BsScanner . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-20 15:24:47 ComboFix-quarantined-files.txt 2013-02-20 14:24 . Vor Suchlauf: 8 Verzeichnis(se), 912.637.857.792 Bytes frei Nach Suchlauf: 12 Verzeichnis(se), 912.626.946.048 Bytes frei . - - End Of File - - AD4BADFFFB73FA84AF9570D500A95F5F ...und 3. das OTL Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/20/2013 3:28:38 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Butz\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.83% Memory free 6.00 Gb Paging File | 4.80 Gb Available in Paging File | 80.11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890.41 Gb Total Space | 850.02 Gb Free Space | 95.46% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 23.52 Gb Free Space | 58.80% Space Free | Partition Type: NTFS Computer Name: BUTZ-PC | User Name: Butz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/19 17:12:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Butz\Downloads\OTL.exe PRC - [2013/02/18 17:46:29 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe PRC - [2013/02/07 16:01:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/05/27 17:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007/01/02 11:47:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Modules (No Company Name) ========== MOD - [2013/02/18 17:46:28 | 014,717,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_168.dll MOD - [2013/02/15 17:54:41 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/02/15 17:54:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/02/07 16:01:27 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013/01/13 17:13:03 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll MOD - [2013/01/10 20:52:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/10 20:51:43 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 20:51:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 20:51:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 20:51:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 20:51:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/05/27 20:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/05/12 14:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007/01/02 11:47:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Services (SafeList) ========== SRV - [2013/02/07 16:01:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- I:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Butz\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32) DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/05/27 18:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010/05/27 17:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2006/12/08 01:50:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2006/12/08 01:50:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes\{0A50410E-0AD8-4E25-82E1-2EFB5BF6040D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes\{73C45BF4-7CF6-42ED-84CD-510A85B13BBE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3C85B2E6-CA5B-48E0-95B8-D586642C7770&apn_sauid=D3E0C41C-2833-471C-93AA-ADE8931EEE29 IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 16:01:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 16:01:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 10:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Butz\AppData\Roaming\mozilla\Extensions [2012/11/26 18:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Butz\AppData\Roaming\mozilla\Firefox\Profiles\hk6kzvs4.default\extensions [2012/11/22 20:48:33 | 000,500,206 | ---- | M] () (No name found) -- C:\Users\Butz\AppData\Roaming\mozilla\firefox\profiles\hk6kzvs4.default\extensions\toolbar@gmx.net.xpi [2013/02/07 16:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/02/07 16:01:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/02/07 16:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions [2013/02/07 16:01:20 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@gmx.net [2013/02/07 16:01:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/29 13:08:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/29 13:08:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/29 13:08:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/10/29 13:08:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/29 13:08:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/29 13:08:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013/02/20 15:23:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/20 15:24:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/20 15:24:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/20 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\temp [2013/02/20 15:17:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/02/20 15:17:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/02/20 15:17:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/02/20 15:17:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/20 15:17:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/02/20 15:13:58 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Butz\Desktop\ComboFix.exe [2013/02/20 14:25:29 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\Adobe [2013/02/18 17:53:16 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\Macromedia [2013/02/18 17:53:16 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Roaming\Adobe [2013/02/18 17:39:48 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013/02/18 17:32:13 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Roaming\Malwarebytes [2013/02/18 17:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/18 17:32:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/02/18 17:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/02/18 17:31:42 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\Programs [2013/02/18 17:17:17 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013/02/18 17:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/02/18 17:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013/02/07 16:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/20 15:26:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/20 15:26:33 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2013/02/20 15:23:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/02/20 15:19:02 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/20 15:19:02 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/20 15:14:31 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Butz\Desktop\ComboFix.exe [2013/02/20 15:08:28 | 000,587,671 | ---- | M] () -- C:\Users\Butz\Desktop\adwcleaner0.exe [2013/02/19 16:54:57 | 000,026,940 | ---- | M] () -- C:\Users\Butz\Desktop\Trojaner-Board.odt [2013/02/19 16:50:45 | 000,000,000 | ---- | M] () -- C:\Users\Butz\defogger_reenable [2013/02/18 17:52:33 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/02/18 17:32:06 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/16 21:59:23 | 000,001,993 | ---- | M] () -- C:\Users\Butz\Desktop\CyberLink Power2Go.lnk [2013/02/16 21:31:43 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/02/16 21:31:43 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/16 21:31:43 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/02/16 21:31:43 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/16 21:31:17 | 000,011,776 | ---- | M] () -- C:\Users\Butz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/15 17:53:33 | 000,305,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/20 15:17:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/02/20 15:17:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/02/20 15:17:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/02/20 15:17:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/02/20 15:17:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/02/20 15:08:24 | 000,587,671 | ---- | C] () -- C:\Users\Butz\Desktop\adwcleaner0.exe [2013/02/19 16:54:54 | 000,026,940 | ---- | C] () -- C:\Users\Butz\Desktop\Trojaner-Board.odt [2013/02/19 16:50:45 | 000,000,000 | ---- | C] () -- C:\Users\Butz\defogger_reenable [2013/02/18 17:52:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/02/18 17:52:33 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/02/18 17:32:06 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/08/12 09:42:02 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/04/20 09:04:24 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2011/04/20 09:04:24 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2010/10/02 11:23:21 | 000,011,776 | ---- | C] () -- C:\Users\Butz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/02 10:10:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Butz\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\L [2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Butz\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\U [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/04/20 09:14:00 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\elsterformular [2010/10/02 10:39:24 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\IrfanView [2013/01/12 13:28:17 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\Naeh [2010/10/02 10:25:40 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\OpenOffice.org [2013/02/19 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\SoftGrid Client [2010/10/02 11:10:18 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\TP [2012/12/12 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\TuneUp Software [2013/01/14 18:09:04 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\Vaydb [2012/11/19 13:41:54 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\XMedia Recode [2013/01/11 14:16:58 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\Yspie ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:373E1720 < End of report > Alles ohne Probleme abgelaufen, vielen vielen Dank bereits jetzt schon für die Bemühungen!! Bin ich mittlerweile wieder Infektionsfrei? Und wenn ja, wo genau lag der Hund begraben?? MfG |
20.02.2013, 16:05 | #6 | ||
/// TB-Ausbilder | Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? Hi, Zitat:
Zitat:
Auf jeden Fall sind diese ungebetenen Gäste nicht unbedingt harmloser Natur, deshalb: Warnung: Infostealer Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Schritt 1
Code:
ATTFilter :OTL [2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Butz\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\L [2011/11/17 06:38:39 | 000,000,000 | -HSD | M] -- C:\Users\Butz\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\U @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:373E1720 [2013/02/18 17:17:17 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013/02/18 17:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013/02/18 17:16:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013/01/12 13:28:17 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\Naeh [2013/01/14 18:09:04 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\Vaydb [2013/01/11 14:16:58 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\Yspie :files c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP :commands [emptytemp]
Schritt 2 Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinen Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers. Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? |
21.02.2013, 17:43 | #7 |
| Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? hm okay, wäre mir nie in den Sinn gekommen das Java die Wurzel des Problems sein könnte Noch ne andere Frage: In der Quarantäne von Malwarebytes & Microsoft Internet Security liegen ja noch immer die Daten, welche als erstes rausgezogen wurden (sprich die Sachen aus meinem allerersten Post). Bleiben die schlussendlich da? Ansonsten hier erstmal der Fixlog von OTL: Code:
ATTFilter All processes killed ========== OTL ========== C:\Users\Butz\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\L folder moved successfully. C:\Users\Butz\AppData\Local\{25acc865-1727-95dc-b988-8bd5cdec6c00}\U folder moved successfully. ADS C:\ProgramData\Temp:373E1720 deleted successfully. C:\sh4ldr folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\mon folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Downloads folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Defs folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully. C:\Program Files\Enigma Software Group folder moved successfully. C:\Program Files\Common Files\Wise Installation Wizard folder moved successfully. C:\Users\Butz\AppData\Roaming\Naeh folder moved successfully. C:\Users\Butz\AppData\Roaming\Vaydb folder moved successfully. C:\Users\Butz\AppData\Roaming\Yspie folder moved successfully. ========== FILES ========== c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Butz ->Temp folder emptied: 187964 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 2420463 bytes ->FireFox cache emptied: 172149266 bytes ->Flash cache emptied: 1576 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10884 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 167.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02212013_170920 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Malwarebytes Anti-Rootkit hat nach dem Scan keine Funde angezeigt, deshalb auch kein Log an dieser Stelle! Zum Schluß der von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/21/2013 5:29:19 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Butz\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.78% Memory free 6.00 Gb Paging File | 4.73 Gb Available in Paging File | 78.94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890.41 Gb Total Space | 850.16 Gb Free Space | 95.48% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 23.52 Gb Free Space | 58.80% Space Free | Partition Type: NTFS Computer Name: BUTZ-PC | User Name: Butz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/02/19 17:12:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Butz\Downloads\OTL.exe PRC - [2013/02/07 16:01:46 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/05/27 17:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2007/01/02 11:47:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Modules (No Company Name) ========== MOD - [2013/02/15 17:54:41 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/02/15 17:54:29 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013/02/07 16:01:27 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013/01/13 17:13:03 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll MOD - [2013/01/10 20:52:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/10 20:51:43 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/10 20:51:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013/01/10 20:51:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/10 20:51:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013/01/10 20:51:23 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/10 20:51:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/05/27 20:40:48 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010/05/12 14:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007/01/02 11:47:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe ========== Services (SafeList) ========== SRV - [2013/02/07 16:01:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/05/27 17:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- I:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Butz\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32) DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/05/27 18:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010/05/27 17:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2006/12/08 01:50:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT) DRV - [2006/12/08 01:50:42 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes\{0A50410E-0AD8-4E25-82E1-2EFB5BF6040D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\..\SearchScopes\{73C45BF4-7CF6-42ED-84CD-510A85B13BBE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=3C85B2E6-CA5B-48E0-95B8-D586642C7770&apn_sauid=D3E0C41C-2833-471C-93AA-ADE8931EEE29 IE - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 16:01:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/07 16:01:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/16 10:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Butz\AppData\Roaming\mozilla\Extensions [2012/11/26 18:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Butz\AppData\Roaming\mozilla\Firefox\Profiles\hk6kzvs4.default\extensions [2012/11/22 20:48:33 | 000,500,206 | ---- | M] () (No name found) -- C:\Users\Butz\AppData\Roaming\mozilla\firefox\profiles\hk6kzvs4.default\extensions\toolbar@gmx.net.xpi [2013/02/07 16:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2013/02/07 16:01:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/02/07 16:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions [2013/02/07 16:01:20 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\mozilla firefox\distribution\extensions\toolbar@gmx.net [2013/02/21 17:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\extensions [2013/02/21 17:25:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/02/21 17:25:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\updated\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/02/21 17:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\updated\distribution\extensions [2013/02/21 17:25:31 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files\mozilla firefox\updated\distribution\extensions\toolbar@gmx.net [2013/02/07 16:01:47 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/10/29 13:08:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/29 13:08:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/10/29 13:08:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012/10/29 13:08:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/29 13:08:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/29 13:08:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013/02/20 15:23:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3144256395-505321586-1285412644-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/02/21 17:15:05 | 000,000,000 | ---D | C] -- C:\Users\Butz\Desktop\mbar-1.01.0.1020 [2013/02/21 17:09:20 | 000,000,000 | ---D | C] -- C:\_OTL [2013/02/20 15:24:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/02/20 15:24:49 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/02/20 15:24:49 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\temp [2013/02/20 15:17:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/02/20 15:17:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/02/20 15:17:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/02/20 15:17:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/02/20 15:17:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/02/20 15:13:58 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Butz\Desktop\ComboFix.exe [2013/02/20 14:25:29 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\Adobe [2013/02/18 17:53:16 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\Macromedia [2013/02/18 17:53:16 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Roaming\Adobe [2013/02/18 17:32:13 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Roaming\Malwarebytes [2013/02/18 17:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/18 17:32:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/02/18 17:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/02/18 17:31:42 | 000,000,000 | ---D | C] -- C:\Users\Butz\AppData\Local\Programs [2013/02/07 16:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013/02/21 17:17:56 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/21 17:17:56 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/21 17:14:17 | 013,711,621 | ---- | M] () -- C:\Users\Butz\Desktop\mbar-1.01.0.1020.zip [2013/02/21 17:10:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/21 17:10:29 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2013/02/20 15:23:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/02/20 15:14:31 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Butz\Desktop\ComboFix.exe [2013/02/20 15:08:28 | 000,587,671 | ---- | M] () -- C:\Users\Butz\Desktop\adwcleaner0.exe [2013/02/19 16:54:57 | 000,026,940 | ---- | M] () -- C:\Users\Butz\Desktop\Trojaner-Board.odt [2013/02/19 16:50:45 | 000,000,000 | ---- | M] () -- C:\Users\Butz\defogger_reenable [2013/02/18 17:52:33 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/02/18 17:32:06 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/02/16 21:59:23 | 000,001,993 | ---- | M] () -- C:\Users\Butz\Desktop\CyberLink Power2Go.lnk [2013/02/16 21:31:43 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013/02/16 21:31:43 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/02/16 21:31:43 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013/02/16 21:31:43 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/02/16 21:31:17 | 000,011,776 | ---- | M] () -- C:\Users\Butz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/02/15 17:53:33 | 000,305,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/02/21 17:12:56 | 013,711,621 | ---- | C] () -- C:\Users\Butz\Desktop\mbar-1.01.0.1020.zip [2013/02/20 15:17:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/02/20 15:17:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/02/20 15:17:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/02/20 15:17:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/02/20 15:17:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/02/20 15:08:24 | 000,587,671 | ---- | C] () -- C:\Users\Butz\Desktop\adwcleaner0.exe [2013/02/19 16:54:54 | 000,026,940 | ---- | C] () -- C:\Users\Butz\Desktop\Trojaner-Board.odt [2013/02/19 16:50:45 | 000,000,000 | ---- | C] () -- C:\Users\Butz\defogger_reenable [2013/02/18 17:52:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/02/18 17:52:33 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/02/18 17:32:06 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011/08/12 09:42:02 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011/04/20 09:04:24 | 000,306,688 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll [2011/04/20 09:04:24 | 000,095,232 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll [2010/10/02 11:23:21 | 000,011,776 | ---- | C] () -- C:\Users\Butz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/02 10:10:06 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/04/20 09:14:00 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\elsterformular [2010/10/02 10:39:24 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\IrfanView [2010/10/02 10:25:40 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\OpenOffice.org [2013/02/19 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\SoftGrid Client [2010/10/02 11:10:18 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\TP [2012/12/12 19:53:48 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\TuneUp Software [2012/11/19 13:41:54 | 000,000,000 | ---D | M] -- C:\Users\Butz\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > Danke & beste Grüße |
21.02.2013, 23:15 | #8 | ||
/// TB-Ausbilder | Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? Hallo, Zitat:
Die bekanntgewordenen Lücken werden jeweils durch Updates geschlossen. Alte Versionen wie beispielsweise das bei dir installierte Java(TM) 6 Update 16 sind aber voller Löcher und so zu surfen ist sehr riskant. Wir kümmern uns dann im nächsten Schritt noch darum. Zitat:
Man sollte immer mit Quarantäne arbeiten, denn Antivirenprogramme produzieren auch manchmal Fehlalarme (false positives) und wenn du so etwas Legitimes direkt löschst und nicht in Quarantäne verschiebst, dann ist es weg und nicht mehr direkt wiederherstellbar. Schritt 1
Schritt 2 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 3 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
23.02.2013, 16:51 | #9 |
| Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? ok, also Malwarebytes hat nichts gefunden, trotzdem hier der Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.23.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Butz :: BUTZ-PC [Administrator] 23.02.2013 12:39:10 mbam-log-2013-02-23 (12-39-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 198717 Laufzeit: 3 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Der ESET Online Scanner hat keine Funde angezeigt! Zum Schluß der Log von SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 CCleaner Java(TM) 6 Update 16 Java(TM) 6 Update 33 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.6.602.168 Adobe Reader 9 Adobe Reader XI Mozilla Firefox (19.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Alles klar, dann warte ich jetzt auf deine Instruktionen, um das Problem mit den alten Versionen von Java ect. zu beheben! Danke & beste Grüße |
23.02.2013, 21:08 | #10 |
/// TB-Ausbilder | Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? Hi, gut, das sieht jetzt besser aus. Kümmere dich noch um die veraltete Software und dann räumen wir auf. Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall CCleaner. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Schritt 1 Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware zur Infizierung per Drive-by Download missbraucht werden können. Die aktuelle Version ist Java 7 Update 15.
Überleg dir also, ob du eine Java-Installation wirklich brauchst. Falls du Java weiterhin verwenden möchtest, dann:
Überprüfe dann mit diesem Plugin-Check, ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls. Schritt 2 Starte defogger und drücke den Button Re-enable. Schritt 3 Bitte deaktiviere jetzt temporär das Antiviren-Programm, evtl. vorhandenes Skript-Blocking und Antimalware-Programme. Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen Fenster Code:
ATTFilter Combofix /Uninstall Du kannst die eben deaktivierten Programme nun wieder einschalten. Schritt 4 Den ESET Online Scanner kannst du behalten, um ab und zu für eine Zweitmeinung dein System damit zu scannen. Falls du ESET aber deinstallieren möchtest, dann: Drücke bitte die + R Taste, kopiere folgenden Text in das Ausführen Fenster Code:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe" Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus. Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und Software Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-Software Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im Internet Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine Hinweise Abschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.
__________________ cheers, Leo |
25.02.2013, 19:29 | #11 |
| Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? Perfekt, vielen Dank für die freundliche Unterstützung!! Für den einwandfreien Service werde ich mich auf jedenfall mit einer kleinen Spende bedanken! Die letzten Tipps werde ich, soweit mir möglich, befolgen und hoffe das ich so ein Problem in nächster Zeit nicht mehr wieder bekomme DANKE für alles! |
25.02.2013, 19:40 | #12 |
/// TB-Ausbilder | Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? Danke für die Rückmeldung. Und im Namen des Teams bedank ich mich schon mal für die Spende. Freut mich, dass wir helfen konnten. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
Themen zu Trojaner gefunden (Trojan.Spyeyes,Trojan.Agent.Gen...): wie gehe ich vor? |
adobe, anti-malware, appdata, autostart, cache, code, dateien, entfernen, explorer, frage, funktioniert, hilfe!, java, logfile, malwarebytes, microsoft, programm, recycle.bin, roaming, rojaner gefunden, sicherheitslücke, software, speicher, temp, tmp, trojan.agent.ge, trojaner |